Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help - Win32/Rustock.Q virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 Merin

Merin

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 23 April 2010 - 01:26 PM

Hello,

I'm extremely sorry if this is a topic that has been dealt with, but I couldn't find any solution so far.

I have an HP Pavillion dv2500 laptop which has been behaving very odd of late. It restarts countless times and manages to function in normal mode once in ten attempts. A scan revealed that a file called kbiwkmmuonhwbu.dll is infected by Rustock.Q virus, and this is something that can't be healed/moved as it could mess up the graphics or make my system unstable.

Being the computer illiterate that I am, I couldn't sort this out by myself. Please help.
Here's the DDS.txt file


DDS (Ver_10-03-17.01) - NTFSx86
Run by MERINMANDANNA at 23:51:46.88 on Fri 04/23/2010
Internet Explorer: 7.0.6000.16386
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1126 [GMT

5.5:30]

AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-

0217208396C4}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-

9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\ntvdm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\MERIN\software\WordWeb\wweb32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\MERIN\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c}

- c:\program files\avg\avg8\toolbar\IEToolbar.dll
uWindows: Load= c:\tcwin45\pipeline\remind.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program

files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} -

c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} -

c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: VeriSoft Access Manager: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program

files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Yahoo Messsenger] c:\users\merinmandanna\appdata\roaming\support\svchost.exe
uRun: [Webaroo] c:\program files\webaroo\WebarooClient.exe DONT_OPEN_HOME_PAGE
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

/Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health

check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless

Assistant\WiFiMsg.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1

\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mRunOnce: [RegisterHPDeviceDetectionDll] regsvr32.exe /s "c:\program

files\hp\common\HPDeviceDetection.dll"
StartupFolder: c:\users\merinm~1\appdata\roaming\micros~1\windows\startm~1

\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works

shared\WkCalRem.exe
StartupFolder: c:\users\merinm~1\appdata\roaming\micros~1\windows\startm~1

\programs\startup\wordweb.lnk - c:\merin\software\wordweb\wweb32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk -

c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk -

c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk -

c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gym-o-~1.lnk -

c:\merin\digit\stuff\gof.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk -

c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-

ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-

F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {670fc370-fcfe-11da-92e3-0800200c9a66} - {D700729C-E1F0-4D92-8C00-

DEDEB6A69D88} - c:\program files\webaroo\ietoolbar\ToolbarProcessor.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-

5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-

96E929D65503} - c:\progra~1\mic273~1\web2~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} -

hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common

files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program

files\avg\avg8\avgpp.dll
AppInit_DLLs: APSHook.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} -

c:\progra~1\micros~3\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ASWLNPkg

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys

[2008-11-30 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32

\drivers\avgmfx86.sys [2008-11-30 27784]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-5-8 55520]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32

\drivers\VBoxUSBMon.sys [2009-5-8 42048]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11

-2 22016]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance

[2006-11-2 22016]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-30

875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-30 231704]
S?Unknown AvgWfpX;AvgWfpX; [x]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-4-23

108552]
S1 rbezfmlf;rbezfmlf;c:\windows\system32\drivers\rbezfmlf.sys [2010-4-23 30784]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit

Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft

shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-04-23 17:42:20 0 d-----w- c:\programdata\AVG Security Toolbar
2010-04-23 17:42:06 108552 ----a-w- c:\windows\system32

\drivers\avgtdix.sys
2010-04-23 15:33:50 30784 ----a-w- c:\windows\system32

\drivers\rbezfmlf.sys
2010-04-23 14:30:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-23 14:01:35 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-23 14:00:10 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-23 14:00:10 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-15 15:19:37 276648 ----a-w- c:\windows\system32\guard32.dll
2010-04-15 15:19:37 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-15 15:19:36 224808 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-04-15 15:19:15 0 d-----w- c:\programdata\Comodo
2010-04-15 15:17:20 0 d-----w- c:\programdata\Comodo Downloader
2010-04-13 16:54:17 294912 ----a-w- C:\WKCONV.RTF

==================== Find3M ====================

2010-04-23 17:42:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-23 17:42:07 335240 ----a-w- c:\windows\system32

\drivers\avgldx86.sys
2010-04-23 17:42:06 0 ----a-w- c:\windows\system32

\drivers\avgwfpx.sys
2010-04-23 07:52:55 5780 ----a-w- c:\windows\bthservsdp.dat
2010-02-20 01:54:12 12498 ----a-w- c:\users\merinm~1

\appdata\roaming\wklnhst.dat
2010-02-19 20:51:39 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-19 20:51:39 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-14 09:41:20 86016 ----a-w- c:\windows\inf\infstor.dat
2009-05-14 09:41:20 51200 ----a-w- c:\windows\inf\infpub.dat
2009-05-14 09:41:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2007-10-13 04:39:26 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:50:50 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:52:31.75 ===============


I have attached the text file that is meant to be attached!
Waiting to hear from you guys, thanks so much.

EDIT: Moved from Vista forum to Malware Removal Logs, more appropriate ~ Hamluis.

Edited by hamluis, 23 April 2010 - 02:11 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 28 April 2010 - 03:32 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 04 May 2010 - 10:52 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 05 May 2010 - 11:06 AM

Reopened as requested.

Please post the requested logs.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 01:24 AM

My problem is that my computer's graphics keep getting messed up, causing my computer to restart over and over again.
I've attached the files as well.

I tried several times to run the Gmer scan but it could never complete, not even in safe mode. My system would simply restart again with messed up graphics.

OTL.txt

OTL logfile created on: 5/5/2010 7:55:30 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MERINMANDANNA\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.74 Gb Total Space | 34.30 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 2.69 Gb Free Space | 37.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MERINMANDANN-PC
Current User Name: MERINMANDANNA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 19:55:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MERINMANDANNA\Documents\Downloads\OTL.exe
PRC - [2010/04/26 22:43:25 | 000,531,440 | ---- | M] (Google Inc.) -- C:\Users\MERINMANDANNA\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/04/24 08:15:37 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2010/04/24 04:57:17 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 23:12:08 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2010/04/23 23:12:07 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2010/04/23 23:12:06 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2010/04/23 23:12:04 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/04/23 23:12:00 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2010/04/23 23:11:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/26 05:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2008/06/12 22:17:01 | 000,042,168 | ---- | M] (Antony Lewis) -- C:\MERIN\software\WordWeb\wweb32.exe
PRC - [2007/12/09 02:30:17 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/10/13 10:16:59 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/02/12 20:08:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 20:07:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/10 18:59:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/07 20:00:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2006/12/20 17:57:40 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/12/20 17:57:38 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/02 15:15:31 | 000,520,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
PRC - [2005/08/19 01:14:26 | 000,021,504 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 19:55:08 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\MERINMANDANNA\Documents\Downloads\OTL.exe
MOD - [2010/04/23 23:12:08 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2006/11/02 15:14:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 15:08:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
MOD - [2006/07/13 11:25:00 | 000,056,832 | R--- | M] (Cognizance Corporation) -- C:\Windows\System32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/24 08:15:36 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/04/23 23:12:00 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/04/23 23:11:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\MERIN\software\VisualStudio\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/04/24 06:41:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 20:08:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/10 18:59:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2007/02/10 18:59:47 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/07 20:00:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/20 01:24:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/10 03:25:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2006/06/22 12:44:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/10/14 16:20:19 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2002/04/26 19:34:34 | 000,266,192 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\BIN\TNSLSNR.exe -- (OracleOraHome92TNSListener)


========== Driver Services (SafeList) ==========

DRV - [2010/04/23 23:12:07 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/23 23:12:07 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/23 23:12:06 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 05:31:53 | 011,597,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/31 01:42:54 | 000,042,048 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2008/05/31 01:42:46 | 000,055,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2008/02/12 03:42:38 | 000,232,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/03/28 22:14:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/01 18:19:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/22 05:54:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/02/12 20:06:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/07 14:46:00 | 000,196,096 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/01/02 16:15:30 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/01/02 16:15:30 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/01/02 16:15:30 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/12/07 20:35:58 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 20:34:36 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 20:34:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 22:54:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 22:14:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/17 17:49:30 | 000,143,872 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/15 22:46:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/15 18:12:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 16:05:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 15:21:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 15:21:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 15:21:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 15:21:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 15:21:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 15:21:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 15:20:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 15:20:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 15:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 15:20:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 15:20:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 15:20:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 15:20:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 15:19:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 15:19:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 15:19:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 15:19:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/02 13:00:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 13:00:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/19 07:40:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/06/28 22:24:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/12/22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000..\Run: [Webaroo] C:\Program Files\Webaroo\WebarooClient.exe File not found
O4 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000..\Run: [Yahoo Messsenger] C:\Users\MERINMANDANNA\AppData\Roaming\support\svchost.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\MERINMANDANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O4 - Startup: C:\Users\MERINMANDANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\MERIN\software\WordWeb\wweb32.exe (Antony Lewis)
F3 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000 WinNT: Load - (C:\TCWIN45\PIPELINE\remind.exe) - C:\TCWIN45\PIPELINE\REMIND.EXE ()
O7 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Webaroo: Capture Page - {670fc370-fcfe-11da-92e3-0800200c9a66} - C:\Program Files\Webaroo\IEToolbar\ToolbarProcessor.dll File not found
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\MERIN\My Pictures\my wallpapers\wallpaper5.JPG
O24 - Desktop BackupWallPaper: C:\MERIN\My Pictures\my wallpapers\wallpaper5.JPG
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{1f75ed69-c462-11dc-9a73-001a6bf7cafd}\Shell - "" = Autorun
O33 - MountPoints2\{1f75ed69-c462-11dc-9a73-001a6bf7cafd}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{2c15d4ea-14a0-11dd-8b86-001b77d475b4}\Shell - "" = Autorun
O33 - MountPoints2\{2c15d4ea-14a0-11dd-8b86-001b77d475b4}\Shell\Open\command - "" = regsvr.exe
O33 - MountPoints2\{36fae177-922b-11dc-aecd-001a6bf7cafd}\Shell - "" = AutoRun
O33 - MountPoints2\{36fae177-922b-11dc-aecd-001a6bf7cafd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{382ee714-36c2-11df-9e7e-0016d3f5eefb}\Shell\AutoRun\command - "" = qazwsx\zaqxsw.exe
O33 - MountPoints2\{382ee714-36c2-11df-9e7e-0016d3f5eefb}\Shell\explore\command - "" = qazwsx/zaqxsw.exe
O33 - MountPoints2\{382ee714-36c2-11df-9e7e-0016d3f5eefb}\Shell\open\command - "" = qazwsx/zaqxsw.exe
O33 - MountPoints2\{3c0cdb7e-a40e-11dc-bdb2-001b77d475b4}\Shell\AutoRun\command - "" = F:\qazwsx\zaqxsw.exe -- File not found
O33 - MountPoints2\{3c0cdb7e-a40e-11dc-bdb2-001b77d475b4}\Shell\explore\command - "" = F:\qazwsx\zaqxsw.exe -- File not found
O33 - MountPoints2\{3c0cdb7e-a40e-11dc-bdb2-001b77d475b4}\Shell\open\command - "" = F:\qazwsx\zaqxsw.exe -- File not found
O33 - MountPoints2\{471d8ba7-8255-11dd-982d-001b77d475b4}\Shell\AutoRun\command - "" = r813.bat
O33 - MountPoints2\{471d8ba7-8255-11dd-982d-001b77d475b4}\Shell\explore\Command - "" = r813.bat
O33 - MountPoints2\{471d8ba7-8255-11dd-982d-001b77d475b4}\Shell\open\Command - "" = r813.bat
O33 - MountPoints2\{49e967f1-802c-11dd-bed8-001b77d475b4}\Shell - "" = Autorun
O33 - MountPoints2\{49e967f1-802c-11dd-bed8-001b77d475b4}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{771b93af-ae8c-11dd-92e7-001b77d475b4}\Shell - "" = Autorun
O33 - MountPoints2\{771b93af-ae8c-11dd-92e7-001b77d475b4}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{7a1e28d6-4c11-11dd-8e36-001b77d475b4}\Shell - "" = Autorun
O33 - MountPoints2\{7a1e28d6-4c11-11dd-8e36-001b77d475b4}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{8c1331f8-dcee-11de-81cb-0016d3f5eefb}\Shell - "" = Autorun
O33 - MountPoints2\{8c1331f8-dcee-11de-81cb-0016d3f5eefb}\Shell\Open\command - "" = regsvr.exe
O33 - MountPoints2\{98cacaff-7f62-11dd-be8c-001b77d475b4}\Shell - "" = Autorun
O33 - MountPoints2\{98cacaff-7f62-11dd-be8c-001b77d475b4}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{a302f6e2-96d9-11dd-92e4-001b77d475b4}\Shell\AutoRun\command - "" = F:\n6t1h.cmd -- File not found
O33 - MountPoints2\{a302f6e2-96d9-11dd-92e4-001b77d475b4}\Shell\explore\Command - "" = F:\n6t1h.cmd -- File not found
O33 - MountPoints2\{a302f6e2-96d9-11dd-92e4-001b77d475b4}\Shell\open\Command - "" = F:\n6t1h.cmd -- File not found
O33 - MountPoints2\{af555440-60b5-11dd-9f8e-001b77d475b4}\Shell\AutoRun\command - "" = F:\.\garbage\pizdec.exe -- File not found
O33 - MountPoints2\{af555440-60b5-11dd-9f8e-001b77d475b4}\Shell\explore\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{af555440-60b5-11dd-9f8e-001b77d475b4}\Shell\open\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{b337234d-0724-11dd-9dd0-001b77d475b4}\Shell\Explore\Command - "" = RECYCLER\desktop.exe
O33 - MountPoints2\{b337234d-0724-11dd-9dd0-001b77d475b4}\Shell\Open\Command - "" = RECYCLER\desktop.exe
O33 - MountPoints2\{b4097025-3187-11de-892c-001b77d475b4}\Shell\AutoRun\command - "" = em8tqm.cmd
O33 - MountPoints2\{b4097025-3187-11de-892c-001b77d475b4}\Shell\open\Command - "" = em8tqm.cmd
O33 - MountPoints2\{bc8fac81-fec0-11de-b94e-0016d3f5eefb}\Shell - "" = Autorun
O33 - MountPoints2\{c2bc385d-9c49-11dc-8f69-001b77d475b4}\Shell\Auto\command - "" = MicrosoftPowerPoint.exe
O33 - MountPoints2\{c314d47f-1432-11df-86a2-0016d3f5eefb}\Shell - "" = Autorun
O33 - MountPoints2\{c314d47f-1432-11df-86a2-0016d3f5eefb}\Shell\Open\command - "" = F:\regsvr.exe -- File not found
O33 - MountPoints2\{c6c553a6-f9c6-11dc-957c-001b77d475b4}\Shell\AutoRun\command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{c6c553a6-f9c6-11dc-957c-001b77d475b4}\Shell\Explore\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{c6c553a6-f9c6-11dc-957c-001b77d475b4}\Shell\Open\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{cb054a41-e8df-11de-9609-0016d3f5eefb}\Shell - "" = Autorun
O33 - MountPoints2\{cb054a41-e8df-11de-9609-0016d3f5eefb}\Shell\Open\command - "" = regsvr.exe
O33 - MountPoints2\{de7e44c1-07de-11dd-ab2a-001b77d475b4}\Shell\AutoRun\command - "" = wscript.exe n.vbe
O33 - MountPoints2\{de7e44c1-07de-11dd-ab2a-001b77d475b4}\Shell\explore\Command - "" = wscript.exe n.vbe
O33 - MountPoints2\{de7e44c1-07de-11dd-ab2a-001b77d475b4}\Shell\open\Command - "" = wscript.exe n.vbe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 02:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/04/26 01:45:16 | 011,597,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010/04/26 01:45:16 | 004,513,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010/04/26 01:45:16 | 000,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2010/04/26 01:45:16 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010/04/26 01:45:16 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010/04/26 01:45:12 | 015,235,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010/04/26 01:45:11 | 009,393,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010/04/26 01:45:11 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010/04/26 01:45:10 | 002,647,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010/04/26 01:45:07 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010/04/26 01:45:07 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010/04/26 01:45:07 | 001,299,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010/04/26 01:45:07 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1910.dll
[2010/04/26 01:45:07 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010/04/26 01:44:55 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/04/26 00:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/04/25 20:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/04/24 09:57:54 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/24 09:57:54 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/24 09:57:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/04/24 09:57:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/24 09:57:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/04/24 09:55:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/04/24 09:55:05 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/04/24 09:55:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/04/24 09:51:49 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/04/24 09:51:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010/04/24 09:51:48 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2010/04/24 09:51:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010/04/24 09:51:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/04/24 09:51:47 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2010/04/24 09:51:47 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2010/04/24 09:51:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2010/04/24 09:51:46 | 000,564,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/04/24 09:51:46 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010/04/24 09:51:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010/04/24 09:51:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2010/04/24 09:51:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/24 09:51:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2010/04/24 09:51:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/04/24 09:37:11 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/24 09:37:10 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/24 09:37:10 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/24 09:28:02 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010/04/24 09:28:02 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010/04/24 09:28:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2010/04/24 09:22:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/04/24 09:22:01 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/24 09:22:01 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/24 09:22:01 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/24 09:22:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/04/24 09:22:01 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/24 09:22:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/24 09:22:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/04/24 09:22:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/24 09:08:38 | 000,704,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/04/24 09:08:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010/04/24 09:08:33 | 000,028,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010/04/24 08:58:27 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/04/24 08:58:26 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/04/24 08:58:26 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/04/24 08:58:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/04/24 08:58:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/04/24 08:52:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/04/24 08:52:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/04/24 08:47:08 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/24 08:37:54 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/04/24 08:37:54 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/04/24 08:32:29 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/24 08:32:29 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/04/24 08:32:29 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/04/24 08:32:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/04/24 08:32:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/04/24 08:32:27 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/24 08:26:36 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/24 08:26:36 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/24 08:06:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/24 07:47:59 | 000,374,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/04/24 07:42:36 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/24 07:42:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/04/24 07:26:10 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/04/24 07:26:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/04/24 07:21:17 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/24 07:11:46 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/04/24 07:07:41 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/24 07:01:13 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/04/24 06:56:12 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010/04/24 06:56:11 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010/04/24 06:56:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010/04/24 06:56:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010/04/24 06:27:19 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010/04/24 06:27:18 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/24 06:27:18 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/24 06:27:18 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/24 06:27:18 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/24 06:27:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/24 06:27:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/04/24 06:27:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/04/24 05:59:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/24 05:46:31 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/04/24 05:21:02 | 000,109,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/04/24 05:21:02 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/04/24 05:07:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/24 05:07:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/24 05:07:40 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/24 05:07:40 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/24 05:07:40 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/24 05:07:40 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/24 05:07:39 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/24 05:07:39 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/24 05:07:38 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/24 05:07:38 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/24 05:07:37 | 000,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/24 05:07:37 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/24 05:07:35 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/24 05:07:35 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/04/24 05:07:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/24 05:07:34 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/24 05:07:33 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/24 05:07:32 | 001,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/24 05:07:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/24 05:07:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/24 05:07:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/24 05:07:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/24 05:07:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/24 04:57:17 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/24 04:43:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/04/24 04:36:12 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/04/24 04:36:11 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/04/24 04:36:09 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/04/24 04:36:08 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/04/24 04:36:06 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/04/24 04:36:04 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/04/24 04:36:02 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/04/24 04:35:59 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/04/24 04:35:54 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/04/24 04:35:48 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/04/24 04:35:43 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/04/24 04:35:39 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/04/24 04:35:37 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/04/24 04:35:33 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/04/24 04:35:30 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/04/24 04:35:26 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/04/24 04:35:19 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/04/24 04:35:12 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/04/24 04:35:10 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/04/24 04:35:04 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/24 04:34:58 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/24 04:34:56 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/04/24 04:34:54 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/04/24 04:34:51 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/04/24 04:34:48 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/04/24 04:34:46 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/04/24 04:34:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/04/24 04:34:41 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/04/24 04:34:36 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/04/24 04:34:31 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/04/24 04:34:25 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/04/24 04:34:18 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/04/24 04:34:14 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/04/24 04:34:10 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/04/24 04:34:04 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/04/24 04:33:58 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/04/24 04:33:54 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/04/24 04:33:49 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/04/24 04:33:43 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/04/24 04:33:40 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/04/24 04:33:40 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/04/24 04:33:39 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/04/24 04:33:39 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/04/24 04:33:38 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/04/24 04:33:38 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/04/24 04:33:38 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/04/24 04:33:37 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/04/24 04:33:37 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/04/24 04:33:37 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/04/24 04:33:36 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/04/24 04:33:36 | 002,655,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/04/24 04:33:36 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/04/24 04:33:35 | 003,464,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/04/24 04:33:35 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/04/24 04:33:35 | 001,523,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/04/24 04:33:34 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/04/24 04:33:34 | 002,597,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/04/24 04:33:34 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/04/24 04:33:33 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/04/24 04:33:33 | 002,241,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/04/24 04:33:33 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/04/24 04:33:32 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/04/24 04:33:32 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/04/24 04:33:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/04/24 04:33:31 | 003,102,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/04/24 04:33:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/04/24 04:33:31 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/04/24 04:33:30 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/04/24 04:33:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/04/24 04:33:30 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/04/24 04:33:29 | 009,845,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/04/24 04:33:29 | 002,641,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/04/24 04:33:28 | 002,340,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/04/24 04:33:28 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/04/24 04:33:27 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/04/24 04:33:27 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/04/24 04:33:27 | 000,797,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/24 04:33:26 | 004,493,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/04/24 04:33:26 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/04/24 04:33:23 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/04/24 04:33:20 | 001,963,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/04/24 04:21:42 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2010/04/24 04:19:40 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/24 04:19:40 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/24 04:19:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/04/24 04:19:39 | 000,944,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/24 04:19:39 | 000,905,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/24 04:19:39 | 000,620,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/24 04:19:39 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/24 04:19:39 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/24 04:19:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/04/24 04:19:38 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/04/24 04:19:37 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/04/24 04:19:37 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/04/24 04:19:37 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/04/24 04:19:37 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/04/24 04:19:36 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/04/24 04:19:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/04/24 04:19:35 | 000,035,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/04/24 04:19:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/04/24 04:19:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/04/24 04:19:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/04/24 04:16:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/24 04:16:31 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/24 04:16:29 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/24 04:16:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/24 04:16:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/24 04:16:28 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/24 04:15:38 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/24 04:15:38 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/24 04:14:54 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/24 04:14:08 | 000,213,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/24 04:14:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/24 04:14:08 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/24 04:11:47 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/04/24 04:11:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/04/24 04:11:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/04/24 04:10:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/04/24 04:10:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/04/24 04:10:02 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010/04/24 04:10:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/04/24 04:10:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/04/24 04:10:01 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/04/24 04:10:01 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/04/24 04:10:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/04/24 04:10:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/04/24 04:08:48 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/24 04:08:47 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/24 04:08:47 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/24 04:06:44 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/04/24 04:06:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2010/04/24 04:06:43 | 001,984,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/04/24 04:06:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/04/24 04:06:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2010/04/24 04:06:40 | 008,138,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010/04/24 04:05:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/24 04:05:34 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/04/24 04:04:58 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/24 04:03:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/24 04:03:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/04/24 04:02:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/04/24 04:02:42 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/04/24 04:01:05 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/24 04:01:04 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/24 04:01:03 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/24 04:01:00 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/24 04:00:58 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/24 04:00:53 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/24 04:00:51 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/24 04:00:43 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/24 04:00:41 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/24 03:58:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/04/24 03:56:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/04/24 03:50:25 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/24 03:50:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/24 03:50:24 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/24 03:50:24 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/24 03:50:06 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/24 03:50:01 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/24 03:50:00 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/24 03:50:00 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/24 03:32:05 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/04/24 03:31:56 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/24 03:31:56 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/24 03:19:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/24 03:19:41 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/24 03:19:39 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/24 03:18:23 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/24 03:18:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/24 03:16:51 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/04/24 03:16:23 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/24 03:16:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2010/04/24 03:14:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/24 03:14:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/24 03:12:00 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/24 03:11:59 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/24 03:11:47 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/24 03:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/24 03:10:29 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/24 03:10:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/24 03:10:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/24 03:10:27 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/24 03:10:27 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/24 03:09:19 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/04/24 03:07:53 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/24 03:07:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/04/24 03:07:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/04/24 03:07:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/04/24 03:07:40 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/24 01:32:54 | 000,000,000 | ---D | C] -- C:\Users\MERINMANDANNA\Documents\Downloads
[2010/04/24 01:27:24 | 000,000,000 | ---D | C] -- C:\Users\MERINMANDANNA\AppData\Local\Google
[2010/04/24 01:26:50 | 000,000,000 | ---D | C] -- C:\Users\MERINMANDANNA\AppData\Local\Deployment
[2010/04/24 01:26:50 | 000,000,000 | ---D | C] -- C:\Users\MERINMANDANNA\AppData\Local\Apps
[2010/04/23 23:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/23 23:12:06 | 000,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/23 20:00:46 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/23 19:31:35 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/04/23 19:31:35 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/04/23 19:31:01 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/04/23 19:31:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/04/23 19:31:01 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/04/23 19:30:10 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/04/23 19:30:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/15 20:49:37 | 000,276,648 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/04/15 20:49:37 | 000,025,160 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/04/15 20:49:36 | 000,224,808 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/04/15 20:49:36 | 000,086,720 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/04/15 20:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/04/15 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader

========== Files - Modified Within 30 Days ==========

[2010/05/05 20:00:40 | 002,883,584 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat
[2010/05/05 19:53:50 | 000,667,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/05 19:53:50 | 000,122,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/05 19:53:49 | 000,782,756 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/05 19:52:25 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9A2116D2-B084-4409-A476-22DE5A962ED4}.job
[2010/05/05 19:50:52 | 000,000,147 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/05/05 19:50:39 | 000,053,340 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/05/05 19:50:39 | 000,053,340 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/05/05 19:47:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 19:47:00 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/05 19:46:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/05 19:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/05 19:46:43 | 2145,771,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 14:16:25 | 237,926,317 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/05 13:41:42 | 000,110,080 | ---- | M] () -- C:\Users\MERINMANDANNA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 13:32:06 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000UA.job
[2010/05/02 16:08:18 | 000,005,780 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/02 16:07:50 | 002,914,564 | -H-- | M] () -- C:\Users\MERINMANDANNA\AppData\Local\IconCache.db
[2010/04/30 00:04:26 | 000,002,088 | ---- | M] () -- C:\Users\MERINMANDANNA\Desktop\Desktop\Google Chrome.lnk
[2010/04/28 20:23:49 | 000,524,288 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 20:23:49 | 000,524,288 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 20:23:49 | 000,065,536 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TM.blf
[2010/04/28 20:10:51 | 000,013,401 | ---- | M] () -- C:\Users\MERINMANDANNA\AppData\Roaming\nvModes.001
[2010/04/28 20:08:35 | 000,013,401 | ---- | M] () -- C:\Users\MERINMANDANNA\AppData\Roaming\nvModes.dat
[2010/04/28 08:32:46 | 000,000,134 | ---- | M] () -- C:\Users\MERINMANDANNA\Desktop\Desktop\Network and Sharing Center - Shortcut.lnk
[2010/04/26 01:32:06 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000Core.job
[2010/04/26 01:00:55 | 000,524,288 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TMContainer00000000000000000002.regtrans-ms
[2010/04/26 01:00:55 | 000,524,288 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 01:00:55 | 000,065,536 | -HS- | M] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TM.blf
[2010/04/25 18:27:11 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/04/24 10:16:21 | 000,123,232 | ---- | M] () -- C:\Users\MERINMANDANNA\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/24 10:12:56 | 000,438,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/24 09:57:54 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/24 09:57:54 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/24 09:57:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/04/24 09:57:53 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/24 09:57:53 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/04/24 09:55:06 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/04/24 09:55:05 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/04/24 09:55:05 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/04/24 09:51:49 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/04/24 09:51:49 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010/04/24 09:51:48 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kmddsp.tsp
[2010/04/24 09:51:47 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010/04/24 09:51:47 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/04/24 09:51:47 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ndptsp.tsp
[2010/04/24 09:51:47 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasmxs.dll
[2010/04/24 09:51:47 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasser.dll
[2010/04/24 09:51:47 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2010/04/24 09:51:46 | 000,564,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/04/24 09:51:46 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010/04/24 09:51:46 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010/04/24 09:51:45 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2010/04/24 09:51:44 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/24 09:51:44 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2010/04/24 09:51:44 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/04/24 09:37:11 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/24 09:37:10 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/24 09:37:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/24 09:28:02 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010/04/24 09:28:02 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010/04/24 09:28:02 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ACCTRES.dll
[2010/04/24 09:22:01 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/04/24 09:22:01 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/24 09:22:01 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/24 09:22:01 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/24 09:22:01 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/04/24 09:22:01 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/24 09:22:01 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/24 09:22:01 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/04/24 09:22:01 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/24 09:08:38 | 000,704,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/04/24 09:08:35 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010/04/24 09:08:33 | 000,028,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010/04/24 08:58:27 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/04/24 08:58:27 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/04/24 08:58:26 | 000,297,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/04/24 08:58:26 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/04/24 08:58:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/04/24 08:58:26 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/04/24 08:52:41 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/04/24 08:52:40 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/04/24 08:47:08 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/24 08:37:54 | 000,376,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/04/24 08:37:54 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/04/24 08:32:29 | 002,855,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/24 08:32:29 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/04/24 08:32:29 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/04/24 08:32:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/04/24 08:32:28 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/04/24 08:32:27 | 002,433,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/24 08:26:36 | 003,502,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/24 08:26:36 | 003,468,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/24 08:06:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/24 07:47:59 | 000,374,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/04/24 07:42:36 | 000,500,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/24 07:42:35 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/04/24 07:26:10 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/04/24 07:26:10 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/04/24 07:21:17 | 000,303,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/24 07:11:46 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/04/24 07:07:41 | 000,713,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/24 07:01:13 | 000,356,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/04/24 06:56:12 | 000,392,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010/04/24 06:56:11 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010/04/24 06:56:11 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010/04/24 06:56:11 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010/04/24 06:34:38 | 059,223,774 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/24 06:27:19 | 001,244,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010/04/24 06:27:18 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/24 06:27:18 | 000,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/24 06:27:18 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/24 06:27:18 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/24 06:27:18 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/24 06:27:18 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/04/24 06:27:17 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/04/24 05:59:56 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/24 05:46:31 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/04/24 05:21:02 | 000,109,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/04/24 05:21:02 | 000,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/04/24 05:07:41 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/24 05:07:41 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/24 05:07:40 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/24 05:07:40 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/24 05:07:40 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/24 05:07:40 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/24 05:07:39 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/24 05:07:39 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/24 05:07:38 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/24 05:07:38 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/24 05:07:37 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/24 05:07:37 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/24 05:07:35 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/24 05:07:35 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/04/24 05:07:35 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/24 05:07:34 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/24 05:07:33 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/24 05:07:32 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/24 05:07:31 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/24 05:07:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/24 05:07:29 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/24 05:07:28 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/24 05:07:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/24 04:57:17 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/24 04:43:44 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/04/24 04:36:12 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/04/24 04:36:11 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/04/24 04:36:09 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/04/24 04:36:08 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/04/24 04:36:06 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/04/24 04:36:04 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/04/24 04:36:02 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/04/24 04:35:59 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/04/24 04:35:54 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/04/24 04:35:48 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/04/24 04:35:43 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/04/24 04:35:39 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/04/24 04:35:37 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/04/24 04:35:33 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/04/24 04:35:30 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/04/24 04:35:26 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/04/24 04:35:19 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/04/24 04:35:12 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/04/24 04:35:10 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/04/24 04:35:04 | 012,240,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/24 04:34:58 | 002,644,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/24 04:34:56 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/04/24 04:34:54 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/04/24 04:34:51 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/04/24 04:34:48 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/04/24 04:34:46 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/04/24 04:34:44 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/04/24 04:34:41 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/04/24 04:34:36 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/04/24 04:34:31 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/04/24 04:34:25 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/04/24 04:34:18 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/04/24 04:34:14 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/04/24 04:34:10 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/04/24 04:34:04 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/04/24 04:33:58 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/04/24 04:33:54 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/04/24 04:33:49 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/04/24 04:33:43 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/04/24 04:33:40 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/04/24 04:33:40 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/04/24 04:33:39 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/04/24 04:33:39 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/04/24 04:33:39 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/04/24 04:33:38 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/04/24 04:33:38 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/04/24 04:33:37 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/04/24 04:33:37 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/04/24 04:33:37 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/04/24 04:33:36 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/04/24 04:33:36 | 002,655,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/04/24 04:33:36 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/04/24 04:33:35 | 003,464,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/04/24 04:33:35 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/04/24 04:33:35 | 001,523,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/04/24 04:33:34 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/04/24 04:33:34 | 002,597,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/04/24 04:33:34 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/04/24 04:33:34 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/04/24 04:33:33 | 004,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/04/24 04:33:33 | 002,241,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/04/24 04:33:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/04/24 04:33:32 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/04/24 04:33:31 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/04/24 04:33:31 | 003,102,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/04/24 04:33:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/04/24 04:33:31 | 001,799,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/04/24 04:33:30 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/04/24 04:33:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/04/24 04:33:30 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/04/24 04:33:29 | 009,845,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/04/24 04:33:29 | 002,641,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/04/24 04:33:28 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/04/24 04:33:28 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/04/24 04:33:28 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/04/24 04:33:27 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/04/24 04:33:27 | 004,493,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/04/24 04:33:27 | 000,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/24 04:33:26 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/04/24 04:33:23 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/04/24 04:33:20 | 001,963,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/04/24 04:21:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2010/04/24 04:19:42 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\i8042prt.sys.mui
[2010/04/24 04:19:42 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\sermouse.sys.mui
[2010/04/24 04:19:42 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouclass.sys.mui
[2010/04/24 04:19:42 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
[2010/04/24 04:19:42 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\mouhid.sys.mui
[2010/04/24 04:19:42 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\kbdhid.sys.mui
[2010/04/24 04:19:40 | 000,371,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/24 04:19:40 | 000,313,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/24 04:19:40 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/04/24 04:19:39 | 000,944,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/24 04:19:39 | 000,905,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/24 04:19:39 | 000,620,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/24 04:19:39 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/24 04:19:39 | 000,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/24 04:19:38 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/04/24 04:19:38 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/04/24 04:19:37 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/04/24 04:19:37 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/04/24 04:19:37 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/04/24 04:19:37 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/04/24 04:19:36 | 000,115,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/04/24 04:19:36 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\prflbmsg.dll
[2010/04/24 04:19:35 | 000,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/04/24 04:19:35 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/04/24 04:19:34 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/04/24 04:19:34 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/04/24 04:16:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/24 04:16:31 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/24 04:16:29 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/24 04:16:29 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/24 04:16:29 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/24 04:16:28 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/24 04:15:38 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/24 04:15:38 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/24 04:14:54 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/24 04:14:08 | 000,213,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/04/24 04:14:08 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/04/24 04:14:08 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/04/24 04:11:47 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/04/24 04:11:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\LAPRXY.DLL
[2010/04/24 04:11:47 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asferror.dll
[2010/04/24 04:10:51 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/04/24 04:10:50 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/04/24 04:10:02 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010/04/24 04:10:02 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/04/24 04:10:02 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/04/24 04:10:01 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/04/24 04:10:01 | 000,351,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/04/24 04:10:01 | 000,186,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/04/24 04:10:00 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/04/24 04:08:48 | 000,425,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/24 04:08:47 | 000,712,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/24 04:08:47 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/24 04:06:44 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/04/24 04:06:44 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntprint.exe
[2010/04/24 04:06:43 | 001,984,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/04/24 04:06:43 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/04/24 04:06:43 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcmonitor.dll
[2010/04/24 04:06:40 | 008,138,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010/04/24 04:05:34 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/24 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/04/24 04:04:58 | 002,031,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/24 04:03:41 | 000,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/24 04:03:40 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/04/24 04:02:42 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/04/24 04:02:42 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/04/24 04:01:05 | 000,312,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/24 04:01:04 | 000,435,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/24 04:01:03 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/24 04:01:00 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/24 04:00:58 | 000,431,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/24 04:00:53 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/24 04:00:51 | 000,515,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/24 04:00:43 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/24 04:00:41 | 000,473,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/24 03:58:38 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/04/24 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/04/24 03:50:25 | 000,622,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/24 03:50:25 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/24 03:50:24 | 000,097,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/24 03:50:24 | 000,037,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/24 03:50:06 | 000,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/24 03:50:01 | 000,326,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/24 03:50:00 | 000,781,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/24 03:50:00 | 000,043,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/24 03:32:05 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/04/24 03:31:56 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/24 03:31:56 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/24 03:19:49 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/24 03:19:41 | 004,247,552 | ---- | M] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/24 03:19:39 | 001,686,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/24 03:18:23 | 000,996,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/24 03:18:23 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/24 03:16:51 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/04/24 03:16:23 | 001,645,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/24 03:16:01 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmi.dll
[2010/04/24 03:14:10 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/24 03:14:09 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/24 03:12:00 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/24 03:11:59 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/24 03:11:47 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/24 03:10:29 | 001,327,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/24 03:10:28 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/24 03:10:28 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/24 03:10:27 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/24 03:10:27 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/24 03:09:19 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/04/24 03:07:53 | 008,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/24 03:07:49 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/04/24 03:07:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/04/24 03:07:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/04/24 03:07:40 | 000,311,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/23 23:12:08 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/23 23:12:07 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/23 23:12:07 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/23 23:12:06 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/23 19:51:07 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/04/23 19:51:07 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/04/23 19:31:35 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/04/23 19:31:35 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/04/23 19:31:01 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/04/23 19:31:01 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/04/23 19:31:01 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/04/23 19:30:10 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/04/23 19:30:10 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/13 22:24:18 | 000,294,912 | ---- | M] () -- C:\WKCONV.RTF
[2010/04/13 21:04:09 | 000,001,356 | ---- | M] () -- C:\Users\MERINMANDANNA\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/05/05 19:46:43 | 2145,771,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/28 18:33:32 | 000,524,288 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TMContainer00000000000000000002.regtrans-ms
[2010/04/28 18:33:32 | 000,524,288 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TMContainer00000000000000000001.regtrans-ms
[2010/04/28 18:33:32 | 000,065,536 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{dcf2013e-52c2-11df-9549-a963cdb31dcf}.TM.blf
[2010/04/28 08:32:46 | 000,000,134 | ---- | C] () -- C:\Users\MERINMANDANNA\Desktop\Desktop\Network and Sharing Center - Shortcut.lnk
[2010/04/26 01:45:16 | 000,007,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010/04/26 00:44:32 | 000,524,288 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TMContainer00000000000000000002.regtrans-ms
[2010/04/26 00:44:32 | 000,524,288 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TMContainer00000000000000000001.regtrans-ms
[2010/04/26 00:44:32 | 000,065,536 | -HS- | C] () -- C:\Users\MERINMANDANNA\ntuser.dat{99b9e706-509e-11df-9be7-001a6bf7cafd}.TM.blf
[2010/04/26 00:11:31 | 000,053,340 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/26 00:11:31 | 000,053,340 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/24 09:51:47 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010/04/24 08:58:27 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/04/24 01:32:18 | 000,002,088 | ---- | C] () -- C:\Users\MERINMANDANNA\Desktop\Desktop\Google Chrome.lnk
[2010/04/24 01:27:30 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000UA.job
[2010/04/24 01:27:29 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000Core.job
[2010/04/13 22:24:17 | 000,294,912 | ---- | C] () -- C:\WKCONV.RTF
[2010/02/08 03:15:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/12/07 05:32:30 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/08 12:39:30 | 000,055,520 | ---- | C] () -- C:\Windows\System32\drivers\VBoxDrv.sys
[2008/07/13 00:04:10 | 000,001,305 | ---- | C] () -- C:\Windows\openhelp.ini
[2008/07/13 00:04:10 | 000,000,331 | ---- | C] () -- C:\Windows\WINHELP.INI
[2008/07/13 00:04:10 | 000,000,170 | ---- | C] () -- C:\Windows\TCW.INI
[2008/07/13 00:03:30 | 000,000,200 | ---- | C] () -- C:\Windows\OWL.INI
[2008/07/13 00:01:48 | 000,000,049 | ---- | C] () -- C:\Windows\workshop.ini
[2008/01/06 15:01:22 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2007/12/09 02:36:16 | 000,286,720 | ---- | C] () -- C:\Windows\System32\software2046.dll
[2007/12/09 02:35:12 | 000,610,304 | ---- | C] () -- C:\Windows\System32\dfxg115.dll
[2007/12/09 02:26:46 | 000,000,049 | ---- | C] () -- C:\Windows\VideoToAudioConverter.ini
[2007/02/28 02:13:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/20 17:30:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 11:31:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 11:31:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 15:55:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/07 17:36:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/04/04 02:00:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2005/01/24 17:47:58 | 000,552,960 | ---- | C] () -- C:\Windows\System32\dfxg15.dll
[2003/08/07 14:01:52 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2001/11/14 18:26:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1999/07/30 09:24:34 | 000,000,218 | ---- | C] () -- C:\Windows\oraodbc.ini
[1998/05/07 06:40:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
< End of report >



Extras.txt

OTL Extras logfile created on: 5/5/2010 7:55:30 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\MERINMANDANNA\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.74 Gb Total Space | 34.30 Gb Free Space | 15.19% Space Free | Partition Type: NTFS
Drive D: | 7.15 Gb Total Space | 2.69 Gb Free Space | 37.62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MERINMANDANN-PC
Current User Name: MERINMANDANNA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\MERINMANDANNA\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\MERIN\software\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\MERIN\software\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B54999-3AFD-401C-8D68-2CCA4ECD4805}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{19E331FF-F030-4536-B893-D910150841F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{2B61D97E-748B-45F5-9676-9CEF332CAAFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{45E65AA1-2038-4EB7-BEB6-E93EE17525C6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4F5528D2-57FB-42E6-BCE7-2CF14751B8E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A0050E6-5E5A-4C74-B30D-8D2BBA053DC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EAA0B9F-4F23-48E5-B01A-8160F6CC569B}" = rport=139 | protocol=6 | dir=out | app=system |
"{67F733EA-3A22-4DE1-A379-9D6C5B6A1E3D}" = rport=138 | protocol=17 | dir=out | app=system |
"{854DF510-7DC0-4B09-B372-5A387D1D70EF}" = lport=137 | protocol=17 | dir=in | app=system |
"{94613345-5C44-4041-8AC2-6005D203927E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9ACDE7E6-64A0-4203-B00B-DA29DA3358EC}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF0D249A-8B9B-4900-AD8D-8D9C9E77A1A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2343A84-FAD2-47B5-982C-62FC796A37DC}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{201E2690-6BDB-4BDA-8397-E1FFD887CD09}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{2AA788D2-44F5-4FC3-8EC3-5067B5FF1C7A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{41C4C0DE-098A-427E-A66B-EB1BCE7DD4C5}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{448FFE66-A379-4802-BF65-1E6A8F5BB542}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A4C0210-3389-4CE8-8D76-B088A10E3310}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{5DAA7134-2893-4411-892E-F0B6306A0F05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{5EB2327A-3BE0-4333-8A67-B97D77DA3AB7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70748C29-EAEF-4B3D-BEA0-E4BCB2D1ECFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{845E9A03-3F0E-4191-B9AD-CBBC8A53164F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{88B70170-9C21-4524-8565-AFD4EB98F483}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{97DAC4DC-36B7-4848-B2DE-D99854492893}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B70583E0-93EC-4AA1-84FF-6719423C5F96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BDBF164B-FB7A-445D-AF99-B8A5EF96852D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F091978A-2007-44BC-9791-9258088BFDB8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{87D71D7C-0C9A-4AF3-87E4-A805FCFAB465}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |
"TCP Query User{A547CFE4-22F3-4496-93D1-6B94D9C754F1}C:\oracle\ora92\apache\apache\apache.exe" = protocol=6 | dir=in | app=c:\oracle\ora92\apache\apache\apache.exe |
"TCP Query User{ABF87E95-C6F2-4006-9509-D02A99FF0003}C:\program files\popcap games\dynomite deluxe\dynomite.exe" = protocol=6 | dir=in | app=c:\program files\popcap games\dynomite deluxe\dynomite.exe |
"TCP Query User{BC99ED86-E194-4641-BBFA-543AD8471324}C:\users\merinmandanna\appdata\local\temp\orainstall2009-12-14_10-43-30pm\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\merinmandanna\appdata\local\temp\orainstall2009-12-14_10-43-30pm\jre\bin\javaw.exe |
"UDP Query User{1D15753E-1A69-4FB5-AA0B-B1ED401DF8E9}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |
"UDP Query User{30C16DAE-705F-4EB6-88A1-B2F134D3A229}C:\program files\popcap games\dynomite deluxe\dynomite.exe" = protocol=17 | dir=in | app=c:\program files\popcap games\dynomite deluxe\dynomite.exe |
"UDP Query User{8916C7A4-869A-41E7-83C9-8A11647ECEBC}C:\oracle\ora92\apache\apache\apache.exe" = protocol=17 | dir=in | app=c:\oracle\ora92\apache\apache\apache.exe |
"UDP Query User{E7ACE6B0-4DD6-48E7-B6CA-CB2DCCA3E8E3}C:\users\merinmandanna\appdata\local\temp\orainstall2009-12-14_10-43-30pm\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\merinmandanna\appdata\local\temp\orainstall2009-12-14_10-43-30pm\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0ABA40AF-288D-41F1-B735-C5155692CD7D}" = VeriSoft Access Manager
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{20140000-011A-0000-0000-0000000FF1CE}" = Microsoft Office Send-a-Smile
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AC22CBC-1E34-4942-BC27-890E5DD3F8BC}}_is1" = New Star GP 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.12
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6833995C-2FFD-4084-981A-001FF469146A}" = Microsoft Expression Encoder 2
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C4D233-4F03-4A5D-8EFE-C651D221146D}" = Serif Digital Scrapbook Artist Compact
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8D0F386A-ADEC-4536-8EEA-6DD203F95239}" = Mobile Music Polyphonic
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A9BEEB55-3E49-43BD-87E6-F1632C0E2BA6}" = Microsoft Expression Studio 2
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B61B6668-A674-4A06-8405-51944D5CCDDD}" = AuthenTec Fingerprint Sensor Minimum Install
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D283897D-A26B-489F-9163-0AB0778823AB}" = FotoMorph
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{da23cbf8-e992-4a92-ae92-cf0a5314bb55}" = DFX for Windows Media Player
"{E2EA0C33-43B3-48A4-87CA-2BDA2F8ABF68}" = Sun xVM VirtualBox
"{E59EE2CC-E029-4FA2-8BB6-409F74D4D8F7}" = FotoMix
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF3164C1-4AE9-43CB-AD7A-F1A9AD2DC065}" = HP User Guides 0060
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"7-PDF Maker_is1" = 7-PDF Maker Version 1.0.2
"AbiWord2" = AbiWord 2.4.6 (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.1
"Apophysis 2.0" = Apophysis 2.0
"Audio Extractor for FREE_is1" = Audio Extractor for FREE 2009 v2.6.1
"AVG8Uninstall" = AVG Free 8.5
"Beetle Ju" = Beetle Ju
"Bombardix" = Bombardix
"bonjovi_gohome_v3" = bonjovi_gohome_v3 Screen Saver
"Britannica Word Search" = Britannica Word Search
"CDisplay_is1" = CDisplay 1.8
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"Downhill PAKOON! 2.Many Unlimited 2009" = Downhill PAKOON! 2.Many Unlimited 2009
"Dynomite Deluxe 2.70y" = Dynomite Deluxe 2.70y
"ElectricSheep" = ElectricSheep 2.6.6
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"F1_Screensaver_08" = F1_Screensaver_08
"FunpicsMachine" = FunPics - Machine
"Guitar Pro 5_is1" = Guitar Pro 5.2
"GYM-O-FIZZ" = GYM-O-FIZZ
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.7.0 (Standard)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Moo0 AudioInEffect" = Moo0 AudioEffecter 1.09
"MP3 Remix Player" = MP3 Remix Player
"Mummy Maze Deluxe 1.1" = Mummy Maze Deluxe 1.1
"Noah's Ark Deluxe 1.1" = Noah's Ark Deluxe 1.1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Okdo Pdf to Ppt Converter_is1" = Okdo Pdf to Ppt Converter 3.5
"OpenAL" = OpenAL
"Plants vs. Zombies" = Plants vs. Zombies
"RealPlayer 6.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shopmania" = Shopmania
"Super TextTwist" = Super TextTwist
"SystemRequirementsLab" = System Requirements Lab
"the white chamber" = the white chamber 1.0
"Video to Audio Converter_is1" = Video to Audio Converter 1.12
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.4
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"World Leaders" = World Leaders
"XWeb" = Microsoft Expression Web 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-137818680-3777287045-3806286459-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2010 4:27:04 PM | Computer Name = MERINMANDANN-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6000.16386, time stamp
0x4549b091, faulting module btwapi.dll, version 6.0.1.3700, time stamp 0x45898c9d,
exception code 0xc0000005, fault offset 0x000485f1, process id 0x674, application
start time 0x01cacdc8fd7adba1.

Error - 4/2/2010 5:08:18 PM | Computer Name = MERINMANDANN-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6000.16386 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 674 Start Time: 01cacdc8fd7adba1 Termination Time: 16278

Error - 4/5/2010 10:33:37 AM | Computer Name = MERINMANDANN-PC | Source = Application Error | ID = 1000
Description = Faulting application POWERPNT.EXE, version 14.0.4535.1000, time stamp
0x4ae9d40b, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x000633fe, process id 0x1264, application
start time 0x01cad4c88636b380.

Error - 4/5/2010 2:25:55 PM | Computer Name = MERINMANDANN-PC | Source = Application Error | ID = 1000
Description = Faulting application POWERPNT.EXE, version 14.0.4535.1000, time stamp
0x4ae9d40b, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x000633fe, process id 0x1284, application
start time 0x01cad4ccfaaf9bb0.

Error - 4/5/2010 2:42:56 PM | Computer Name = MERINMANDANN-PC | Source = Application Error | ID = 1000
Description = Faulting application WINWORD.EXE, version 14.0.4536.1000, time stamp
0x4af1d344, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x00062086, process id 0x1334, application
start time 0x01cad4efbf777630.

Error - 4/8/2010 2:30:13 PM | Computer Name = MERINMANDANN-PC | Source = Microsoft Office 14 | ID = 2000
Description = Microsoft Word: Accepted Safe Mode action : Word failed to start correctly
last time. Starting Word in safe mode will help you correct or isolate a startup
problem in order to successfully start the program. Some functionality may be
disabled in this mode. Do you want to start Word in safe mode?.

Error - 4/13/2010 11:05:07 AM | Computer Name = MERINMANDANN-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/13/2010 11:12:02 AM | Computer Name = MERINMANDANN-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/13/2010 12:54:25 PM | Computer Name = MERINMANDANN-PC | Source = System Restore | ID = 8193
Description =

Error - 4/13/2010 12:54:30 PM | Computer Name = MERINMANDANN-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 4/29/2010 4:00:12 PM | Computer Name = MERINMANDANN-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2010 4:00:12 PM | Computer Name = MERINMANDANN-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/29/2010 6:56:21 PM | Computer Name = MERINMANDANN-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 4/29/2010 8:46:17 PM | Computer Name = MERINMANDANN-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.

Error - 5/2/2010 4:53:18 AM | Computer Name = MERINMANDANN-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 5/2/2010 4:53:18 AM | Computer Name = MERINMANDANN-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 5/5/2010 3:41:57 AM | Computer Name = MERINMANDANN-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/5/2010 3:42:48 AM | Computer Name = MERINMANDANN-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 5/5/2010 3:42:48 AM | Computer Name = MERINMANDANN-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/5/2010 4:46:57 AM | Computer Name = MERINMANDANN-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:15:19 PM on 5/5/2010 was unexpected.


< End of report >

Attached Files



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 08 May 2010 - 01:29 AM

To be honest, this messed up graphics problem sounds like hardware to me. This message from the Even Viewer also:
QUOTE
Error - 4/29/2010 6:56:21 PM | Computer Name = MERINMANDANN-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x5), Please contact your system vendor for technical assistance.


But of course we will make sure its not malware doing this smile.gif

Could you please try to run GMER with only the Sections option checked.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 05:29 AM

Tried once and had to restart!
I'll try again in a bit and post as soon as possible, thanks so much. smile.gif

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 08 May 2010 - 06:07 AM

Okay, let me know how it went smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 07:34 AM

I ran the scan with only the Sections option selected and at the end of the scan, I got a message that said
"Gmer hasn't found any system modification."

I tried running the scan with all options checked several times, but everytime it would stop right after this turned up
"AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.) "

And ofcourse, right after I closed the gmer program, my system restarted!

The initial scan which ran till the "WARNING!!!" message came up showed this :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-08 17:49:32
Windows 6.0.6000
Running: 8iij7tgm.exe; Driver: C:\Users\MERINM~1\AppData\Local\Temp\kxkcqkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmdfdxauuo.sys (*** hidden *** ) [SYSTEM] kbiwkmsbrmojds <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----



#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 08 May 2010 - 07:54 AM

Hi again, thats all I needed to see for now. This looks definitely rootkitty, so lets get started smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 10:08 AM

It ran completely, system rebooted and a log file popped up. But after that I couldn't run anything. I couldn't open anything and instead got a message that said something like "illegal operation on a register key that is stated to be deleted". So (in panic) , I deleted Combofix.exe and restarted. Now, I can access everything, but I'm not sure (at all) if what I did was right. sad.gif

Here's the log file though.

ComboFix 10-05-07.07 - MERINMANDANNA 05/08/2010 19:43:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.1188 [GMT 5.5:30]
Running from: c:\users\MERINMANDANNA\Desktop\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\merin\everything else\novels,comics\Books\Classics\readme.eml
c:\merin\everything else\novels,comics\Books\Douglas Adams\readme.eml
c:\merin\everything else\novels,comics\Books\Isaac Asimov\readme.eml
c:\merin\everything else\novels,comics\Books\John Grisham\readme.eml
c:\merin\everything else\novels,comics\Books\Miscellany\readme.eml
c:\merin\everything else\novels,comics\Books\Robert Heinlein\readme.eml
c:\merin\everything else\novels,comics\Books\Robert Jordan\readme.eml
c:\merin\everything else\novels,comics\Books\Stephen King\readme.eml
c:\merin\everything else\novels,comics\Books\Terry Pratchett\readme.eml
c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
c:\windows\system32\AbaleZip.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
c:\windows\system32\kbiwkmvggfiumi.dat
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KBIWKMSBRMOJDS
-------\Service_kbiwkmsbrmojds


((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-08 14:24 . 2010-05-08 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-08 14:00 . 2010-05-08 14:10 -------- d-----w- C:\32788R22FWJFW
2010-04-29 18:34 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-25 20:38 . 2010-04-25 20:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-25 20:14 . 2010-04-25 20:44 -------- d-----w- C:\NVIDIA
2010-04-25 19:29 . 2010-04-25 19:29 268800 ----a-w- c:\windows\system32\es.dll
2010-04-25 19:28 . 2010-04-25 19:28 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-04-25 19:28 . 2010-04-25 19:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-04-25 18:41 . 2010-04-28 14:45 -------- d-----w- c:\programdata\NVIDIA
2010-04-25 15:09 . 2010-04-25 15:09 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-24 04:27 . 2010-04-24 04:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-04-24 04:27 . 2010-04-24 04:27 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-04-24 04:27 . 2010-04-24 04:27 24064 ----a-w- c:\windows\system32\lpk.dll
2010-04-24 04:27 . 2010-04-24 04:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-04-24 04:27 . 2010-04-24 04:27 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-04-24 04:27 . 2010-04-24 04:27 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-04-24 04:25 . 2010-04-24 04:25 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-04-24 04:25 . 2010-04-24 04:25 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-04-24 04:25 . 2010-04-24 04:25 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-04-24 04:25 . 2010-04-24 04:25 272896 ----a-w- c:\windows\system32\polstore.dll
2010-04-24 04:16 . 2010-04-24 04:16 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-04-24 04:16 . 2010-04-24 04:16 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-04-24 04:07 . 2010-04-24 04:07 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-04-24 04:07 . 2010-04-24 04:07 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-04-24 04:07 . 2010-04-24 04:07 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-04-24 03:58 . 2010-04-24 03:58 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-04-24 03:58 . 2010-04-24 03:58 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-04-24 03:58 . 2010-04-24 03:58 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-04-24 03:52 . 2010-04-24 03:52 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-04-24 03:52 . 2010-04-24 03:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-04-24 03:52 . 2010-04-24 03:52 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-04-24 03:52 . 2010-04-24 03:52 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-04-24 03:52 . 2010-04-24 03:52 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-04-24 03:52 . 2010-04-24 03:52 15360 ----a-w- c:\windows\system32\netevent.dll
2010-04-24 03:52 . 2010-04-24 03:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-04-24 03:52 . 2010-04-24 03:52 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-04-24 03:52 . 2010-04-24 03:52 10240 ----a-w- c:\windows\system32\finger.exe
2010-04-24 03:38 . 2010-04-24 03:38 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-04-24 03:38 . 2010-04-24 03:38 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-04-24 03:38 . 2010-04-24 03:38 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-04-24 03:38 . 2010-04-24 03:38 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-04-24 03:38 . 2010-04-24 03:38 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-04-24 03:38 . 2010-04-24 03:38 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-04-24 03:38 . 2010-04-24 03:38 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-04-24 03:38 . 2010-04-24 03:38 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-04-24 03:38 . 2010-04-24 03:38 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-04-24 03:33 . 2010-04-24 03:33 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-04-24 03:33 . 2010-04-24 03:33 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-04-24 03:28 . 2010-04-24 03:28 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-24 03:28 . 2010-04-24 03:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-04-24 03:28 . 2010-04-24 03:28 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-24 03:28 . 2010-04-24 03:28 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-04-24 03:28 . 2010-04-24 03:28 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-04-24 03:28 . 2010-04-24 03:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-24 03:22 . 2010-04-24 03:22 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-04-24 03:22 . 2010-04-24 03:22 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-04-24 03:22 . 2010-04-24 03:22 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-04-24 03:22 . 2010-04-24 03:22 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-04-24 03:17 . 2010-04-24 03:17 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-24 03:17 . 2010-04-24 03:17 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-24 03:17 . 2010-04-24 03:17 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-24 03:17 . 2010-04-24 03:17 7680 ----a-w- c:\windows\system32\lsass.exe
2010-04-24 03:17 . 2010-04-24 03:17 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-24 03:17 . 2010-04-24 03:17 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-24 03:12 . 2010-04-24 03:12 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-24 03:12 . 2010-04-24 03:12 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-24 03:12 . 2010-04-24 03:12 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-24 03:07 . 2010-04-24 03:07 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-04-24 03:07 . 2010-04-24 03:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-04-24 03:02 . 2010-04-24 03:02 98816 ----a-w- c:\windows\system32\mfps.dll
2010-04-24 03:02 . 2010-04-24 03:02 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-04-24 03:02 . 2010-04-24 03:02 2855424 ----a-w- c:\windows\system32\mf.dll
2010-04-24 03:02 . 2010-04-24 03:02 2048 ----a-w- c:\windows\system32\mferror.dll
2010-04-24 03:02 . 2010-04-24 03:02 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-04-24 02:56 . 2010-04-24 02:56 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-24 02:56 . 2010-04-24 02:56 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-24 02:36 . 2010-04-24 02:36 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-04-24 02:31 . 2010-04-24 02:31 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-24 02:25 . 2010-04-24 02:25 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-04-24 02:21 . 2010-04-24 02:21 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-04-24 02:21 . 2010-04-24 02:21 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-04-24 02:17 . 2010-04-24 02:17 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-04-24 02:12 . 2010-04-24 02:12 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-04-24 02:12 . 2010-04-24 02:12 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-04-24 02:07 . 2010-04-24 02:07 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-24 01:56 . 2010-04-24 01:56 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-04-24 01:56 . 2010-04-24 01:56 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-04-24 01:56 . 2010-04-24 01:56 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-04-24 01:51 . 2010-04-24 01:51 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-04-24 01:41 . 2010-04-24 01:41 414208 ----a-w- c:\windows\system32\msscp.dll
2010-04-24 01:31 . 2010-04-24 01:31 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-04-24 01:26 . 2010-04-24 01:26 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-04-24 01:26 . 2010-04-24 01:26 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-04-24 01:26 . 2010-04-24 01:26 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-04-24 01:26 . 2010-04-24 01:26 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-04-24 01:26 . 2010-04-24 01:26 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-04-24 01:26 . 2010-04-24 01:26 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-04-24 00:57 . 2010-04-24 00:57 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-04-24 00:57 . 2010-04-24 00:57 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-04-24 00:57 . 2010-04-24 00:57 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-04-24 00:29 . 2010-04-24 00:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-24 00:16 . 2010-04-24 00:16 696832 ----a-w- c:\windows\system32\localspl.dll
2010-04-23 23:51 . 2010-04-23 23:51 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-04-23 23:51 . 2010-04-23 23:51 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-23 23:51 . 2010-04-23 23:51 15928 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-23 23:51 . 2010-04-23 23:51 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-04-23 23:51 . 2010-04-23 23:51 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-04-23 23:51 . 2010-04-23 23:51 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-04-23 23:27 . 2010-04-23 23:27 2923520 ----a-w- c:\windows\explorer.exe
2010-04-23 23:20 . 2010-04-23 23:20 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-23 23:13 . 2010-04-23 23:13 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-04-23 23:06 . 2010-04-23 23:06 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-04-23 23:06 . 2010-04-23 23:06 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-04-23 23:06 . 2010-04-23 23:06 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-04-23 23:06 . 2010-04-23 23:06 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-04-23 23:06 . 2010-04-23 23:06 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-04-23 23:06 . 2010-04-23 23:06 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-04-23 23:06 . 2010-04-23 23:06 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-04-23 23:04 . 2010-04-23 23:04 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-04-23 23:03 . 2010-04-23 23:03 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-04-23 22:51 . 2010-04-23 22:51 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2010-04-23 22:51 . 2010-04-23 22:51 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2010-04-23 22:51 . 2010-04-23 22:51 19456 ----a-w- c:\windows\system32\drivers\bthenum.sys
2010-04-23 22:51 . 2010-04-23 22:51 181760 ----a-w- c:\windows\system32\fsquirt.exe
2010-04-23 22:50 . 2010-04-23 22:50 1585664 ----a-w- c:\windows\system32\setupapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 14:28 . 2010-04-25 18:41 53340 ----a-w- c:\programdata\nvModes.dat
2010-05-08 14:25 . 2007-10-13 03:12 5780 ----a-w- c:\windows\bthservsdp.dat
2010-05-08 12:26 . 2007-12-23 02:36 8592 ----a-w- c:\users\MERINMANDANNA\AppData\Local\d3d9caps.dat
2010-05-06 04:50 . 2008-10-15 19:26 -------- d-----w- c:\users\MERINMANDANNA\AppData\Roaming\vlc
2010-05-05 07:45 . 2007-12-19 21:38 -------- d-----w- c:\users\MERINMANDANNA\AppData\Roaming\U3
2010-04-28 14:38 . 2007-12-06 19:12 13401 ----a-w- c:\users\MERINMANDANNA\AppData\Roaming\nvModes.dat
2010-04-24 04:46 . 2007-11-09 18:23 123232 ----a-w- c:\users\MERINMANDANNA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-24 04:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-24 04:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-24 04:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-24 04:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-23 23:37 . 2010-04-23 23:37 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-23 23:37 . 2010-04-23 23:37 832512 ----a-w- c:\windows\system32\wininet.dll
2010-04-23 23:37 . 2010-04-23 23:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-04-23 23:37 . 2010-04-23 23:37 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-04-23 23:37 . 2010-04-23 23:37 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-23 23:37 . 2010-04-23 23:37 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-04-23 23:04 . 2010-04-23 23:04 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-04-23 23:03 . 2010-04-23 23:03 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-04-23 22:49 . 2010-04-23 22:49 40960 ----a-w- c:\windows\system32\srclient.dll
2010-04-23 17:42 . 2008-11-30 05:32 -------- d-----w- c:\programdata\avg8
2010-04-23 17:42 . 2008-11-30 05:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-23 17:42 . 2008-11-30 05:32 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-23 17:42 . 2008-11-30 05:32 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 15:16 . 2010-03-16 15:16 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-03-16 15:16 . 2010-03-16 15:16 88168 ----a-w- c:\windows\system32\nvhotkey.dll
2010-03-16 15:16 . 2010-03-16 15:16 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-03-16 15:16 . 2010-03-16 15:16 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-03-16 15:16 . 2010-03-16 15:16 13684328 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 15:16 . 2010-03-16 15:16 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-16 15:16 . 2010-03-16 15:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-02-20 01:54 . 2008-01-05 20:36 12498 ----a-w- c:\users\MERINMANDANNA\AppData\Roaming\wklnhst.dat
2010-02-19 20:51 . 2010-02-19 20:51 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-19 20:51 . 2010-02-19 20:51 413696 ----a-w- c:\windows\system32\wrap_oal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 07:31 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-03 15:42 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-23 1232896]
"Google Update"="c:\users\MERINMANDANNA\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-23 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-04-24 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-13 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-08 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-23 2046816]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-26 83312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\MERINMANDANNA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-8-19 21504]
WordWeb.lnk - c:\merin\software\WordWeb\wweb32.exe [2008-11-24 42168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-25 4639136]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-04-23 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-23 108552]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-05-30 55520]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-05-30 42048]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2006-11-02 22016]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2010-04-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2010-04-23 297752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000Core.job
- c:\users\MERINMANDANNA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-23 19:57]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-137818680-3777287045-3806286459-1000UA.job
- c:\users\MERINMANDANNA\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-23 19:57]

2010-05-08 c:\windows\Tasks\User_Feed_Synchronization-{9A2116D2-B084-4409-A476-22DE5A962ED4}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\wpclsp.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo Messsenger - c:\users\MERINMANDANNA\AppData\Roaming\support\svchost.exe
HKCU-Run-Webaroo - c:\program files\Webaroo\WebarooClient.exe
AddRemove-AbiWord2 - c:\merin\digit\abiword\AbiSuite2\UninstallAbiWord2.exe
AddRemove-Downhill PAKOON! 2.Many Unlimited 2009 - c:\merin\digit\fun\games\pakoon\Uninst.isu
AddRemove-FunpicsMachine - c:\merin\digit\screensavers\FunPicsMachine\uninstall.exe
AddRemove-GYM-O-FIZZ - c:\merin\digit\stuff\DeIsL1.isu
AddRemove-MP3 Remix Player - c:\progra~1\MP3REM~1\WMP\UNWISE.EXE
AddRemove-Plants vs. Zombies - c:\program files\PopCap Games\Plants vs. Zombies\PopUninstall.exe
AddRemove-Super TextTwist - c:\merin\games\TEXTTW~1\UNWISE.EXE
AddRemove-the white chamber - c:\merin\digit\Fun\Games\white chamber\the white chamber\uninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2688)
c:\windows\system32\APSHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2010-05-08 20:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-08 14:39

Pre-Run: 36,576,174,080 bytes free
Post-Run: 36,838,379,520 bytes free

- - End Of File - - 298FE2815259DFD8D2572EE4C984543D


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 08 May 2010 - 10:23 AM

Hello again,

No need to worry about that problem; it sometimes happens and is usually fixed with a reboot.

Do you still have Norton 360 installed? I see a few leftovers. If you cannot uninstall it, I will give you a link to the Norton Uninstaller tool.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 01:43 PM

Yeah, I'll run the scan, meanwhile, the norton link is required! smile.gif

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,612 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:30 AM

Posted 08 May 2010 - 02:09 PM

Here you go thumbup2.gif

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 Merin

Merin
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 08 May 2010 - 05:51 PM

Here's the log smile.gif

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4079

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

5/9/2010 4:19:42 AM
mbam-log-2010-05-09 (04-19-42).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 408880
Time elapsed: 4 hour(s), 1 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\MERIN\software\7-PDF Maker\lib\App\OOo\URE\bin\unicows.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users