Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help me remove this


  • This topic is locked This topic is locked
17 replies to this topic

#1 _The_Nothing_

_The_Nothing_

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 17 March 2010 - 04:03 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:53 AM, on 3/17/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Process Hacker\ProcessHacker.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\leave me alone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLVI0HT6\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Process Hacker] "C:\Program Files\Process Hacker\ProcessHacker.exe" -m
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files\HP\QuickPlay\QPService.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files\Internet Explorer\iexplore.exe -restart /WERRESTART
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7686 bytes




attachment is from threatexperts memory scan

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 20 March 2010 - 11:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 20 March 2010 - 01:25 PM

OTL logfile created on: 3/20/2010 12:19:20 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 93.64 Gb Free Space | 67.52% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.73 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.51 Gb Free Space | 6.86% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/20 12:18:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
PRC - [2010/03/09 17:09:24 | 001,186,016 | ---- | M] (Greais Software) -- C:\Program Files\UnHackMe\GWebUpdate.exe
PRC - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2010/01/15 22:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/22 15:38:24 | 000,594,144 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/08/21 03:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/20 12:18:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/20 00:59:50 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/03/18 19:54:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100319.041\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/18 19:54:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/18 19:54:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100319.041\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/12 14:33:20 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/03/11 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/11 02:28:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/11 02:28:01 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/05 19:55:08 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100312.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/01/20 16:03:40 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/20 16:03:40 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/20 16:03:40 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/01/20 16:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/20 16:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/20 16:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/20 16:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/20 16:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/12/29 22:09:06 | 000,059,904 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker\kprocesshacker.sys -- (KProcessHacker)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 22:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/17 07:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/04/20 06:26:14 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/20 06:26:14 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/20 06:26:14 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/12/20 03:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/29 08:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-151925211-960758612-2286447814-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.1


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/20 11:37:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/11 03:21:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/14 16:28:16 | 000,000,000 | ---D | M]

[2010/03/11 03:23:05 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Extensions
[2010/03/20 01:11:50 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions
[2010/03/13 03:51:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 03:02:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/15 03:02:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/20 11:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-151925211-960758612-2286447814-1000..\Run: [Process Hacker] C:\Program Files\Process Hacker\ProcessHacker.exe (wj32)
O4 - HKU\S-1-5-21-151925211-960758612-2286447814-1000..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-151925211-960758612-2286447814-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.180.99.2 216.180.122.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-151925211-960758612-2286447814-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/14 00:29:38 | 000,000,016 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PCTAVSvc -
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: SymEFA.sys - C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PCTAVSvc -
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: SymEFA.sys - C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS (Symantec Corporation)
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 12:18:06 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/20 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\dwhelper
[2010/03/20 03:39:21 | 000,472,064 | ---- | C] ( ) -- C:\Users\leave me alone\Desktop\RootRepeal.exe
[2010/03/20 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/20 03:15:41 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/03/20 03:15:41 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Simply Super Software
[2010/03/20 02:55:47 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Adobe
[2010/03/19 14:56:04 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/03/19 03:42:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/19 03:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/19 02:29:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\PC Tools
[2010/03/19 01:04:10 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Lunarsoft
[2010/03/19 01:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2010/03/18 14:10:28 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Uniblue
[2010/03/18 14:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/03/18 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\WinRAR
[2010/03/18 14:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/17 12:53:53 | 000,206,256 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/17 12:53:53 | 000,086,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/17 12:53:40 | 000,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\Windows\System32\drivers\AVHook.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\Windows\System32\drivers\AVFilter.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\Windows\System32\drivers\AVRec.sys
[2010/03/17 12:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/17 12:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2010/03/17 02:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2010/03/16 18:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/03/16 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/03/16 13:45:42 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/03/16 13:45:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/03/16 13:45:39 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/03/16 13:44:37 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/03/16 13:44:35 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/03/16 13:44:32 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/03/16 13:44:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/03/16 13:44:30 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/03/16 13:44:30 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/03/16 13:44:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/03/16 13:44:29 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/03/16 13:44:29 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/03/16 13:44:29 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/03/16 13:44:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/03/16 13:44:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/03/16 13:44:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/03/16 13:44:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/03/16 13:44:25 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/03/16 13:44:25 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/03/16 13:44:25 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/03/16 13:44:25 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/03/16 13:44:24 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/03/16 13:44:24 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/03/16 13:44:24 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/03/16 13:44:24 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/03/16 13:44:24 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/03/16 13:44:24 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/03/16 13:44:24 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/03/16 13:39:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/03/16 13:39:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/03/16 13:39:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/03/16 13:39:45 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/03/16 13:39:45 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/03/16 13:39:45 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/03/16 13:39:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/03/16 13:39:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/03/16 13:39:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/03/16 13:38:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/03/16 13:38:12 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/03/16 13:31:02 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\ElevatedDiagnostics
[2010/03/16 13:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/03/16 13:19:13 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/16 13:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/03/16 13:19:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/03/16 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/03/16 01:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/16 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/03/16 01:45:31 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/03/16 01:45:29 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/03/16 01:45:28 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/03/16 01:45:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/03/16 01:45:27 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/03/16 01:45:26 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/03/16 01:45:25 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/03/16 01:45:24 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/03/16 01:45:23 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/03/16 01:45:22 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/03/16 01:45:20 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/03/16 01:45:19 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/03/16 01:45:19 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/03/16 01:45:19 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/03/16 01:45:18 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/03/16 01:45:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/03/16 01:45:16 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/03/16 01:45:16 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/03/16 01:45:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/03/16 01:45:15 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/03/16 01:45:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/03/16 01:45:13 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/03/16 01:45:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/03/16 01:45:12 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/03/16 01:45:12 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/03/16 01:45:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/03/16 01:45:10 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/03/16 01:45:10 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/03/16 01:45:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/03/16 01:45:09 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/03/16 01:45:09 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/03/16 01:45:09 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/03/16 01:45:09 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/03/16 01:45:09 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/03/16 01:45:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/03/16 01:45:07 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/03/16 01:45:06 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/03/16 01:45:05 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/03/16 01:45:05 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/03/16 01:45:04 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/03/16 01:45:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/03/16 01:45:04 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/03/16 01:45:03 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/03/16 01:45:03 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/03/16 01:45:03 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/03/16 01:45:03 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/03/16 01:45:03 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/03/16 01:45:02 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/03/16 01:45:02 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/03/16 01:45:02 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/03/16 01:45:02 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/03/16 01:45:01 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/03/16 01:45:01 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/03/16 01:45:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/03/16 01:45:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/03/16 01:45:01 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/03/16 01:45:00 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/03/16 01:45:00 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/03/16 01:45:00 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/03/16 01:44:59 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/03/16 01:44:59 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/03/16 01:44:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/03/16 01:44:59 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/03/16 01:44:58 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/03/16 01:44:58 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/03/16 01:44:58 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/03/16 01:44:58 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/03/16 01:44:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/03/16 01:44:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/03/16 01:44:57 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/03/16 01:44:57 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/03/16 01:44:56 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/03/16 01:44:56 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/03/16 01:44:56 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/03/16 01:44:56 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/03/16 01:44:56 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/03/16 01:44:55 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/16 01:44:55 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/03/16 01:44:55 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/03/16 01:44:55 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/03/16 01:44:54 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/03/16 01:44:54 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/03/16 01:44:54 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/03/16 01:44:54 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/03/16 01:44:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/03/16 01:44:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/03/16 01:44:53 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/03/16 01:44:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/03/16 01:44:52 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/03/16 01:44:52 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/03/16 01:44:51 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/03/16 01:44:51 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/03/16 01:44:51 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/03/16 01:44:49 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/03/16 01:44:49 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/03/16 01:44:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/03/16 01:44:48 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/03/16 01:44:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/03/16 01:44:46 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/03/16 01:44:46 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/03/16 01:44:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/03/16 01:44:46 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/03/16 01:44:46 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/03/16 01:44:45 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/03/16 01:44:45 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/03/16 01:44:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/03/16 01:44:44 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/03/16 01:44:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/03/16 01:44:44 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/03/16 01:44:43 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/03/16 01:44:42 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/03/16 01:44:42 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/03/16 01:44:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/03/16 01:44:42 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/03/16 01:44:42 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/03/16 01:44:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/03/16 01:44:42 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/03/16 01:44:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/03/16 01:44:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/03/16 01:44:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/03/16 01:44:41 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/03/16 01:44:41 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/03/16 01:44:40 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/03/16 01:44:40 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/03/16 01:44:40 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/03/16 01:44:40 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/03/16 01:44:40 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/03/16 01:44:40 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/03/16 01:44:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/03/16 01:44:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/03/16 01:44:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/03/16 01:44:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/03/16 01:44:40 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/03/16 01:44:39 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/03/16 01:44:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/03/16 01:44:39 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/03/16 01:44:39 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/03/16 01:44:39 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/03/16 01:44:39 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/03/16 01:44:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/03/16 01:44:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/03/16 01:44:39 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/03/16 01:44:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/03/16 01:44:38 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/03/16 01:44:38 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/03/16 01:44:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/03/16 01:44:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/03/16 01:44:38 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/03/16 01:44:38 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/03/16 01:44:38 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/03/16 01:44:37 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/03/16 01:44:37 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/03/16 01:44:37 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/03/16 01:44:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/03/16 01:44:37 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/03/16 01:44:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/03/16 01:44:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/03/16 01:44:36 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/03/16 01:44:36 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/03/16 01:44:36 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/03/16 01:44:35 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/03/16 01:44:35 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/03/16 01:44:35 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/03/16 01:44:35 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/03/16 01:44:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/03/16 01:44:35 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/03/16 01:44:35 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/03/16 01:44:35 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/03/16 01:44:35 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/03/16 01:44:34 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/03/16 01:44:34 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/03/16 01:44:33 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/03/16 01:44:33 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/03/16 01:44:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/03/16 01:44:33 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/03/16 01:44:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/03/16 01:44:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/03/16 01:44:32 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/03/16 01:44:32 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/03/16 01:44:32 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/03/16 01:44:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/03/16 01:44:32 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/03/16 01:44:32 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/03/16 01:44:32 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/03/16 01:44:31 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/03/16 01:44:31 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/03/16 01:44:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/03/16 01:44:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/03/16 01:44:31 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/03/16 01:44:30 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/03/16 01:44:30 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/03/16 01:44:30 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/03/16 01:44:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/03/16 01:44:30 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/03/16 01:44:30 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/03/16 01:44:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/03/16 01:44:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/03/16 01:44:30 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/03/16 01:44:30 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/03/16 01:44:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/03/16 01:44:29 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/03/16 01:44:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/03/16 01:44:29 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/03/16 01:44:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/03/16 01:44:28 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/03/16 01:44:28 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/03/16 01:44:28 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/03/16 01:44:28 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/03/16 01:44:28 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/03/16 01:44:28 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/03/16 01:44:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/03/16 01:44:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/03/16 01:44:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/03/16 01:44:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/03/16 01:44:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/03/16 01:44:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/03/16 01:44:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/03/16 01:44:27 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/03/16 01:44:27 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/03/16 01:44:27 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/03/16 01:44:27 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/03/16 01:44:27 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/03/16 01:44:27 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/03/16 01:44:27 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/03/16 01:44:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/03/16 01:44:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/03/16 01:44:27 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/03/16 01:44:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/03/16 01:44:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/03/16 01:44:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/03/16 01:44:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/03/16 01:44:26 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/03/16 01:44:26 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/03/16 01:44:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/03/16 01:44:25 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/03/16 01:44:25 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/03/16 01:44:25 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/03/16 01:44:25 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/03/16 01:44:25 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/03/16 01:44:25 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/03/16 01:44:24 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/03/16 01:44:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/03/16 01:44:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/03/16 01:44:24 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/03/16 01:44:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/03/16 01:44:24 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/03/16 01:44:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/03/16 01:44:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/03/16 01:44:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/03/16 01:44:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/03/16 01:44:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/03/16 01:44:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/03/16 01:44:23 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/03/16 01:44:23 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/03/16 01:44:23 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/03/16 01:44:23 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/03/16 01:44:23 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/03/16 01:44:23 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/03/16 01:44:23 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/03/16 01:44:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/03/16 01:44:23 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/03/16 01:44:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/03/16 01:44:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/03/16 01:44:22 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/03/16 01:44:22 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/03/16 01:44:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/03/16 01:44:22 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/03/16 01:44:22 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/03/16 01:44:22 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/03/16 01:44:22 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/03/16 01:44:22 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/03/16 01:44:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/03/16 01:44:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/03/16 01:44:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/03/16 01:44:21 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/03/16 01:44:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/03/16 01:44:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/03/16 01:44:21 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/03/16 01:44:21 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/03/16 01:44:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/03/16 01:44:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/03/16 01:44:20 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/03/16 01:44:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/03/16 01:44:20 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/03/16 01:44:20 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/03/16 01:44:20 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/03/16 01:44:20 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/03/16 01:44:20 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/03/16 01:44:20 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/03/16 01:44:20 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/03/16 01:44:20 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/03/16 01:44:20 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/03/16 01:44:20 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/03/16 01:44:20 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/03/16 01:44:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/03/16 01:44:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/03/16 01:44:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/03/16 01:44:20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/03/16 01:44:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/03/16 01:44:19 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/03/16 01:44:19 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/03/16 01:44:19 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/03/16 01:44:19 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/03/16 01:44:19 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/03/16 01:44:19 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/03/16 01:44:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/03/16 01:44:19 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/03/16 01:44:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/03/16 01:44:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/03/16 01:44:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/03/16 01:44:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/03/16 01:44:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/03/16 01:44:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/03/16 01:44:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/03/16 01:44:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/03/16 01:44:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/03/16 01:44:18 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/03/16 01:44:18 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/03/16 01:44:18 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/03/16 01:44:18 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/03/16 01:44:18 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/03/16 01:44:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/03/16 01:44:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/03/16 01:44:18 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/03/16 01:44:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/03/16 01:44:18 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/03/16 01:44:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/03/16 01:44:18 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/03/16 01:44:18 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/03/16 01:44:18 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/03/16 01:44:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/03/16 01:44:17 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/03/16 01:44:17 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/03/16 01:44:17 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/03/16 01:44:17 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/03/16 01:44:17 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/03/16 01:44:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/03/16 01:44:17 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/03/16 01:44:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/03/16 01:44:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/03/16 01:44:16 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/03/16 01:44:16 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/03/16 01:44:16 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/03/16 01:44:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/03/16 01:44:16 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/03/16 01:44:16 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/03/16 01:44:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/03/16 01:44:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/03/16 01:44:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/03/16 01:44:15 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/03/16 01:44:15 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/03/16 01:44:15 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/03/16 01:44:15 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/03/16 01:44:15 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/03/16 01:44:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/03/16 01:44:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/03/16 01:44:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/03/16 01:44:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/03/16 01:44:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/03/16 01:44:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/03/16 01:44:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/03/16 01:44:14 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/03/16 01:44:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/03/16 01:44:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/03/16 01:44:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/03/16 01:44:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/03/16 01:44:14 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/03/16 01:44:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/03/16 01:44:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/03/16 01:44:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/03/16 01:44:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/03/16 01:44:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/03/16 01:44:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/03/16 01:44:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/03/16 01:44:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/03/16 01:44:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/03/16 01:44:13 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/03/16 01:44:13 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/03/16 01:44:13 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/03/16 01:44:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/03/16 01:44:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/03/16 01:44:13 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/03/16 01:44:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/03/16 01:44:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/03/16 01:44:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/03/16 01:44:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/03/16 01:44:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/03/16 01:44:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/03/16 01:44:12 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/03/16 01:44:12 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/03/16 01:44:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/03/16 01:44:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/03/16 01:44:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/03/16 01:44:12 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/03/16 01:44:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/03/16 01:44:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/03/16 01:44:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/03/16 01:44:11 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/03/16 01:44:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/03/16 01:44:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/03/16 01:44:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/03/16 01:44:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/03/16 01:44:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/03/16 01:44:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/03/16 01:44:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/03/16 01:44:10 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/03/16 01:44:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/03/16 01:44:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/03/16 01:44:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/03/16 01:44:08 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/03/16 01:44:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/03/16 01:44:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/03/16 01:44:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/03/16 01:44:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/03/16 01:43:47 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/03/16 01:43:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/03/16 01:43:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/03/16 01:43:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/03/15 13:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/15 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/15 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\FreeFixer
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\FreeFixer
[2010/03/15 01:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/03/14 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/03/14 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/03/14 16:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/14 16:28:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/14 16:28:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/14 16:28:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/14 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/14 15:36:30 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/03/14 01:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\S.N.Safe&Software
[2010/03/14 01:39:24 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/03/13 17:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/13 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\DoctorWeb
[2010/03/13 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/12 14:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/12 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\URSoft
[2010/03/12 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2008
[2010/03/11 16:05:56 | 000,000,000 | ---D | C] -- C:\c62a87f677379440a4faa9fb888261
[2010/03/11 15:52:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/11 15:52:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 15:50:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/11 15:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010/03/11 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Malwarebytes
[2010/03/11 14:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/11 14:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/11 03:29:01 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/03/11 03:19:03 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Mozilla
[2010/03/11 03:19:03 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Mozilla
[2010/03/11 03:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/11 02:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/03/10 15:46:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/10 15:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/10 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/10 15:18:55 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\WindowsUpdate
[2010/03/10 15:03:40 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/03/10 14:12:02 | 000,035,040 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/03/10 14:12:02 | 000,034,760 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/03/10 14:11:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Documents\RegRun2
[2010/03/10 14:11:51 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/03/10 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/03/10 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/03/10 14:01:49 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/03/10 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/10 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/10 14:01:43 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Hewlett-Packard
[2010/03/10 14:01:13 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Searches
[2010/03/10 14:01:07 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Identities
[2010/03/10 14:01:05 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Contacts
[2010/03/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\hewlett-packard
[2010/03/10 13:58:15 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\HP TCS
[2010/03/10 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\VirtualStore
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\Temporary Internet Files
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Templates
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Start Menu
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\SendTo
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Recent
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\PrintHood
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\NetHood
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\My Documents
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Local Settings
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\History
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Cookies
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Application Data
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\Application Data
[2010/03/10 13:55:45 | 000,000,000 | --SD | C] -- C:\Users\leave me alone\AppData\Roaming\Microsoft
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Videos
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Saved Games
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Pictures
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Music
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Links
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Favorites
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Downloads
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Documents
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Desktop
[2010/03/10 13:55:45 | 000,000,000 | -H-D | C] -- C:\Users\leave me alone\AppData
[2010/03/10 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Temp
[2010/03/10 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Microsoft
[2010/03/10 12:31:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/10 12:31:27 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/10 12:31:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/10 12:31:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/10 12:31:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/10 12:31:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/10 12:31:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/10 12:31:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/10 12:31:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/10 12:31:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/10 12:31:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/10 12:31:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/10 12:31:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/10 12:31:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/10 12:29:55 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/10 12:29:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/10 12:29:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/10 12:29:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/10 12:29:54 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/10 12:29:54 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/10 12:29:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/10 12:29:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/10 12:29:53 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/10 12:29:53 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/10 12:29:53 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/10 12:29:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/10 12:29:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/10 12:29:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/10 12:29:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/10 12:29:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/10 12:29:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/10 12:29:51 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/10 12:29:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/10 12:29:51 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/10 12:29:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/10 12:29:50 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/10 12:29:49 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/10 12:29:49 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/10 12:29:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/10 12:29:49 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/10 12:29:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/03/10 04:25:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/03/10 04:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/10 04:20:37 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/03/10 04:20:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/03/10 04:20:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/03/10 04:20:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/03/10 04:20:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/03/10 04:17:00 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/03/10 04:16:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/03/10 04:16:15 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/03/10 04:16:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/03/10 04:16:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/03/10 04:16:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/03/10 04:16:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/03/10 04:16:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/03/10 04:16:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/03/10 04:16:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/03/10 04:15:09 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/03/10 04:14:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/03/10 04:14:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/03/10 04:14:16 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/03/10 04:14:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/03/10 04:14:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/03/10 04:14:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/03/10 04:14:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/03/10 04:04:45 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/03/10 04:04:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/03/10 04:04:39 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/03/10 04:04:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/03/10 04:04:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/03/10 04:04:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/03/10 03:54:32 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/03/10 03:54:30 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/03/10 03:53:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/10 03:53:05 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/10 03:53:01 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/10 03:53:01 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/10 03:52:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/10 03:52:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/10 03:52:51 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/10 03:52:50 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/10 03:52:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/10 03:51:16 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/03/10 03:50:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/03/10 03:50:16 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/03/10 03:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/03/10 03:50:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/03/10 03:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/03/10 03:48:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/03/10 03:48:30 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/03/10 03:47:09 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/03/10 03:46:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/10 03:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/03/10 03:44:24 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\CrashDumps
[2010/03/10 03:33:02 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/03/10 03:32:46 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/03/10 03:32:21 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/03/10 03:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/03/10 03:15:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/03/10 03:15:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/03/10 03:15:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/03/10 03:15:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/03/10 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Process Hacker
[2010/03/10 03:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker
[2010/03/10 02:48:29 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/10 02:41:32 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/10 02:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/03/10 02:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/10 02:14:05 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Macromedia
[2010/03/10 02:13:18 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/03/10 02:13:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Adobe
[2010/03/10 02:12:39 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Symantec
[2010/03/10 02:10:57 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/03/10 02:10:57 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/03/10 02:10:42 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/03/10 02:10:42 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/03/10 02:10:42 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/03/10 02:10:30 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/03/10 02:10:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/03/09 17:52:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/03/09 17:16:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/09 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/09 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2010/03/09 17:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/03/09 17:09:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010/03/09 17:09:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/03/09 17:09:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl71.dll
[2010/03/09 17:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2010/03/09 17:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/09 17:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/09 17:03:40 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/03/09 17:03:40 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010/03/09 17:01:53 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvusmb.exe
[2010/03/09 17:01:23 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010/03/09 17:00:44 | 001,093,120 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010/03/09 17:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/03/09 17:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/09 16:59:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/09 16:53:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2010/03/20 12:19:56 | 001,572,864 | -HS- | M] () -- C:\Users\leave me alone\ntuser.dat
[2010/03/20 12:18:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/20 11:44:04 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/20 11:44:04 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/20 11:44:04 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/20 11:42:05 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
[2010/03/20 11:39:15 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/20 11:38:04 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/20 11:38:03 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/20 11:37:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 11:37:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 11:37:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/20 11:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/20 04:51:27 | 000,524,288 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/20 04:51:27 | 000,065,536 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/20 04:40:44 | 002,761,421 | -H-- | M] () -- C:\Users\leave me alone\AppData\Local\IconCache.db
[2010/03/20 04:04:37 | 000,485,704 | ---- | M] () -- C:\Users\leave me alone\Desktop\HAMeb_check.exe
[2010/03/20 03:40:19 | 000,000,015 | ---- | M] () -- C:\Users\leave me alone\Desktop\settings.dat
[2010/03/20 02:17:54 | 000,045,281 | ---- | M] () -- C:\Users\leave me alone\Desktop\start-new-topic-f37.html
[2010/03/20 01:00:59 | 000,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/03/20 00:59:50 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/03/19 13:44:41 | 000,075,832 | ---- | M] () -- C:\Users\leave me alone\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/19 13:41:22 | 000,313,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/17 14:19:05 | 000,091,590 | ---- | M] () -- C:\Users\leave me alone\Documents\RegRun online scan info.htm
[2010/03/16 18:15:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 17:08:07 | 000,000,492 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for leave me alone.job
[2010/03/16 13:19:22 | 002,293,760 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/15 14:52:20 | 000,064,258 | ---- | M] () -- C:\Users\leave me alone\Documents\cc_20100315_145201.reg
[2010/03/15 14:40:35 | 000,035,621 | ---- | M] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | M] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | M] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | M] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | M] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 16:27:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/14 16:27:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/14 16:27:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/14 16:27:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/13 16:28:26 | 000,472,064 | ---- | M] ( ) -- C:\Users\leave me alone\Desktop\RootRepeal.exe
[2010/03/12 14:33:20 | 000,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/03/11 15:10:09 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/03/11 03:21:16 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/11 02:53:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/11 02:53:00 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/03/11 02:53:00 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/03/11 02:43:26 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/11 02:28:30 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/03/11 02:28:30 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/03/11 02:28:30 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/03/10 15:21:45 | 000,000,005 | ---- | M] () -- C:\Windows\System32\Band4
[2010/03/10 13:56:50 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE91906XN_E508240-002_4A_I303C_SWistron_V08.60_F.54_T090818_WV2-1_L409_M2814_J160_7AMD_8F31_92.10_#100309_N168C001C;10DE0760_(NV243UA#ABA)_XMOBILE_CN10_Z_2F.54.MRK
[2010/03/10 13:55:46 | 000,000,020 | -HS- | M] () -- C:\Users\leave me alone\ntuser.ini
[2010/03/10 13:48:35 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\UZI4NDQ1.del
[2010/03/10 12:54:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForleave me alone.job
[2010/03/10 12:52:16 | 000,524,288 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 02:51:12 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/03/09 17:10:32 | 001,053,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/03/09 17:10:32 | 000,505,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010/03/09 17:10:32 | 000,353,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/03/09 17:10:31 | 001,066,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/03/09 17:04:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/03/20 04:04:25 | 000,485,704 | ---- | C] () -- C:\Users\leave me alone\Desktop\HAMeb_check.exe
[2010/03/20 03:39:31 | 000,000,015 | ---- | C] () -- C:\Users\leave me alone\Desktop\settings.dat
[2010/03/20 03:15:41 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/03/20 03:15:41 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/03/20 03:15:41 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/03/20 03:15:41 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/03/20 02:17:45 | 000,045,281 | ---- | C] () -- C:\Users\leave me alone\Desktop\start-new-topic-f37.html
[2010/03/17 14:21:57 | 000,091,590 | ---- | C] () -- C:\Users\leave me alone\Documents\RegRun online scan info.htm
[2010/03/17 12:53:53 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/16 18:15:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/16 13:18:45 | 002,293,760 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 01:45:02 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/03/16 01:45:01 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/03/16 01:44:55 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/03/16 01:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/16 01:44:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/16 01:44:52 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/03/16 01:44:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/03/16 01:44:46 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/03/16 01:44:37 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/03/16 01:44:35 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/03/16 01:44:09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/03/15 14:52:04 | 000,064,258 | ---- | C] () -- C:\Users\leave me alone\Documents\cc_20100315_145201.reg
[2010/03/15 14:40:34 | 000,035,621 | ---- | C] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | C] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | C] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | C] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | C] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/03/12 12:46:15 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/12 02:56:33 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/11 15:10:14 | 000,000,492 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for leave me alone.job
[2010/03/11 15:10:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/03/11 03:21:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/10 15:21:45 | 000,000,005 | ---- | C] () -- C:\Windows\System32\Band4
[2010/03/10 14:29:13 | 000,000,440 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
[2010/03/10 14:12:27 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/03/10 14:01:49 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/03/10 14:01:49 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\QSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\DSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\AtStart.txt
[2010/03/10 14:00:55 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForleave me alone.job
[2010/03/10 13:56:50 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE91906XN_E508240-002_4A_I303C_SWistron_V08.60_F.54_T090818_WV2-1_L409_M2814_J160_7AMD_8F31_92.10_#100309_N168C001C;10DE0760_(NV243UA#ABA)_XMOBILE_CN10_Z_2F.54.MRK
[2010/03/10 13:55:46 | 000,000,020 | -HS- | C] () -- C:\Users\leave me alone\ntuser.ini
[2010/03/10 13:55:45 | 001,572,864 | -HS- | C] () -- C:\Users\leave me alone\ntuser.dat
[2010/03/10 13:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 13:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 13:55:45 | 000,065,536 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/10 13:48:35 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\UZI4NDQ1.del
[2010/03/10 12:31:25 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/10 03:50:23 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/03/09 17:12:54 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/09 17:12:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/09 17:12:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/09 17:11:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/09 17:10:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/09 17:10:36 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/09 17:04:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/03/09 17:02:06 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/03/09 17:01:52 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 07:27:52 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 07:21:52 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 07:19:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 07:18:27 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/20 21:34:20 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:B3D74A13
< End of report >





OTL Extras logfile created on: 3/20/2010 12:19:20 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 93.64 Gb Free Space | 67.52% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.73 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.51 Gb Free Space | 6.86% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-151925211-960758612-2286447814-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{284289C5-CCA6-40EF-AA01-E5651B6DB83B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{74479465-BBFE-4EB5-8D33-805D7A2E2680}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B630EEC1-2091-40F5-8B06-CDC8E1987AA8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{ED5344BB-D7A2-47A4-9A76-BB7B8C2F6260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EED59F82-F238-4260-AB51-DA393F916824}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{F4194A69-7B8F-4C9B-BDFF-E55126C9200F}_is1" = Anti-Malware Toolkit 1.13.326
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Greatis Reanimator_is1" = RegRun Reanimator
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker_is1" = Process Hacker 1.11
"Secunia PSI" = Secunia PSI
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ThreatExpert Memory Scanner_is1" = ThreatExpert Memory Scanner 1.0
"UnHackMe_is1" = UnHackMe 5.70 release
"WildTangent hp Master Uninstall" = My HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2010 1:55:49 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 1:58:37 AM | Computer Name = leavemealone-PC | Source = VSS | ID = 8194
Description =

Error - 3/20/2010 2:08:51 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 2:32:11 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 2:36:50 AM | Computer Name = leavemealone-PC | Source = VSS | ID = 8194
Description =

Error - 3/20/2010 2:56:17 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 2:59:04 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 3:21:16 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 3:24:08 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2010 3:32:55 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/20/2010 3:35:42 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/20/2010 3:57:29 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10010
Description =

Error - 3/20/2010 3:58:06 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10010
Description =

Error - 3/20/2010 4:01:36 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/20/2010 4:01:36 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/20/2010 4:07:02 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10010
Description =

Error - 3/20/2010 4:11:17 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10005
Description =

Error - 3/20/2010 4:11:27 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10005
Description =

Error - 3/20/2010 4:11:28 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10005
Description =

Error - 3/20/2010 4:11:28 AM | Computer Name = leavemealone-PC | Source = DCOM | ID = 10005
Description =


< End of report >


I also have a rootrepal log would you like this also ?

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 21 March 2010 - 12:22 PM

Hi,

yes, I could use the rootrepeal log. I'd also like a scan from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 March 2010 - 05:10 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-21 16:35:56
Windows 6.0.6002 Service Pack 2
Running: t1wvv0ks.exe; Driver: C:\Users\LEAVEM~1\AppData\Local\Temp\pxkdipow.sys


---- System - GMER 1.0.15 ----

SSDT 87E64198 ZwAlertResumeThread
SSDT 87E5D930 ZwAlertThread
SSDT 87E68400 ZwAllocateVirtualMemory
SSDT 87CC4A00 ZwAlpcConnectPort
SSDT 87E5F9C8 ZwAssignProcessToJobObject
SSDT 87E5FBF8 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A1859A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A185B98]
SSDT 87E5F6E8 ZwCreateSymbolicLinkObject
SSDT 87EA9CE0 ZwCreateThread
SSDT 87E60568 ZwDebugActiveProcess
SSDT 87E69BE8 ZwDuplicateObject
SSDT 87E682E0 ZwFreeVirtualMemory
SSDT 87EC9070 ZwImpersonateAnonymousToken
SSDT 87EC6120 ZwImpersonateThread
SSDT 87D30498 ZwLoadDriver
SSDT 87E65450 ZwMapViewOfSection
SSDT 87EC5CF0 ZwOpenEvent
SSDT 87E69D08 ZwOpenProcess
SSDT 87EB2068 ZwOpenProcessToken
SSDT 87E59518 ZwOpenSection
SSDT 87E69C78 ZwOpenThread
SSDT 87E5F8D8 ZwProtectVirtualMemory
SSDT 87EA7120 ZwResumeThread
SSDT 87DF5C00 ZwSetContextThread
SSDT 87E65378 ZwSetInformationProcess
SSDT 87E5CF10 ZwSetSystemInformation
SSDT 87E58BE0 ZwSuspendProcess
SSDT 87E5E128 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A185656]
SSDT 87E60120 ZwTerminateThread
SSDT 87DFB840 ZwUnmapViewOfSection
SSDT 87E68370 ZwWriteVirtualMemory
SSDT 87E5F7D8 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A185DA0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81CE6880 8 Bytes [98, 41, E6, 87, 30, D9, E5, ...] {CWDE ; INC ECX; OUT 0x87, AL; XOR CL, BL; IN EAX, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 131 81CE6894 4 Bytes [00, 84, E6, 87]
.text ntkrnlpa.exe!KeSetEvent + 13D 81CE68A0 4 Bytes [00, 4A, CC, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 81CE68F4 4 Bytes [C8, F9, E5, 87] {ENTER 0xe5f9, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 1F5 81CE6958 2 Bytes [F8, FB] {CLC ; STI }
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- EOF - GMER 1.0.15 ----


#6 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 March 2010 - 05:11 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/20 03:40
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90D01000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90CF6000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA13D9000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{0a013865-33ea-11df-a764-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0bfa1fde-31f8-11df-b36a-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2b950bb0-31f6-11df-87dd-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{34f16c9c-32c4-11df-b1e7-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4c9d04c0-16b5-11cc-97c8-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b10c4bc-31fd-11df-8184-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b10c4e1-31fd-11df-8184-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8ad4b917-337f-11df-bdc5-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9376e08f-3252-11df-88fc-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a2955-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a2959-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a295d-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a55a6416-3124-11df-9b04-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b3416dea-318c-11df-8963-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b341706c-318c-11df-8963-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e371089e-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710972-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710986-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710994-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb32275-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb322a0-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb322a8-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f56c1003-33e4-11df-808a-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a55a6507-3124-11df-9b04-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\$$DeleteMe.fundisc.dll.01cac4d81d346e13.003a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01cac4d81fc56993.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01cac4d81d027133.0038
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01cac4d81b47b173.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01cac07a48f89c20.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01cac4d81f0238d3.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiodg.exe.01cac4d81b4ed593.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.AudioSes.dll.01cac4d81ecdda93.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiosrv.dll.01cac4d81f95ce13.008b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01cac4d81f4740b3.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01cac4d81ea7c493.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.0.6001.18000_none_56571935b2b95c99\$$DeleteMe.azroles.dll.01cac4d81b408d53.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01cac4d81b6904b3.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01cac4d81e3f0813.005a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01cac4d81e05e713.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01cac4d81f910b53.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01cac4d81e30bfd3.0057
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\$$DeleteMe.comsvcs.dll.01cac4d81ef8b353.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01cac4d822188153.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01cac4d823955d53.00b9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01cac4d81d9d2a93.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01cac07a42230980.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01cac4d81f8785d3.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01cac4d81d5ce573.003e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01cac4d821c79293.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01cac4d81abb4053.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01cac4d81f1543d3.0075
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01cac4d81d93a513.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01cac4d821a8a0b3.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\$$DeleteMe.dfsr.exe.01cac4d81e0d0b33.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01cac4d821ad6373.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01cac4d81ace4b53.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01cac4d81e299bb3.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01cac4d81b324513.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\$$DeleteMe.winrnr.dll.01cac4d822377333.00a9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01cac4d81b15b493.0016
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01cac4d81bf31473.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01cac4d81ace4b53.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01cac4d822115d33.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll.01cac4d81f238c13.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01cac4d81eb14a13.0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01cac4d81ad30e13.000f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01cac4d81b408d53.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\$$DeleteMe.wer.dll.01cac4d81db03593.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01cac4d821d37973.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\$$DeleteMe.wersvc.dll.01cac07a40364ce0.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01cac4d81effd773.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16386_none_7228d3744a853f0e\$$DeleteMe.meiryo.ttc.01cac07a29758840.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\$$DeleteMe.gdi32.dll.01cac4d81f12e273.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01cac4d81e3a4553.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18000_none_f5ac3cff9d4bd9d3\$$DeleteMe.httpapi.dll.01cac245a51cd3bc.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\$$DeleteMe.httpapi.dll.01cac4d81fbe4573.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01cac07a4630e100.0020
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1619e9095cbe2181\$$DeleteMe.wininet.dll.mui.01cac07a466a0200.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01cac4d8222dedb3.00a7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll.01cac4d81652f493.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01cac07a45a20e80.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01cac07a45b9dc40.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01cac4d81bb2cf53.002a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01cac4d81b265e33.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01cac07a40b475c0.0013
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01cac4d81bae0c93.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01cac4d81e30bfd3.0058
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01cac4d81690d853.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01cac4d816613cd3.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01cac4d816a3e353.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.0.6001.18000_none_048ebb9ba7b2fc3a\$$DeleteMe.msjet40.dll.01cac4d81bdda813.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01cac07a403d7100.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01cac07a404957e0.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjint40.dll.01cac4d81d6b2db3.0040
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjter40.dll.01cac4d81f06fb93.0071
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.mswstr10.dll.01cac4d81d809a13.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetole_31bf3856ad364e35_6.0.6001.18000_none_7750886b9104ab81\$$DeleteMe.msjetoledb40.dll.01cac4d81b09cdb3.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..ss-components-jetes_31bf3856ad364e35_6.0.6001.18000_none_36b216b9cce86273\$$DeleteMe.msjtes40.dll.01cac4d81df2dc13.0050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\$$DeleteMe.WMVCORE.DLL.01cac4d81fb72153.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98ad53755122\$$DeleteMe.mfplat.dll.01cac4d81af6c2b3.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\$$DeleteMe.MMDevAPI.dll.01cac4d821fe5233.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01cac4d81ac00313.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\$$DeleteMe.mpr.dll.01cac4d81d7975f3.0042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353cea8765257\$$DeleteMe.msasn1.dll.01cac07a2cd7fcc0.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c\$$DeleteMe.msasn1.dll.01cac4d81ecdda93.006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01cac4d81f095cf3.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01cac4d81df53d73.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\$$DeleteMe.msxml3.dll.01cac07a498e92c0.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\$$DeleteMe.msxml3.dll.01cac4d81f8c4893.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\$$DeleteMe.msxml6.dll.01cac07a49876ea0.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\$$DeleteMe.msxml6.dll.01cac4d8224cdf93.00ab
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.FwRemoteSvr.dll.01cac4d81e782913.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.FwRemoteSvr.dll.01cac4d81e782913.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01cac4d81dcf2773.004d
Status: Locked to the Windows API!

PProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1164 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x882f2600

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x882f26c0

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e77a0

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x88e556c0

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x88bf8db0

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x88522650

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8c9a6

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8cb98

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x884bcf80

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x891743f0

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x88bf8e90

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x880db990

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e7600

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x88522740

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x882f2540

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8776a8f0

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x881e7520

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x88522570

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x880dbb30

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89178548

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x885223b0

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x880dba60

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x88bf8cc0

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8875c3a8

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x91fd5440

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x91fd5500

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x88bf8f70

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x88522490

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x882f2780

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8c656

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x91fd5380

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x91fd55d0

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e76d0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x88bf8bc0

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8cda0

Shadow SSDT
-------------------
#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x87b0e3d8

#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x87b14428

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x877673d8

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x86589820

#: 442 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x88ba49a8

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x87a77eb0

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x88ba22f0

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x87a77f80

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x88ba1240

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x88ba12c8

==EOF==

#7 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 March 2010 - 05:16 PM

I used your link for gmer but.. they did something to it when I downloaded from the link you provided , it crashed me in safe mode and normal lol so I used a copy I already had , hopefully it's a full log scan ?

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 21 March 2010 - 06:39 PM

Hi,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either PCTools or Norton.

The file detected as malicious by threatfire, wlschost.exe, is part of OneCare which is another anti virus program, which I suggest you should remove, since it has been replaced by MSSE and is no longer updated.

Besides the detection by threatfire is there anything wrong with your PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 21 March 2010 - 09:15 PM

it is their memory scanner not threat fire p.s. I removed it ,and yes I believe it's some sort of rootkit, there is stuff coming and going out of odd ports like 4195,5355,1900,3702 and 138. if I install anything Norton warns me about file renaming and being sent out to strange IP's. I used kill box to empty them out
if I try and install something Norton keeps telling me about key logging but doesn't detect or remove nothing. when I first turn on my wifi I see it connecting to an IP on 5355
oh yeah I found some thing with a shared connection on windows fire wall which I don't even use and I removed it with RRT a few times. I kept seeing random named exe's going into my temp folder which end up being anonymous login's into my p.c.


Edited by _The_Nothing_, 21 March 2010 - 09:28 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 24 March 2010 - 11:41 AM

Hi,

you have two anti virus programs installed, which can cause this kind of errors. Can you please post the log from Norton, so I can see what is going on.

I'm a little lost between this thread and the PMs. Your gooredfix scan was clean. The keylogging activity was registered for ATF-Cleaner and your Uninstallprogramm, do you still have the files that were detected? Could you upload them to virustotal:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c\:users\leave me alone\desktop\ATF=cleaner.exe
c\:progam files\your uninstaller 2008\uruninstaller.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 25 March 2010 - 02:35 AM

I know how to show hidden files but thanks for the info anyways
I used a portable for the AVZ / Kaspersky scan
I usually use virus total to scan my files

someone is locked into my p.c. I use IE8 and FireFox Not IE5 thats the hacker I uploaded a pic to show you what I've founf

Nothing found
ATF
http://virusscan.jotti.org/en/scanresult/b...c8c8f007d4a79e0
http://www.virustotal.com/analisis/e900d88...677a-1269441587

Your uninstaller
http://www.virustotal.com/analisis/be75c65...c0fc-1218055154

the page keeps getting reset on the your uninstaller .exes on Lotti's

I wish I could find my log I can't remember what I ran but it said something about hkey\users and hkey\all users was locked and could not be scanned
they are using the Guest account although it says its off they are locked into my p.c. and controlling programs through a shared access i.e. windows firewall \ disabling my windows update and various other things



<AVZ_CollectSysInfo>
--------------------
Start time: 3/22/2010 1:33:37 PM
Duration: 00:04:51
Finish time: 3/22/2010 1:38:28 PM

This is from a portable version of the Kaspersky virus removal tool it's not installedAttached File  IE5__I_don_t_use_it_I_have_IE8_and_FireFox.png   93.35KB   6 downloads
<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
3/22/2010 1:33:41 PM Windows version: Windows Vista ™ Home Basic, Build=6002, SP="Service Pack 2"
3/22/2010 1:33:42 PM System Restore: enabled
3/22/2010 1:33:51 PM 1.1 Searching for user-mode API hooks
3/22/2010 1:33:52 PM Analysis: kernel32.dll, export table found in section .text
3/22/2010 1:33:52 PM Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->772F1C28->61F03F42
3/22/2010 1:33:52 PM Hook kernel32.dll:CreateProcessA (151) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->772F1BF3->61F04040
3/22/2010 1:33:52 PM Hook kernel32.dll:CreateProcessW (154) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->77333DB4->61F041FC
3/22/2010 1:33:52 PM Hook kernel32.dll:FreeLibrary (335) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->7733B6BD->61F040FB
3/22/2010 1:33:52 PM Hook kernel32.dll:GetModuleFileNameA (503) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->7733B27E->61F041A0
3/22/2010 1:33:52 PM Hook kernel32.dll:GetModuleFileNameW (504) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetProcAddress (548) intercepted, method ProcAddressHijack.GetProcAddress ->7733903B->61F04648
3/22/2010 1:33:52 PM Hook kernel32.dll:GetProcAddress (548) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->773194DC->61F03C6F
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryA (759) blocked
3/22/2010 1:33:52 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->773194B4->61F03DAF
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryExA (760) blocked
3/22/2010 1:33:52 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->77319109->61F03E5A
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryExW (761) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->77319362->61F03D0C
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryW (762) blocked
3/22/2010 1:33:52 PM IAT modification detected: LoadLibraryW - 01BD0010<>77319362
3/22/2010 1:33:52 PM Analysis: ntdll.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: user32.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: advapi32.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: ws2_32.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: wininet.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: rasapi32.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: urlmon.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: netapi32.dll, export table found in section .text
3/22/2010 1:33:55 PM >> Danger ! Process masking detected
3/22/2010 1:33:55 PM 1.2 Searching for kernel-mode API hooks
3/22/2010 1:35:21 PM Driver loaded successfully
3/22/2010 1:35:21 PM SDT found (RVA=137B00)
3/22/2010 1:35:21 PM Kernel ntkrnlpa.exe found in memory at address 81C41000
3/22/2010 1:35:21 PM SDT = 81D78B00
3/22/2010 1:35:21 PM KiST = 81CED84C (391)
3/22/2010 1:35:21 PM Function NtAlertResumeThread (0D) intercepted (81ED3F0D->88616A20), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAlertThread (0E) intercepted (81E4CE07->88616B00), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAllocateVirtualMemory (12) intercepted (81E88F19->88402C50), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAlpcConnectPort (15) intercepted (81E2B4B2->88511A00), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAssignProcessToJobObject (2A) intercepted (81DFEAEF->87E60F28), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateMutant (43) intercepted (81E613BC->88616770), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateProcess (48) intercepted (81ED274B->89F7F9A6), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateProcessEx (49) intercepted (81ED2796->89F7FB98), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateSymbolicLinkObject (4D) intercepted (81E01306->87E60B48), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateThread (4E) intercepted (81ED2580->87CF1530), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtDebugActiveProcess (74) intercepted (81EA56EA->886162A8), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtDuplicateObject (81) intercepted (81E3916E->87C13230), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtFreeVirtualMemory (93) intercepted (81CC5F5F->88402A70), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtImpersonateAnonymousToken (9C) intercepted (81DFBEBE->88616860), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtImpersonateThread (9E) intercepted (81E114C0->88616940), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtLoadDriver (A5) intercepted (81DACDF0->87A8D228), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtMapViewOfSection (B1) intercepted (81E5144C->88402970), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtOpenEvent (B8) intercepted (81E3A9ED->88616690), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenProcess (C2) intercepted (81E61B58->87C13390), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenProcessToken (C3) intercepted (81E425FE->88402D20), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenSection (C5) intercepted (81E5221F->886164D0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenThread (C9) intercepted (81E5D0AA->87C13300), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtProtectVirtualMemory (D2) intercepted (81E5AE8D->87E60E38), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtResumeThread (11A) intercepted (81E5C6F5->889183D8), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetContextThread (121) intercepted (81ED3253->88616DA0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetInformationProcess (131) intercepted (81E5547A->88616E80), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetSystemInformation (13D) intercepted (81E27B16->88616388), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSuspendProcess (14A) intercepted (81ED3E47->886165B0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSuspendThread (14B) intercepted (81DDB929->88616BE0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtTerminateProcess (14E) intercepted (81E31D60->89F7F656), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtTerminateThread (14F) intercepted (81E5D0DF->88616CC0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtUnmapViewOfSection (15C) intercepted (81E5170F->88616F70), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtWriteVirtualMemory (166) intercepted (81E4E4DF->88402B60), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtCreateThreadEx (17E) intercepted (81E5CB94->87E60C38), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtCreateUserProcess (17F) intercepted (81E0AB82->89F7FDA0), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:26 PM Functions checked: 391, intercepted: 35, restored: 35
3/22/2010 1:35:26 PM 1.3 Checking IDT and SYSENTER
3/22/2010 1:35:26 PM Analysis for CPU 1
3/22/2010 1:35:26 PM Checking IDT and SYSENTER - complete
3/22/2010 1:35:28 PM 1.4 Searching for masking processes and drivers
3/22/2010 1:35:28 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
3/22/2010 1:35:28 PM Driver loaded successfully
3/22/2010 1:35:28 PM 1.5 Checking of IRP handlers
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_READ] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_WRITE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_SET_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_QUERY_EA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_SET_EA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_SHUTDOWN] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_SET_SECURITY] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_POWER] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_SET_QUOTA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_PNP] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM Checking - complete
3/22/2010 1:35:56 PM >>> F:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
3/22/2010 1:35:57 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
3/22/2010 1:35:57 PM >> Security: administrative shares (C$, D$ ...) are enabled
3/22/2010 1:35:57 PM >> Security: anonymous user access is enabled
3/22/2010 1:35:57 PM >> Security: sending Remote Assistant queries is enabled
3/22/2010 1:36:02 PM System Analysis in progress
3/22/2010 1:38:28 PM System Analysis - complete
3/22/2010 1:38:28 PM Delete file:F:\portable apps\Malware Trojan spyware removers\Kaspersky\KVR\LOG\avptool_syscheck.htm
3/22/2010 1:38:28 PM Delete file:F:\portable apps\Malware Trojan spyware removers\Kaspersky\KVR\LOG\avptool_syscheck.xml
3/22/2010 1:38:28 PM Deleting service/driver: uti4ndq1
3/22/2010 1:38:28 PM Delete file:C:\Windows\system32\Drivers\uti4ndq1.sys
3/22/2010 1:38:28 PM Deleting service/driver: uji4ndq1
3/22/2010 1:38:28 PM Script executed without errors

Edited by _The_Nothing_, 25 March 2010 - 03:01 AM.


#12 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 25 March 2010 - 03:02 AM

one more log for you


Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 17 Model 3 Stepping 1, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18882
Mozilla Firefox 3.6.2 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:138 Go - Free:109 Go )
D:\ [Fixed-NTFS] .. ( Total:10 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 02:59.57
Path : C:\Users\leave me alone\Desktop\Rooter.exe
User : leave me alone ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (416)
______ C:\Windows\system32\csrss.exe (496)
______ C:\Windows\system32\csrss.exe (544)
______ C:\Windows\system32\wininit.exe (556)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\winlogon.exe (616)
______ C:\Windows\system32\lsass.exe (632)
______ C:\Windows\system32\lsm.exe (640)
______ C:\Windows\system32\svchost.exe (812)
______ C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (860)
______ C:\Windows\system32\nvvsvc.exe (872)
______ C:\Windows\system32\svchost.exe (900)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\System32\svchost.exe (1096)
______ C:\Windows\system32\svchost.exe (1112)
Locked audiodg.exe (1176)
______ C:\Windows\system32\svchost.exe (1200)
______ C:\Windows\system32\SLsvc.exe (1216)
______ C:\Windows\system32\svchost.exe (1244)
______ C:\Windows\system32\nvvsvc.exe (1336)
______ C:\Windows\system32\svchost.exe (1440)
______ C:\Windows\System32\spoolsv.exe (1684)
______ C:\Windows\system32\svchost.exe (1708)
______ C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (1900)
______ C:\Windows\system32\svchost.exe (308)
______ C:\Program Files\SMINST\BLService.exe (320)
______ C:\Program Files\CyberLink\Shared files\RichVideo.exe (488)
______ C:\Windows\system32\svchost.exe (988)
______ C:\Windows\System32\svchost.exe (1408)
______ C:\Windows\system32\SearchIndexer.exe (1456)
______ C:\Windows\system32\DRIVERS\xaudio.exe (1896)
______ C:\Windows\system32\DllHost.exe (2408)
______ C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (2868)
______ C:\Windows\system32\Dwm.exe (2896)
______ C:\Windows\system32\taskeng.exe (2908)
______ C:\Windows\system32\taskeng.exe (2988)
______ C:\Windows\Explorer.EXE (3008)
______ C:\Program Files\UnHackMe\hackmon.exe (3124)
______ C:\Program Files\Secunia\PSI\psi.exe (3520)
______ C:\Program Files\UnHackMe\gwebupdate.exe (3544)
______ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3884)
______ C:\Program Files\HP\QuickPlay\QPService.exe (4084)
______ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (1008)
______ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (300)
______ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (2112)
______ C:\Program Files\AnalogX\CookieWall\cookie.exe (2316)
______ C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (2688)
______ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (1184)
______ C:\Windows\system32\wbem\wmiprvse.exe (3236)
______ C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (1396)
______ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (972)
______ c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (3224)
______ C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (3456)
______ C:\Windows\system32\wbem\wmiprvse.exe (2780)
______ C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (3600)
______ C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3244)
______ C:\Program Files\Process Hacker\ProcessHacker.exe (3332)
______ C:\Program Files\PeerBlock\peerblock.exe (3352)
______ C:\Windows\system32\WUDFHost.exe (3828)
______ C:\Program Files\Mozilla Firefox\firefox.exe (3584)
______ C:\Users\leave me alone\Desktop\Rooter.exe (3960)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:148915617792)
\Device\Harddisk0\Partition2 (Start_Offset:148916666368 | Length:11121197056)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\HPCeeScheduleForleave me alone.job
C:\Windows\Tasks\Norton Security Scan for leave me alone.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 03:00.00
.
C:\Rooter$\Rooter_1.txt - (25/03/2010 | 03:00.00)


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 27 March 2010 - 07:01 AM

Hi,

all Internet Explorers from IE5 upwards store their temporary data in Content.IE5, MS has never bothered to change the name of the folder. For the why you would have to ask Microsoft itself.

Your logs are all clean, there is no sign of malicious activity to be seen. If the guest account is inactive it can't be used either. The ports you have listed are typical "network" ports. Who else is on your network? Do you think one of your coworkers/ family is hacking you? How are you connecting to the internet through a router?

Are you still getting messages about keylogging? If so please post the exact message in your next reply. Do you use Remote Assistance/Remote Desktop on your PC?

Open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
net user >list.txt
net user guest >>list.txt
net user helpassistant >>list.txt
list.txt
  • Save the file as regquery.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "regquery.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.
regards myrti


is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 _The_Nothing_

_The_Nothing_
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 01 April 2010 - 01:46 AM


User accounts for \\LEAVEMEALONE-PC

-------------------------------------------------------------------------------
Administrator Guest leave me alone
The command completed successfully.

User name Guest
Full Name
Comment Built-in account for guest access to the computer/domain
User's comment
Country code 000 (System Default)
Account active No
Account expires Never

Password last set 3/23/2010 1:45:03 PM
Password expires Never
Password changeable 3/23/2010 1:45:03 PM
Password required No
User may change password No

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/20/2010 4:31:24 PM

Logon hours allowed All

Local Group Memberships *Guests
Global Group memberships *None
The command completed successfully.



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:15 PM

Posted 04 April 2010 - 06:34 PM

Hi,

the log looks fine, the account isn't active, so noone should be able to use it to log on. If you want you can set a password on it, so that people can't just log into it I guess.

Your Windows Updates seem enabled from the logs I could see. I doubt that the disabled windows firewall is caused by hackers. It seems as if it, as well as Windows Defender, were probably disabled by Norton, since they are incompatible with each other. Did the disabling coincide with installing Norton?

regards myrti

Edited by myrti, 04 April 2010 - 06:35 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users