Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please check my log files


  • This topic is locked This topic is locked
50 replies to this topic

#1 Albear

Albear

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 08 May 2010 - 02:27 AM

Hi I've had nothing but trouble for 6 months on my laptops and PC. Including on my pc (new last sept) when I upgraded from vista to 7 a VPN adapter in network and security centre. And Mcafee not being able to configure. Mcafee connected to my machine remotley for 3 weeks every day and could not get it to work, eventually i was escalated to top tier and they ran combofix and told this picked up a rootkit, which he deleted but he told me my machine was corrupt and would need reinstalling (that's another story) however my laptop was having exactly the ssame issues and neither machine should be connected to any network or each other they are purely machines for home use.
This laptop which this topic is about had a new hard disc this week but I'm concerned it's starting to go again. Windows defender is showin me a program in its historywhich starts HKCU@ S-1-5-21 ........ which it says has potentially unwanted behaviour however when i go to permitted rograms there are none listed. The reason this worries me was that the root kit had a similar id S-1-5-21.... (if not the same) the root kit was showing as a user ID.
I have run Hijack this log and found similar S-1-5-21 entries . I don't know if this is an issue? Please find below a copy of the log. I also had an error message from hijack this saying it could not read the host file, to cure in vista right click and run as admin, when i right clicked I did not have this option.. I was in as admin and clicked ok for the eroor message and Hijack this continued. I ran a log for Hosts and paste this too (again I din't understand the result, the ip address is not the one my ISP uses, my isp is btinternet). I will also paste my start up list from hijack this.
Could someone advise me please if my system appears OK or not, thanks Alan
First log Hijack this
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:51:27, on 08/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B01EE843-A218-4694-852F-5863E14A0310}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C990AD-C182-489F-A753-A1E0039716E7}: NameServer = 192.168.1.254
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

--
End of file - 4910 bytes
Second log Host
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost
Third log start up
StartupList report, 08/05/2010, 07:31:22
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
Detected: Windows Vista SP2 (WinNT 6.00.1906)
Detected: Internet Explorer v8.00 (8.00.6001.18904)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Toshiba admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Toshiba Registration = C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
AVG9_TRAY = C:\PROGRA~1\AVG\AVG9\avgtray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\Windows\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\Windows\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG9\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll - {A3BC75A2-1F87-4686-AA43-5347D756017C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\Windows\system32\Adobe\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll
Protocol #11: C:\Windows\system32\mswsock.dll
Protocol #12: C:\Windows\system32\mswsock.dll
Protocol #13: C:\Windows\system32\mswsock.dll
Protocol #14: C:\Windows\system32\mswsock.dll
Protocol #15: C:\Windows\system32\mswsock.dll
Protocol #16: C:\Windows\system32\mswsock.dll
Protocol #17: C:\Windows\system32\mswsock.dll
Protocol #18: C:\Windows\system32\mswsock.dll
Protocol #19: C:\Windows\system32\mswsock.dll
Protocol #20: C:\Windows\system32\mswsock.dll
Protocol #21: C:\Windows\system32\mswsock.dll
Protocol #22: C:\Windows\system32\mswsock.dll
Protocol #23: C:\Windows\system32\mswsock.dll
Protocol #24: C:\Windows\system32\mswsock.dll
Protocol #25: C:\Windows\system32\mswsock.dll
Protocol #26: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\drivers\acpi.sys (system)
ADI UAA Function Driver for High Definition Audio Service: system32\drivers\ADIHdAud.sys (manual start)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (disabled)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (disabled)
adpu160m: \SystemRoot\system32\drivers\adpu160m.sys (disabled)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (disabled)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Ancilliary Function Driver for Winsock: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
aic78xx: \SystemRoot\system32\drivers\djsvs.sys (disabled)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\drivers\amdagp.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (disabled)
AMD K7 Processor Driver: \SystemRoot\system32\drivers\amdk7.sys (disabled)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (disabled)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
arc: \SystemRoot\system32\drivers\arc.sys (disabled)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (disabled)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
IDE Channel: system32\drivers\atapi.sys (system)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athr.sys (manual start)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
AVG Security Toolbar Service: C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe (manual start)
AVG Free E-mail Scanner: "C:\Program Files\AVG\AVG9\avgemc.exe" (autostart)
AVG Free WatchDog: "C:\Program Files\AVG\AVG9\avgwdsvc.exe" (autostart)
AVG Free AVI Loader Driver x86: System32\Drivers\avgldx86.sys (system)
AVG Free On-access Scanner Minifilter Driver x86: System32\Drivers\avgmfx86.sys (system)
AVG Free Network Redirector: System32\Drivers\avgtdix.sys (system)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bowser: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\brfiltlo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\brfiltup.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\system32\drivers\brserid.sys (disabled)
Brother WDM Serial driver: \SystemRoot\system32\drivers\brserwdm.sys (disabled)
Brother MFC USB Fax Only Modem: \SystemRoot\system32\drivers\brusbmdm.sys (disabled)
Brother MFC USB Serial WDM Driver: \SystemRoot\system32\drivers\brusbser.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (disabled)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ConfigFree Service: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (autostart)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (disabled)
Common Log (CLFS): System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: system32\drivers\crcdisk.sys (system)
Transmeta Crusoe Processor Driver: \SystemRoot\system32\drivers\crusoe.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
@%SystemRoot%\system32\dhcpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Disk Driver: system32\drivers\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel® PRO/1000 NDIS 6 Adapter Driver: system32\DRIVERS\E1G60I32.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
ReadyBoost Caching Driver: System32\drivers\ecache.sys (system)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
@%SystemRoot%\ehome\ehstart.dll,-101: %windir%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (disabled)
@%SystemRoot%\system32\emdmgmt.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (disabled)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
File Information FS MiniFilter: system32\drivers\fileinfo.sys (system)
FileTrace: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (disabled)
FltMgr: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
@gpapi.dll,-112: %windir%\system32\svchost.exe -k GPSvcGroup (autostart)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (disabled)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (disabled)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: \SystemRoot\system32\drivers\hidusb.sys (disabled)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
HpCISSs: \SystemRoot\system32\drivers\hpcisss.sys (disabled)
HTTP: system32\drivers\HTTP.sys (manual start)
i2omp: \SystemRoot\system32\drivers\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
ialm: system32\DRIVERS\igdkmd32.sys (manual start)
Intel RAID Controller Vista: \SystemRoot\system32\drivers\iastorv.sys (disabled)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
igfx: system32\DRIVERS\igdkmd32.sys (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (disabled)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
intelide: system32\drivers\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (manual start)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\ipmidrv.sys (disabled)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IR Bus Enumerator: system32\drivers\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: \SystemRoot\system32\drivers\isapnp.sys (disabled)
iScsiPort Driver: system32\DRIVERS\msiscsi.sys (manual start)
ITEATAPI_Service_Install: \SystemRoot\system32\drivers\iteatapi.sys (disabled)
ITERAID_Service_Install: \SystemRoot\system32\drivers\iteraid.sys (disabled)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (disabled)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
KR10I: \SystemRoot\system32\drivers\kr10i.sys (disabled)
KR10N: \SystemRoot\system32\drivers\kr10n.sys (disabled)
KSecDD: System32\Drivers\ksecdd.sys (system)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (disabled)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (disabled)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (disabled)
UAC File Virtualization: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (disabled)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Modem: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: \SystemRoot\system32\drivers\mouhid.sys (disabled)
Mount Point Manager: System32\drivers\mountmgr.sys (system)
Microsoft Multi-Path Bus Driver: \SystemRoot\system32\drivers\mpio.sys (disabled)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
Mraid35x: \SystemRoot\system32\drivers\mraid35x.sys (disabled)
WebDav Client Redirector Driver: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
SMB MiniRedirector Wrapper and Engine: system32\DRIVERS\mrxsmb.sys (manual start)
SMB 1.x MiniRedirector: system32\DRIVERS\mrxsmb10.sys (manual start)
SMB 2.0 MiniRedirector: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (disabled)
Microsoft Multi-Path Device Specific Module: \SystemRoot\system32\drivers\msdsm.sys (disabled)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
ISA/EISA Class Driver: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
ATK0100 ACPI UTILITY: system32\DRIVERS\ATKACPI.sys (manual start)
Mup: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
NDIS System Driver: system32\drivers\ndis.sys (system)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NETBT: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\netprof.dll,-246: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (disabled)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
NSI proxy service: system32\drivers\nsiproxy.sys (system)
N-trig HID Tablet Driver: \SystemRoot\system32\drivers\ntrigdigi.sys (disabled)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (disabled)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (disabled)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
NEC FireWarden OHCI Compliant IEEE 1394 Host Controller: \SystemRoot\system32\drivers\ohci1394.sys (disabled)
@%SystemRoot%\system32\p2psvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
Partition Manager: System32\drivers\partmgr.sys (system)
Parvdm: \SystemRoot\system32\drivers\parvdm.sys (autostart)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (disabled)
pcmcia: system32\DRIVERS\pcmcia.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\p2psvc.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (disabled)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
QLogic Fibre Channel Miniport Driver: \SystemRoot\system32\drivers\ql2300.sys (disabled)
QLogic iSCSI Miniport Driver: \SystemRoot\system32\drivers\ql40xx.sys (disabled)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
Redirected Buffering Sub Sysytem: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: \SystemRoot\system32\drivers\rdpdr.sys (disabled)
RDP Encoder Mirror Driver: system32\drivers\rdpencdd.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
rimmptsk: system32\DRIVERS\rimmptsk.sys (autostart)
rimsptsk: system32\DRIVERS\rimsptsk.sys (autostart)
Ricoh xD-Picture Card Driver: system32\DRIVERS\rixdptsk.sys (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek 10/100 NIC Family NDIS x86 Driver: system32\DRIVERS\Rtnicxp.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (system)
SBP-2 Transport/Protocol Bus Driver: \SystemRoot\system32\drivers\sbp2port.sys (disabled)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial Port Driver: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (disabled)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (disabled)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (disabled)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\drivers\sisagp.sys (manual start)
SiSRaid2: \SystemRoot\system32\drivers\sisraid2.sys (disabled)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (disabled)
@%SystemRoot%\system32\SLsvc.exe,-101: %SystemRoot%\system32\SLsvc.exe (autostart)
@%SystemRoot%\system32\SLUINotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (system)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
srv: System32\DRIVERS\srv.sys (manual start)
srv2: System32\DRIVERS\srv2.sys (manual start)
srvnet: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
Symc8xx: \SystemRoot\system32\drivers\symc8xx.sys (disabled)
Sym_hi: \SystemRoot\system32\drivers\sym_hi.sys (disabled)
Sym_u3: \SystemRoot\system32\drivers\sym_u3.sys (disabled)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\System32\shsvcs.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
TOSHIBA Navi Support Service: C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (autostart)
TOSHIBA tos_sps32 Service: system32\DRIVERS\tos_sps32.sys (system)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
Terminal Services Security Filter Driver: System32\DRIVERS\tssecsrv.sys (manual start)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Microsoft IPv6 Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
uliahci: \SystemRoot\system32\drivers\uliahci.sys (disabled)
UlSata: \SystemRoot\system32\drivers\ulsata.sys (disabled)
ulsata2: \SystemRoot\system32\drivers\ulsata2.sys (disabled)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Microsoft USB Generic Parent Driver: \SystemRoot\system32\drivers\usbccgp.sys (disabled)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (disabled)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (disabled)
Microsoft USB PRINTER Class: \SystemRoot\system32\drivers\usbprint.sys (disabled)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (disabled)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\drivers\viaagp.sys (manual start)
VIA C7 Processor Driver: \SystemRoot\system32\drivers\viac7.sys (disabled)
viaide: \SystemRoot\system32\drivers\viaide.sys (disabled)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
Dynamic Volume Manager: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (disabled)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (disabled)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Remote Access IPv6 ARP Driver: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: \SystemRoot\system32\drivers\wd.sys (disabled)
Kernel Mode Driver Frameworks service: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k wdisvc (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (autostart)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (disabled)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" (manual start)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Winsock IFS driver: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\System32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 45,606 bytes
Report generated in 0.172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


BC AdBot (Login to Remove)

 


#2 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 08 May 2010 - 05:39 AM

Hi, I'm posting this because I think I'm likely to lose connectivity soon. After the post this morning, several things have hapened.
Windows told me twice that AVG needed updating but when I checked I was up to date, i went direct to the site and updated from there and it was out of date and automatic protection had been removed.
Windows defender was off again , I had to restart it. I had a dialogue box from defender pop up telling me an unknwon program had inserted code I clicked on the dialogue for more info but it dissapeared and windows defender had no history of it.
I ran AVG antivirus and had a mass of locked files, it could not check and as i write this my hard disc is going 19 to the dozen and I only have this open!!
Find below the list of files that were reported as locked by avg. I suspect I will lose connectivity soon so I may be slow responding to any response from the forum

"E:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"E:\$RECYCLE.BIN\S-1-5-21-3459437647-1123751275-2026211232-1001\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18226_none_d11ef65c360a818d\dnary.xsd";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Temp\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\System.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Setup.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Security.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-MTPClassDriver%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WPD-ClassInstaller%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bluetooth-MTPEnum%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Media Center.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Key Management Service.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Internet Explorer.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\HardwareEvents.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\DFS Replication.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\winevt\Logs\Application.evtx";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wfp\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\WDI\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\MOF\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\FBD0E57ECE5A9402023443B148D93F98.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\DF2FB1F3C8DCD25B01FDE5A4697177CB.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\D5B60695D4528B9B368FC0C80DC5129F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\BA991ACFF19ADCEED9AFD4DD6559F22A.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\A851D3BCFCE697C24E7112D24AFBE9E3.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\9202D7C90F498A9BFE4E12205CBE26F1.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\902DBFF6F0C3BF7CE18405EF33C5B2C0.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\79CD84A83C85E4F4FEED13F704AFD1A6.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\68C49405800705A386C338BECA8D0719.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\63E48B1766A961491E55D10F8F08C0E7.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\422F2CA2C538F8B8C6D7F7D2B92DC785.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\3EFE5AEBC6F1152375E7674497F7043F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\39EF661167099C8B2F81F813871BA3BC.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\073C87A5E65451B9C103BE54832C90C3.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\Tasks\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\sysprep\Panther\setuperr.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\sysprep\Panther\setupact.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\sysprep\Panther\diagwrn.xml";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\sysprep\Panther\diagerr.xml";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\restore\MachineGuid.txt";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\networklist\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\Msdtc\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\LogFiles\WMI\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\ias\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\config\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\com\dmp\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\edb.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\NetworkService\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ServiceProfiles\LocalService\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\security\database\secedit.sdb";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Prefetch\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Panther\UnattendGC\setuperr.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Panther\UnattendGC\setupact.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Panther\UnattendGC\diagwrn.xml";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Panther\UnattendGC\diagerr.xml";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\ModemLogs\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Logs\SystemRestore\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Logs\DPX\setuperr.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Logs\DPX\setupact.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Logs\CBS\CBS.persist.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Logs\CBS\CBS.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\LiveKernelReports\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Windows\Installer\MSI3E64.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\PrintHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\ntuser.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\ntuser.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\NTUSER.DAT";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\NetHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Temp\CitrixLogs\GoToAssist\570\logA92A.tmp\GoToAssist_01.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Temp\CitrixLogs\GoToAssist\570\log4EDA.tmp\GoToAssist_01.log";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Windows\UsrClass.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Windows Defender\FileTracker\{A37D9E8A-FD34-4A38-BD8F-E895CDDD3DB9}";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{EC9E9D84-5A7C-11DF-B035-001A92AA0FAD}.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EC9E9D85-5A7C-11DF-B035-001A92AA0FAD}.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Toshiba admin\AppData\Local\History\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Public\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Mam and dad\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Recent\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\PrintHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\NetHood\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Videos\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Pictures\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\Documents\My Music\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Users\Default\AppData\Local\History\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\System Volume Information\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Templates\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report0c7f6a56\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Windows Defender\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\User Account Pictures\Mam and dad.dat";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Search\Data\Applications\Windows\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Network\Downloader\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_3e835e44-15e5-406b-824c-a90621f64ab8";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f7ffb329014babe6f7c23d8b0ad1b5b_3e835e44-15e5-406b-824c-a90621f64ab8";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Favorites\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Documents\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\Desktop\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\ProgramData\avg9\Temp\file9514.tmp";"Locked file. Not tested.";"Locked file. Not tested."
"C:\PerfLogs\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\pagefile.sys";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Documents and Settings\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Boot\BCD.LOG";"Locked file. Not tested.";"Locked file. Not tested."
"C:\Boot\BCD";"Locked file. Not tested.";"Locked file. Not tested."
"C:\$Recycle.Bin\S-1-5-21-3466375307-2083619736-3756238073-500\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\$Recycle.Bin\S-1-5-21-3459437647-1123751275-2026211232-1001\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\$Recycle.Bin\S-1-5-21-2990131453-228770994-3870583781-500\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\$Recycle.Bin\S-1-5-21-2715799477-2416202613-1272605550-500\";"Locked file. Not tested.";"Locked file. Not tested."
"C:\$Recycle.Bin\S-1-5-21-2152478756-3922319563-605102323-500\";"Locked file. Not tested.";"Locked file. Not tested."

#3 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 12 May 2010 - 04:39 PM

Hi bringing back to the top have had no response. I beleive I have the backdoor bn virus that has blighted my use of my machines now for 6 months

Moved to log from from AII. ~ OB

Edited by Orange Blossom, 13 May 2010 - 09:33 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 14 May 2010 - 06:14 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 17 May 2010 - 08:41 PM

Hello.

Are you still there? Do you still require help?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 7 days from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 05:59 AM

Hi yes just typed quite a bit and my explorer stoped working on me, I'll type in word and paste across later. Please be patient though because I have constant connectivity problems
Thanks

#7 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 09:28 AM

My problem is that my network is hijacked on both my machines and no one can see why?? When the laptop this topic is about was reinstalled, I tried to reinstall my printer wirelessly. I was told my printer and laptop were on different networks so could not install. My Dell PC which I had tried to install on the night before (windows 7 by cable) spat my installation disc out becasue it was incompatable with 7. As I took my disc out to go online to download, Windows started inataling drivers and automatically installed for me???? Even though this was a new installation. This week I lost my lan adapter on the Dell and I restored back, when I restored back in devices and printer I had an extra dvice in the form of a 'wireless optical desktop' and also a mass storage device controlling my other drives which are now shown as portable devices. I restored back again to my current position and windows started downloading drivers again, one was the wireless optical driver device this quickly changed its name to a usb device. I mention the Dell because I'm sure they are linked. Also I note that this seems now to be hidden in my wireless keyboard and my language has been changed to English US with English UK in the tree below this.
Logs attached

As I write this I cannot open the log to paste , it tells me I do not have appropriate permission???? I'm in as administartor and saved it on this logon. I will attach them in the event you vcan read them if not can you advice please?

Attached Files



#8 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 09:48 AM

Hopefully have been able to open, windows saved it as an unknown application
Log posted below


DDS (Ver_10-03-17.01) - NTFSx86
Run by Toshiba admin at 12:23:11.15 on 18/05/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2039.1142 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Greatis\RegRunSuite\watchdog.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Greatis\RegRunSuite\regrun2.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Toshiba admin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://news.bbc.co.uk/
mWinlogon: Shell=c:\windows\explorer.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun: [RegRun WinBait] c:\windows\winbait.exe
mRun: [@RegRunOnSecure] c:\progra~1\greatis\regrun~1\OnSecure.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {B01EE843-A218-4694-852F-5863E14A0310} = 192.168.1.254
TCP: {D0C990AD-C182-489F-A753-A1E0039716E7} = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SEH: ShellObj Class: {f552dde6-2090-4bf4-b924-6141e87789a5} - c:\progra~1\greatis\regrun~1\RRShell.dll

============= SERVICES / DRIVERS ===============

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-11 1153368]
R3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-5-13 24416]
S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-5-13 34952]
S2 BootlogService;BootlogService;c:\program files\greatis\regrunsuite\BootLogService.exe [2010-5-13 65248]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-7 21504]

=============== Created Last 30 ================

2010-05-18 11:16:39 0 ----a-w- c:\users\toshiba admin\defogger_reenable
2010-05-17 20:50:30 0 d-----w- c:\users\toshiba admin\DoctorWeb
2010-05-17 20:49:15 0 d-----w- c:\program files\DrWeb
2010-05-15 22:55:50 2 --shatr- c:\windows\winstart.bat
2010-05-14 22:43:39 0 d-----w- c:\windows\RestoreSafeDeleted
2010-05-13 22:01:36 0 d-----w- c:\users\toshiba admin\Office Genuine Advantage
2010-05-13 21:30:43 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2010-05-13 21:30:06 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-05-13 21:30:06 34952 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-05-13 21:16:07 57556 ----a-w- c:\windows\guard.bmp
2010-05-13 21:16:07 20192 ----a-w- c:\windows\WinBait.org
2010-05-13 21:16:07 20192 ----a-w- c:\windows\WinBait.exe
2010-05-13 21:16:07 1385184 ----a-w- c:\windows\RunGuard.exe
2010-05-13 20:39:16 65536 --sha-w- c:\users\toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TM.blf
2010-05-13 20:39:16 524288 --sha-w- c:\users\toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000002.regtrans-ms
2010-05-13 20:39:16 524288 --sha-w- c:\users\toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000001.regtrans-ms
2010-05-13 16:44:31 0 d-----w- c:\users\toshib~1\appdata\roaming\Regrun
2010-05-13 16:44:05 0 d-sh--r- C:\desktop.ini
2010-05-13 16:44:05 0 d-sh--r- C:\comment.htt
2010-05-13 16:44:05 0 d-sh--r- C:\autorun.inf
2010-05-13 16:39:36 0 d-----w- c:\program files\Greatis
2010-05-12 19:28:00 0 d-----w- c:\programdata\Sophos
2010-05-12 19:26:05 0 d-----w- C:\stdtsa
2010-05-12 19:04:59 0 d-----w- c:\program files\Enigma Software Group
2010-05-12 07:15:45 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-05-12 06:41:20 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 19:13:06 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-11 19:13:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-11 19:05:37 0 d-----w- c:\program files\Safer Networking
2010-05-11 09:29:28 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-10 20:50:35 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-05-10 20:50:29 118272 ----a-w- c:\windows\system32\HPZ3L692.del
2010-05-10 20:50:21 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-05-10 20:48:07 0 d-----w- c:\program files\HP
2010-05-10 20:46:40 0 d-----w- c:\programdata\HP
2010-05-10 19:31:15 0 d-----w- c:\programdata\Microsoft Help
2010-05-10 19:26:11 176506 ----a-w- c:\windows\Loft Management System Uninstaller.exe
2010-05-10 19:00:34 185267 ----a-w- c:\windows\Federation Secretaries System Uninstaller.exe
2010-05-10 19:00:33 0 d-----w- c:\program files\common files\borland
2010-05-10 19:00:30 0 d-----w- c:\program files\dBase
2010-05-10 19:00:25 0 d-----w- c:\program files\East Coast Software
2010-05-10 19:00:25 0 d-----w- c:\program files\common files\Thraex Software
2010-05-10 09:59:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-10 09:49:16 0 d-----w- c:\users\toshib~1\appdata\roaming\Malwarebytes
2010-05-10 09:49:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 09:49:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 09:49:00 0 d-----w- c:\programdata\Malwarebytes
2010-05-10 09:48:51 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 05:57:33 0 d-----w- c:\program files\Trend Micro
2010-05-08 05:05:09 0 d-----w- c:\users\toshib~1\appdata\roaming\Digital Support
2010-05-08 05:04:55 0 d-----w- c:\program files\Digital Support
2010-05-08 04:38:05 0 d-----w- c:\windows\system32\directx
2010-05-07 20:57:42 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-07 20:57:25 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-07 20:26:18 0 d-----w- c:\program files\Windows Portable Devices
2010-05-07 20:25:07 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-07 20:25:06 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-07 20:25:06 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-07 20:23:59 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-05-07 20:22:58 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-07 20:22:58 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-07 20:22:58 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-07 20:19:40 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-07 20:19:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-07 20:19:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-07 18:56:06 0 d-----w- c:\windows\system32\vi-VN
2010-05-07 18:56:06 0 d-----w- c:\windows\system32\eu-ES
2010-05-07 18:56:06 0 d-----w- c:\windows\system32\ca-ES
2010-05-07 17:26:23 0 d-----w- c:\windows\system32\EventProviders
2010-05-07 17:24:59 670720 ----a-w- c:\windows\system32\mssvp.dll
2010-05-07 17:23:59 60928 ----a-w- c:\windows\system32\SLUINotify.dll
2010-05-07 17:22:56 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-07 17:22:56 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-07 17:22:33 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-07 17:00:34 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-07 17:00:32 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-07 16:19:06 0 d-----w- C:\PerfLogs
2010-05-07 13:19:50 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-07 13:14:31 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-07 13:14:14 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-05-07 13:14:14 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-05-07 13:14:08 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-05-07 13:14:08 471552 ----a-w- c:\windows\system32\secproc.dll
2010-05-07 13:14:07 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-07 13:14:07 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-07 13:14:06 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-05-07 13:14:06 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-07 13:14:06 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-07 13:13:54 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-07 13:12:40 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-05-07 13:12:39 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-07 13:12:00 1820 ----a-w- c:\windows\system32\rasctrnm.h
2010-05-07 12:19:00 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-05-07 12:17:59 62976 ----a-w- c:\windows\system32\drivers\raspptp.sys
2010-05-07 12:16:59 71680 ----a-w- c:\windows\system32\cabinet.dll
2010-05-07 12:15:57 36864 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2010-05-07 12:14:49 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-05-07 12:14:49 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-05-07 12:14:42 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-05-07 12:14:41 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-05-07 12:14:21 258560 ----a-w- c:\windows\system32\dpx.dll
2010-05-07 12:14:20 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-05-07 12:14:20 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-05-07 11:28:37 0 d-----w- c:\program files\AVG
2010-05-07 11:28:35 0 d-----w- c:\programdata\avg9
2010-05-06 21:05:58 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-06 20:59:17 0 d-----w- c:\windows\system32\x64
2010-05-06 12:34:34 0 d-----w- c:\windows\system32\Adobe
2010-05-06 08:46:18 0 d-----w- c:\program files\MSECache
2010-05-06 06:11:54 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-06 06:11:51 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-06 06:11:08 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-05-06 00:41:45 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-06 00:41:44 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-06 00:41:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-06 00:41:44 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-06 00:41:44 23552 ----a-w- c:\windows\system32\lpk.dll
2010-05-06 00:41:44 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-06 00:40:12 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-05-06 00:40:11 272896 ----a-w- c:\windows\system32\polstore.dll
2010-05-06 00:38:44 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-06 00:38:44 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-06 00:35:17 17920 ----a-w- c:\windows\system32\netevent.dll
2010-05-06 00:35:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-06 00:35:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-06 00:35:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-06 00:35:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-05-06 00:35:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-05-06 00:35:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-05-06 00:35:16 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-05-06 00:35:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-06 00:31:58 12880 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-05-06 00:31:57 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-05-06 00:31:57 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-05-06 00:31:56 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-05-06 00:31:56 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-05-06 00:31:56 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-05-06 00:31:56 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-05-06 00:31:55 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-05-06 00:31:53 2334 ----a-w- c:\windows\system32\wbem\L2SecHC.mof
2010-05-06 00:31:51 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-05-06 00:30:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-05-06 00:30:17 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-05-06 00:30:16 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-05-06 00:30:15 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-05-06 00:28:39 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-06 00:28:38 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-06 00:28:38 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-06 00:28:38 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-06 00:28:38 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-06 00:28:38 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-06 00:28:36 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-06 00:27:06 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-06 00:27:06 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-06 00:27:06 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-06 00:25:33 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-06 00:25:33 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-06 00:25:32 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-06 00:25:32 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-06 00:25:32 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-06 00:23:54 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-06 00:23:53 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-06 00:18:13 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-06 00:09:45 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-06 00:08:16 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-06 00:08:16 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-06 00:08:16 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-05 23:55:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-05 23:54:26 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-05 23:49:23 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 23:47:37 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-05 23:38:54 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-05-05 23:35:33 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-05 23:35:33 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-05 23:33:10 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-05 23:33:09 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-05 23:33:09 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-05 23:33:08 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-05 23:33:07 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-05 23:33:05 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-05 23:28:41 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-05 23:27:44 37888 ----a-w- c:\windows\system32\printcom.dll
2010-05-05 23:26:46 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-05-05 23:24:33 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-05-05 23:23:12 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-05 23:23:12 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-05 23:23:12 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-05 23:23:08 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-05 23:23:07 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-05-05 23:23:07 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-05 22:56:00 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-05-05 22:56:00 26148864 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-05-05 22:56:00 131072 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-05-05 22:52:27 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-05 22:34:00 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-05-05 22:33:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-05 22:33:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-05 22:32:09 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-05 22:32:09 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-05 22:32:09 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-05 22:30:21 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-05 22:29:37 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-05 22:29:14 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-05 22:27:38 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-05 22:27:38 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-05-05 22:27:38 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-05-05 22:27:37 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-05 22:27:37 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-05 22:27:37 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-05 22:27:37 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-05-05 22:27:36 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-05 22:27:36 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-05-05 22:27:36 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-05 22:26:27 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-05 20:50:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-05 20:50:06 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-05 20:49:37 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-05 20:49:37 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-05 19:57:44 0 d-----w- c:\program files\Citrix
2010-05-05 19:56:29 103720 ----a-w- c:\users\toshiba admin\GoToAssistDownloadHelper.exe
2010-05-05 19:54:28 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-05 19:54:28 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-05-05 19:54:19 0 d-----w- c:\program files\Symantec
2010-05-05 19:53:35 0 d-----w- c:\windows\system32\drivers\N360
2010-05-05 15:16:10 0 d-----w- c:\programdata\PCSettings
2010-05-05 15:16:09 0 d-----w- c:\programdata\Norton
2010-05-05 15:15:14 0 d-----w- c:\programdata\NortonInstaller
2010-05-05 14:34:51 0 d-----w- c:\programdata\ToshibaEurope
2010-05-05 14:23:42 694784 ----a-w- c:\windows\system32\athr.sys
2010-05-05 14:23:42 63717 ----a-w- c:\windows\system32\netathr.inf
2010-05-05 14:23:42 27864 ----a-w- c:\windows\system32\athrext.cat
2010-05-05 14:23:42 0 d-----w- c:\program files\Atheros
2010-05-05 14:23:26 0 d-----w- c:\programdata\Atheros
2010-05-05 14:23:20 0 --sha-r- c:\windows\system32\drivers\TOSHIBA_Equium L40_05468-AV_PSL41E-00500.MRK

==================== Find3M ====================

2010-05-10 21:53:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-10 21:53:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-10 21:53:29 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-07 20:26:13 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-07 18:00:55 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-07 16:39:59 174 --sha-w- c:\program files\desktop.ini
2010-05-07 14:17:53 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-07 14:17:50 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-03-05 14:01:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:25:24.10 ===============


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 18 May 2010 - 03:38 PM

Hello.

I'm not sure if that network issues you mentioned is related to an infection.

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

If it's possible, can you get this scanner downloaded and ran...

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 04:03 PM

Hi EB, just some more info I will post as per your instructions on the last post shortly. I do not believe I have a 'traditional' virus. I may be wrong but having been struggling with this for 6 months I beleive that somewhere. somehow access is automatically being given to 'someone'. Then once they get access to my system they use legitimate microsoft tools to hijack it. I have services running that have no relevnce to my usage of this laptop or my Dell PC. I should have no file sharing of any sort I have TV services running , remote call procedure, remote registry and Atapi adapters are being automatically being installed and a terredo tunneling adapter, current ipconfig /all setting is as follows

Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Toshiba-laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet
NIC
Physical Address. . . . . . . . . : 00-1A-92-AA-0F-AD
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless :

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter

Physical Address. . . . . . . . . : 00-1B-9E-2A-E3-79
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{D0C990AD-C182-489F-A753-A1E003971
6E7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73ba:3838:26d6:3f57:fe9b(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::3838:26d6:3f57:fe9b%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{B01EE843-A218-4694-852F-5863E14A0
310}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Edited by Albear, 18 May 2010 - 04:07 PM.


#11 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 04:32 PM

OTL file is to big to be pasted in one go, will split in two and hopefully get it all in
Part 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Toshiba admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 29.03 Gb Free Space | 52.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.66 Gb Total Space | 54.57 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-LAPTOP
Current User Name: Toshiba admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/18 22:09:02 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba admin\Desktop\OTL.exe
PRC - [2010/03/24 17:31:58 | 001,122,528 | ---- | M] (Greatis Software) -- C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/01/27 01:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/05/18 22:09:02 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba admin\Desktop\OTL.exe
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AgereModemAudio)
SRV - [2010/03/24 17:32:10 | 000,065,248 | ---- | M] (Greatis Software ©) [Auto | Stopped] -- C:\Program Files\Greatis\RegRunSuite\BootLogService.exe -- (BootlogService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2010/05/18 18:25:23 | 000,034,952 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/05/18 18:16:38 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/04/27 20:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/13 15:20:00 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/09 19:13:00 | 000,324,096 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/12/14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 7D 71 80 E0 F2 CA 01 [binary data]
IE - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/05/17 22:09:20 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [@RegRunOnSecure] C:\Program Files\Greatis\RegRunSuite\OnSecure.exe (Greatis Software)
O4 - HKLM..\Run: [RegRun WinBait] C:\Windows\WinBait.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3459437647-1123751275-2026211232-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Windows\explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll (Greatis Software, LLC)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 17:44:05 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/13 17:44:05 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (ount) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2010/05/07 17:20:42 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/05/18 22:08:49 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Toshiba admin\Desktop\OTL.exe
[2010/05/18 16:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/18 16:21:29 | 007,249,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Toshiba admin\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/18 13:24:53 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\WinZip
[2010/05/18 13:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/05/18 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/18 13:13:04 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\CD95F661A5C444F5A6AAECDD91C240BD.TMP
[2010/05/17 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\DoctorWeb
[2010/05/17 21:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2010/05/17 21:39:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/14 23:43:39 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/05/13 23:01:36 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Office Genuine Advantage
[2010/05/13 22:30:43 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/05/13 22:30:06 | 000,037,600 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/05/13 22:30:06 | 000,034,952 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/05/13 22:16:07 | 001,385,184 | ---- | C] (Greatis Software) -- C:\Windows\RunGuard.exe
[2010/05/13 22:12:48 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Desktop\regrunplat
[2010/05/13 17:44:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Regrun
[2010/05/13 17:44:05 | 000,000,000 | RHSD | C] -- C:\desktop.ini
[2010/05/13 17:44:05 | 000,000,000 | RHSD | C] -- C:\comment.htt
[2010/05/13 17:44:05 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/05/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Documents\RegRun2
[2010/05/13 17:40:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/05/13 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis
[2010/05/12 20:56:47 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Sophos
[2010/05/12 20:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2010/05/12 20:26:05 | 000,000,000 | ---D | C] -- C:\stdtsa
[2010/05/12 20:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/05/12 09:48:03 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Desktop\Autoruns
[2010/05/12 08:15:45 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/05/11 20:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/05/11 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/11 10:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/05/10 21:50:35 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010/05/10 21:50:29 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\HPZ3L692.del
[2010/05/10 21:50:21 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p01a.dll
[2010/05/10 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/10 21:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010/05/10 20:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/10 20:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/10 20:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/10 20:31:20 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Microsoft Help
[2010/05/10 20:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/10 20:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/05/10 20:30:40 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/10 20:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\borland
[2010/05/10 20:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\dBase
[2010/05/10 20:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Thraex Software
[2010/05/10 20:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\East Coast Software
[2010/05/10 10:49:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Malwarebytes
[2010/05/10 10:49:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:49:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 10:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 10:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/08 06:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/08 06:05:09 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Digital Support
[2010/05/08 06:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Support
[2010/05/08 05:38:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/05/07 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/07 21:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/07 21:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/07 21:25:07 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/05/07 21:25:06 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/05/07 21:25:06 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/05/07 21:24:37 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/05/07 21:24:36 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/05/07 21:24:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/05/07 21:24:34 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/05/07 21:24:34 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/05/07 21:24:34 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/05/07 21:24:34 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/05/07 21:24:34 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/05/07 21:24:34 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/05/07 21:24:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/05/07 21:24:34 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/05/07 21:24:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/05/07 21:24:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/05/07 21:24:33 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/05/07 21:24:33 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/05/07 21:24:33 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/05/07 21:24:33 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/05/07 21:24:33 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/05/07 21:24:33 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/05/07 21:24:33 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/05/07 21:24:33 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/05/07 21:24:33 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/05/07 21:24:33 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/05/07 21:24:33 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/05/07 21:24:33 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/05/07 21:24:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/05/07 21:24:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/05/07 21:24:00 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/05/07 21:23:59 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/05/07 21:23:58 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/05/07 21:23:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/05/07 21:23:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/05/07 21:23:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/05/07 21:23:57 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/05/07 21:22:58 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/05/07 21:22:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/05/07 21:19:40 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/05/07 21:19:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/05/07 21:19:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/05/07 19:56:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/07 19:56:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/07 19:56:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/07 18:26:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/05/07 18:25:25 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/05/07 18:25:21 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/05/07 18:25:18 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/05/07 18:25:18 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/05/07 18:25:17 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/05/07 18:25:14 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/05/07 18:25:13 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/05/07 18:25:12 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/05/07 18:25:11 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/05/07 18:25:10 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/05/07 18:25:09 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/05/07 18:25:08 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/05/07 18:25:06 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/05/07 18:25:06 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/05/07 18:25:05 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/05/07 18:25:04 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2010/05/07 18:25:03 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/05/07 18:25:02 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/05/07 18:25:02 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/05/07 18:25:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/05/07 18:25:01 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/05/07 18:25:01 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/05/07 18:24:59 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/05/07 18:24:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2010/05/07 18:24:58 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/05/07 18:24:58 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/05/07 18:24:58 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/05/07 18:24:57 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/05/07 18:24:56 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/05/07 18:24:56 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/05/07 18:24:55 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/05/07 18:24:55 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/05/07 18:24:54 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/05/07 18:24:54 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/05/07 18:24:53 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/05/07 18:24:53 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/05/07 18:24:53 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/05/07 18:24:52 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/05/07 18:24:50 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/05/07 18:24:49 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/05/07 18:24:49 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/05/07 18:24:49 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/05/07 18:24:49 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/05/07 18:24:47 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/05/07 18:24:47 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/05/07 18:24:47 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/05/07 18:24:47 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/05/07 18:24:47 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/05/07 18:24:47 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/05/07 18:24:46 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/05/07 18:24:45 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/05/07 18:24:45 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/05/07 18:24:44 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/05/07 18:24:43 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/05/07 18:24:43 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/05/07 18:24:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/05/07 18:24:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/05/07 18:24:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/05/07 18:24:40 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/05/07 18:24:40 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2010/05/07 18:24:39 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/05/07 18:24:39 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/05/07 18:24:39 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/05/07 18:24:38 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/05/07 18:24:37 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2010/05/07 18:24:36 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/05/07 18:24:36 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/05/07 18:24:36 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2010/05/07 18:24:34 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/05/07 18:24:34 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/05/07 18:24:34 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/05/07 18:24:33 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/05/07 18:24:33 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/05/07 18:24:33 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/05/07 18:24:32 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/05/07 18:24:31 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2010/05/07 18:24:31 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/05/07 18:24:31 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/05/07 18:24:30 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/05/07 18:24:30 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/05/07 18:24:30 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/05/07 18:24:30 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/05/07 18:24:30 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/05/07 18:24:29 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/05/07 18:24:29 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/05/07 18:24:29 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/05/07 18:24:28 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/05/07 18:24:28 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/05/07 18:24:28 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/05/07 18:24:27 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/05/07 18:24:27 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/05/07 18:24:27 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/05/07 18:24:27 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/05/07 18:24:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/05/07 18:24:25 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/05/07 18:24:25 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/05/07 18:24:25 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/05/07 18:24:25 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/05/07 18:24:25 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/05/07 18:24:23 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/05/07 18:24:23 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/05/07 18:24:22 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/05/07 18:24:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/05/07 18:24:21 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/05/07 18:24:21 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/05/07 18:24:20 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/05/07 18:24:20 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/05/07 18:24:20 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/05/07 18:24:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/05/07 18:24:20 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/05/07 18:24:19 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/05/07 18:24:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/05/07 18:24:18 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/05/07 18:24:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/05/07 18:24:18 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/05/07 18:24:16 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/05/07 18:24:15 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/05/07 18:24:15 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/05/07 18:24:15 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/05/07 18:24:15 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/05/07 18:24:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/05/07 18:24:15 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/05/07 18:24:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/05/07 18:24:15 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/05/07 18:24:14 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/05/07 18:24:13 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/05/07 18:24:13 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/05/07 18:24:12 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/05/07 18:24:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/05/07 18:24:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/05/07 18:24:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/05/07 18:24:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/05/07 18:24:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/05/07 18:24:10 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/05/07 18:24:10 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/05/07 18:24:09 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/05/07 18:24:09 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/05/07 18:24:09 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/05/07 18:24:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/05/07 18:24:08 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/05/07 18:24:08 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/05/07 18:24:08 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/05/07 18:24:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/05/07 18:24:08 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/05/07 18:24:07 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/05/07 18:24:07 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/05/07 18:24:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/05/07 18:24:07 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/05/07 18:24:07 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/05/07 18:24:07 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/05/07 18:24:06 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/05/07 18:24:06 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/05/07 18:24:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/05/07 18:24:06 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/05/07 18:24:06 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/05/07 18:24:05 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/05/07 18:24:05 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/05/07 18:24:05 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/05/07 18:24:05 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/05/07 18:24:05 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/05/07 18:24:04 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/05/07 18:24:04 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/05/07 18:24:03 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/05/07 18:24:03 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/05/07 18:24:03 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/05/07 18:24:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/05/07 18:24:03 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/05/07 18:24:02 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/05/07 18:24:02 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/05/07 18:24:02 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/05/07 18:24:02 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/05/07 18:24:02 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/05/07 18:24:02 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/05/07 18:24:02 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/05/07 18:24:02 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/05/07 18:24:01 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/05/07 18:24:01 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/05/07 18:24:01 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/05/07 18:24:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/05/07 18:24:00 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/05/07 18:23:59 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/05/07 18:23:59 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/05/07 18:23:58 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/05/07 18:23:58 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/05/07 18:23:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/05/07 18:23:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/05/07 18:23:58 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/05/07 18:23:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/05/07 18:23:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/05/07 18:23:58 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/05/07 18:23:58 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/05/07 18:23:58 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/05/07 18:23:57 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/05/07 18:23:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/05/07 18:23:57 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/05/07 18:23:57 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/05/07 18:23:56 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/05/07 18:23:56 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/05/07 18:23:56 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/05/07 18:23:56 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/05/07 18:23:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/05/07 18:23:56 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/05/07 18:23:56 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/05/07 18:23:56 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/05/07 18:23:56 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/05/07 18:23:55 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/05/07 18:23:55 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/05/07 18:23:55 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/05/07 18:23:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/05/07 18:23:54 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/05/07 18:23:54 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/05/07 18:23:54 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/05/07 18:23:54 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/05/07 18:23:53 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010/05/07 18:23:53 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/05/07 18:23:53 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/05/07 18:23:53 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/05/07 18:23:53 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/05/07 18:23:53 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/05/07 18:23:53 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/05/07 18:23:53 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/05/07 18:23:53 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/05/07 18:23:53 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/05/07 18:23:53 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/05/07 18:23:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/05/07 18:23:52 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/05/07 18:23:52 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/05/07 18:23:52 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/05/07 18:23:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/05/07 18:23:52 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/05/07 18:23:52 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/05/07 18:23:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/05/07 18:23:52 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/05/07 18:23:51 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/05/07 18:23:51 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/05/07 18:23:51 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/05/07 18:23:51 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/05/07 18:23:51 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/05/07 18:23:51 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/05/07 18:23:51 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/05/07 18:23:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/05/07 18:23:51 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/05/07 18:23:51 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/05/07 18:23:51 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/05/07 18:23:51 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/05/07 18:23:50 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/05/07 18:23:50 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/05/07 18:23:50 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/05/07 18:23:50 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/05/07 18:23:50 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/05/07 18:23:50 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/05/07 18:23:49 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/05/07 18:23:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/05/07 18:23:49 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/05/07 18:23:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/05/07 18:23:49 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/05/07 18:23:48 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/05/07 18:23:48 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/05/07 18:23:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/05/07 18:23:47 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/05/07 18:23:47 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/05/07 18:23:47 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/05/07 18:23:47 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/05/07 18:23:47 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/05/07 18:23:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/05/07 18:23:47 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/05/07 18:23:47 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/05/07 18:23:47 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/05/07 18:23:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/05/07 18:23:46 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/05/07 18:23:46 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/05/07 18:23:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/05/07 18:23:45 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/05/07 18:23:45 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/05/07 18:23:45 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/05/07 18:23:44 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/05/07 18:23:44 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/05/07 18:23:44 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/05/07 18:23:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/05/07 18:23:44 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/05/07 18:23:43 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/05/07 18:23:43 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/05/07 18:23:43 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/05/07 18:23:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/05/07 18:23:43 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/05/07 18:23:43 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/05/07 18:23:43 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/05/07 18:23:43 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/05/07 18:23:43 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/05/07 18:23:43 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/05/07 18:23:43 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/05/07 18:23:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/05/07 18:23:42 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/05/07 18:23:42 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/05/07 18:23:42 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/05/07 18:23:42 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/05/07 18:23:42 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/05/07 18:23:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/05/07 18:23:42 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/05/07 18:23:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/05/07 18:23:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/05/07 18:23:41 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/05/07 18:23:41 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/05/07 18:23:41 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/05/07 18:23:41 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/05/07 18:23:41 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/05/07 18:23:41 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/05/07 18:23:41 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/05/07 18:23:41 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/05/07 18:23:41 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/05/07 18:23:41 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/05/07 18:23:41 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/05/07 18:23:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/05/07 18:23:40 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/05/07 18:23:40 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/05/07 18:23:40 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/05/07 18:23:40 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/05/07 18:23:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/05/07 18:23:40 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/05/07 18:23:40 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/05/07 18:23:40 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/05/07 18:23:40 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/05/07 18:23:40 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/05/07 18:23:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/05/07 18:23:40 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/05/07 18:23:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/05/07 18:23:39 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/05/07 18:23:39 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/05/07 18:23:39 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/05/07 18:23:39 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/05/07 18:23:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/05/07 18:23:39 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2010/05/07 18:23:39 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/05/07 18:23:39 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/05/07 18:23:39 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/05/07 18:23:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/05/07 18:23:38 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/05/07 18:23:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/05/07 18:23:38 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/05/07 18:23:38 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/05/07 18:23:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/05/07 18:23:37 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/05/07 18:23:37 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/05/07 18:23:37 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/05/07 18:23:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/05/07 18:23:36 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/05/07 18:23:36 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/05/07 18:23:36 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/05/07 18:23:36 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/05/07 18:23:36 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/05/07 18:23:36 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/05/07 18:23:36 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/05/07 18:23:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/05/07 18:23:36 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/05/07 18:23:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/05/07 18:23:36 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/05/07 18:23:36 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/05/07 18:23:36 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/05/07 18:23:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/05/07 18:23:36 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/05/07 18:23:36 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/05/07 18:23:35 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/05/07 18:23:35 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/05/07 18:23:35 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/05/07 18:23:35 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/05/07 18:23:35 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/05/07 18:23:35 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/05/07 18:23:35 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/05/07 18:23:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/05/07 18:23:35 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/05/07 18:23:35 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/05/07 18:23:35 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/05/07 18:23:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/05/07 18:23:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/05/07 18:23:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/05/07 18:23:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/05/07 18:23:34 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/05/07 18:23:34 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/05/07 18:23:34 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/05/07 18:23:34 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/05/07 18:23:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/05/07 18:23:34 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/05/07 18:23:34 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/05/07 18:23:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/05/07 18:23:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/05/07 18:23:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/05/07 18:23:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/05/07 18:23:34 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/05/07 18:23:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/05/07 18:23:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/05/07 18:23:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/05/07 18:23:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/05/07 18:23:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/05/07 18:23:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/05/07 18:23:34 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/05/07 18:23:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/05/07 18:23:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/05/07 18:23:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/05/07 18:23:34 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/05/07 18:23:34 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/05/07 18:23:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/05/07 18:23:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/05/07 18:23:34 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/05/07 18:23:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/05/07 18:23:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/05/07 18:23:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/05/07 18:23:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/05/07 18:23:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/05/07 18:23:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/05/07 18:23:33 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/05/07 18:23:33 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/05/07 18:23:33 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/05/07 18:23:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/05/07 18:23:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/05/07 18:23:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/05/07 18:23:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/05/07 18:23:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/05/07 18:23:33 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/05/07 18:23:33 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/05/07 18:23:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/05/07 18:23:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/05/07 18:23:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/05/07 18:23:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/05/07 18:23:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/05/07 18:23:32 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/05/07 18:23:06 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/05/07 18:22:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/05/07 18:22:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe


#12 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 04:35 PM

Part 2
[2010/05/07 18:22:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/05/07 17:19:06 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/05/07 14:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/07 14:14:31 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/05/07 14:14:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/05/07 14:14:14 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/05/07 14:14:08 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/05/07 14:14:08 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/05/07 14:14:07 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/05/07 14:14:07 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/05/07 14:14:06 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/05/07 14:14:06 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/05/07 14:14:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/05/07 14:13:54 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/05/07 14:12:40 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/05/07 14:12:39 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/05/07 14:00:29 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\WindowsUpdate
[2010/05/07 13:51:09 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/05/07 13:51:08 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/05/07 13:51:02 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/05/07 13:51:02 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/05/07 13:51:02 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/05/07 13:51:02 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/05/07 13:51:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/05/07 13:51:01 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/05/07 13:51:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/05/07 13:51:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/05/07 13:51:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/05/07 13:51:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/05/07 13:51:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/05/07 13:51:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/05/07 13:51:01 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/05/07 13:51:01 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/05/07 13:51:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/05/07 13:19:00 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2010/05/07 13:18:54 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/05/07 13:18:45 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2010/05/07 13:18:42 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2010/05/07 13:18:41 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2010/05/07 13:18:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2010/05/07 13:18:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2010/05/07 13:18:37 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2010/05/07 13:18:35 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2010/05/07 13:18:31 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2010/05/07 13:18:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/05/07 13:18:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2010/05/07 13:18:28 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2010/05/07 13:18:27 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2010/05/07 13:18:25 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/05/07 13:18:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2010/05/07 13:18:21 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2010/05/07 13:18:21 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2010/05/07 13:18:21 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2010/05/07 13:18:21 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/05/07 13:18:21 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2010/05/07 13:18:21 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2010/05/07 13:18:19 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/05/07 13:18:18 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010/05/07 13:18:17 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2010/05/07 13:18:16 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
[2010/05/07 13:18:14 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2010/05/07 13:18:13 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2010/05/07 13:18:08 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2010/05/07 13:18:08 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2010/05/07 13:18:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/05/07 13:18:08 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2010/05/07 13:18:05 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2010/05/07 13:18:04 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2010/05/07 13:18:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/05/07 13:18:02 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2010/05/07 13:18:02 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2010/05/07 13:18:02 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/05/07 13:18:01 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2010/05/07 13:18:00 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2010/05/07 13:18:00 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2010/05/07 13:17:59 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2010/05/07 13:17:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2010/05/07 13:17:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2010/05/07 13:17:58 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2010/05/07 13:17:57 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2010/05/07 13:17:57 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/05/07 13:17:56 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010/05/07 13:17:56 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2010/05/07 13:17:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010/05/07 13:17:55 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2010/05/07 13:17:55 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2010/05/07 13:17:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2010/05/07 13:17:54 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2010/05/07 13:17:53 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2010/05/07 13:17:53 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2010/05/07 13:17:52 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2010/05/07 13:17:51 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/05/07 13:17:50 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2010/05/07 13:17:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2010/05/07 13:17:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2010/05/07 13:17:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010/05/07 13:17:47 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2010/05/07 13:17:45 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2010/05/07 13:17:45 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2010/05/07 13:17:45 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2010/05/07 13:17:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2010/05/07 13:17:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2010/05/07 13:17:44 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/05/07 13:17:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2010/05/07 13:17:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2010/05/07 13:17:43 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/05/07 13:17:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010/05/07 13:17:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2010/05/07 13:17:42 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2010/05/07 13:17:42 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2010/05/07 13:17:42 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2010/05/07 13:17:42 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2010/05/07 13:17:42 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2010/05/07 13:17:41 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2010/05/07 13:17:41 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2010/05/07 13:17:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2010/05/07 13:17:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2010/05/07 13:17:41 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2010/05/07 13:17:40 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2010/05/07 13:17:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2010/05/07 13:17:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2010/05/07 13:17:39 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2010/05/07 13:17:39 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2010/05/07 13:17:39 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2010/05/07 13:17:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/05/07 13:17:38 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2010/05/07 13:17:38 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010/05/07 13:17:38 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2010/05/07 13:17:37 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2010/05/07 13:17:37 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2010/05/07 13:17:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2010/05/07 13:17:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/05/07 13:17:36 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2010/05/07 13:17:35 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/05/07 13:17:35 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2010/05/07 13:17:34 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2010/05/07 13:17:33 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2010/05/07 13:17:32 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2010/05/07 13:17:32 | 000,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2010/05/07 13:17:32 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/05/07 13:17:31 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2010/05/07 13:17:31 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2010/05/07 13:17:31 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2010/05/07 13:17:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2010/05/07 13:17:31 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2010/05/07 13:17:31 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2010/05/07 13:17:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2010/05/07 13:17:30 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2010/05/07 13:17:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2010/05/07 13:17:28 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2010/05/07 13:17:28 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2010/05/07 13:17:27 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2010/05/07 13:17:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2010/05/07 13:17:26 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2010/05/07 13:17:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2010/05/07 13:17:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/05/07 13:17:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/05/07 13:17:25 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2010/05/07 13:17:24 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010/05/07 13:17:24 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2010/05/07 13:17:24 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2010/05/07 13:17:24 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2010/05/07 13:17:24 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/05/07 13:17:24 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2010/05/07 13:17:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2010/05/07 13:17:23 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2010/05/07 13:17:23 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2010/05/07 13:17:22 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2010/05/07 13:17:22 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2010/05/07 13:17:22 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2010/05/07 13:17:22 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2010/05/07 13:17:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2010/05/07 13:17:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
[2010/05/07 13:17:21 | 000,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010/05/07 13:17:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2010/05/07 13:17:20 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2010/05/07 13:17:19 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2010/05/07 13:17:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2010/05/07 13:17:19 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2010/05/07 13:17:18 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2010/05/07 13:17:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2010/05/07 13:17:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2010/05/07 13:17:14 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2010/05/07 13:17:14 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2010/05/07 13:17:14 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2010/05/07 13:17:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2010/05/07 13:17:14 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2010/05/07 13:17:14 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
[2010/05/07 13:17:13 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2010/05/07 13:17:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010/05/07 13:17:13 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2010/05/07 13:17:12 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2010/05/07 13:17:12 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2010/05/07 13:17:12 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2010/05/07 13:17:11 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2010/05/07 13:17:11 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2010/05/07 13:17:11 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2010/05/07 13:17:10 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
[2010/05/07 13:17:10 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2010/05/07 13:17:09 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2010/05/07 13:17:09 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2010/05/07 13:17:09 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2010/05/07 13:17:09 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2010/05/07 13:17:09 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2010/05/07 13:17:09 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2010/05/07 13:17:08 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2010/05/07 13:17:08 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2010/05/07 13:17:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2010/05/07 13:17:07 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2010/05/07 13:17:06 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2010/05/07 13:17:06 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2010/05/07 13:17:06 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2010/05/07 13:17:06 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2010/05/07 13:17:05 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2010/05/07 13:17:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2010/05/07 13:17:04 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010/05/07 13:17:04 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2010/05/07 13:17:04 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2010/05/07 13:17:04 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2010/05/07 13:17:03 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2010/05/07 13:17:03 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2010/05/07 13:17:03 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2010/05/07 13:17:03 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2010/05/07 13:17:02 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2010/05/07 13:17:02 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2010/05/07 13:17:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2010/05/07 13:17:02 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2010/05/07 13:17:01 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2010/05/07 13:17:01 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2010/05/07 13:17:01 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010/05/07 13:17:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2010/05/07 13:17:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2010/05/07 13:17:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2010/05/07 13:17:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/05/07 13:17:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/05/07 13:17:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010/05/07 13:16:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2010/05/07 13:16:58 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2010/05/07 13:16:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2010/05/07 13:16:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/05/07 13:16:57 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2010/05/07 13:16:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2010/05/07 13:16:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2010/05/07 13:16:56 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2010/05/07 13:16:56 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2010/05/07 13:16:55 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2010/05/07 13:16:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2010/05/07 13:16:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2010/05/07 13:16:53 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2010/05/07 13:16:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2010/05/07 13:16:52 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2010/05/07 13:16:51 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010/05/07 13:16:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2010/05/07 13:16:51 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2010/05/07 13:16:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2010/05/07 13:16:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2010/05/07 13:16:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/05/07 13:16:51 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2010/05/07 13:16:50 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2010/05/07 13:16:50 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2010/05/07 13:16:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2010/05/07 13:16:49 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2010/05/07 13:16:49 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2010/05/07 13:16:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2010/05/07 13:16:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2010/05/07 13:16:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2010/05/07 13:16:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2010/05/07 13:16:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/05/07 13:16:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2010/05/07 13:16:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2010/05/07 13:16:48 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010/05/07 13:16:48 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2010/05/07 13:16:48 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2010/05/07 13:16:47 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2010/05/07 13:16:47 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2010/05/07 13:16:47 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2010/05/07 13:16:47 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2010/05/07 13:16:47 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2010/05/07 13:16:47 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2010/05/07 13:16:46 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2010/05/07 13:16:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2010/05/07 13:16:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2010/05/07 13:16:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2010/05/07 13:16:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2010/05/07 13:16:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
[2010/05/07 13:16:45 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2010/05/07 13:16:45 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2010/05/07 13:16:45 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2010/05/07 13:16:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2010/05/07 13:16:45 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2010/05/07 13:16:44 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/05/07 13:16:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2010/05/07 13:16:44 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2010/05/07 13:16:43 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2010/05/07 13:16:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2010/05/07 13:16:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2010/05/07 13:16:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/05/07 13:16:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2010/05/07 13:16:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2010/05/07 13:16:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2010/05/07 13:16:42 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010/05/07 13:16:42 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2010/05/07 13:16:42 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2010/05/07 13:16:42 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2010/05/07 13:16:41 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2010/05/07 13:16:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2010/05/07 13:16:41 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2010/05/07 13:16:41 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2010/05/07 13:16:41 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2010/05/07 13:16:41 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2010/05/07 13:16:40 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2010/05/07 13:16:40 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2010/05/07 13:16:40 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2010/05/07 13:16:40 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010/05/07 13:16:39 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2010/05/07 13:16:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2010/05/07 13:16:39 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2010/05/07 13:16:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2010/05/07 13:16:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2010/05/07 13:16:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2010/05/07 13:16:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2010/05/07 13:16:38 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2010/05/07 13:16:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010/05/07 13:16:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2010/05/07 13:16:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
[2010/05/07 13:16:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2010/05/07 13:16:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2010/05/07 13:16:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2010/05/07 13:16:38 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2010/05/07 13:16:38 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/05/07 13:16:37 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2010/05/07 13:16:37 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2010/05/07 13:16:37 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2010/05/07 13:16:37 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2010/05/07 13:16:37 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2010/05/07 13:16:37 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2010/05/07 13:16:37 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2010/05/07 13:16:37 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2010/05/07 13:16:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2010/05/07 13:16:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2010/05/07 13:16:37 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2010/05/07 13:16:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2010/05/07 13:16:36 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2010/05/07 13:16:36 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2010/05/07 13:16:36 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/05/07 13:16:36 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2010/05/07 13:16:36 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2010/05/07 13:16:36 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2010/05/07 13:16:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2010/05/07 13:16:36 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2010/05/07 13:16:36 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/05/07 13:16:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2010/05/07 13:16:36 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/05/07 13:16:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2010/05/07 13:16:35 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2010/05/07 13:16:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2010/05/07 13:16:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2010/05/07 13:16:35 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2010/05/07 13:16:35 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2010/05/07 13:16:35 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/05/07 13:16:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2010/05/07 13:16:34 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2010/05/07 13:16:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2010/05/07 13:16:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2010/05/07 13:16:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2010/05/07 13:16:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2010/05/07 13:16:33 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2010/05/07 13:16:33 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2010/05/07 13:16:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2010/05/07 13:16:33 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2010/05/07 13:16:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2010/05/07 13:16:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2010/05/07 13:16:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2010/05/07 13:16:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
[2010/05/07 13:16:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2010/05/07 13:16:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2010/05/07 13:16:29 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2010/05/07 13:16:29 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2010/05/07 13:16:29 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2010/05/07 13:16:29 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2010/05/07 13:16:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2010/05/07 13:16:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2010/05/07 13:16:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2010/05/07 13:16:28 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2010/05/07 13:16:28 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2010/05/07 13:16:28 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2010/05/07 13:16:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2010/05/07 13:16:28 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2010/05/07 13:16:28 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2010/05/07 13:16:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2010/05/07 13:16:28 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2010/05/07 13:16:27 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2010/05/07 13:16:27 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2010/05/07 13:16:27 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2010/05/07 13:16:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2010/05/07 13:16:27 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2010/05/07 13:16:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/05/07 13:16:26 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2010/05/07 13:16:26 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2010/05/07 13:16:26 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2010/05/07 13:16:26 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2010/05/07 13:16:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2010/05/07 13:16:26 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2010/05/07 13:16:26 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/05/07 13:16:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2010/05/07 13:16:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2010/05/07 13:16:25 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2010/05/07 13:16:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2010/05/07 13:16:25 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2010/05/07 13:16:25 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2010/05/07 13:16:25 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2010/05/07 13:16:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2010/05/07 13:16:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2010/05/07 13:16:24 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2010/05/07 13:16:24 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2010/05/07 13:16:24 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2010/05/07 13:16:24 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2010/05/07 13:16:24 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2010/05/07 13:16:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2010/05/07 13:16:24 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2010/05/07 13:16:24 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2010/05/07 13:16:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2010/05/07 13:16:24 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2010/05/07 13:16:24 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2010/05/07 13:16:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2010/05/07 13:16:23 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2010/05/07 13:16:23 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2010/05/07 13:16:23 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2010/05/07 13:16:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2010/05/07 13:16:23 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2010/05/07 13:16:23 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2010/05/07 13:16:23 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2010/05/07 13:16:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2010/05/07 13:16:23 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2010/05/07 13:16:23 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2010/05/07 13:16:23 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2010/05/07 13:16:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2010/05/07 13:16:23 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2010/05/07 13:16:23 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2010/05/07 13:16:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2010/05/07 13:16:22 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2010/05/07 13:16:22 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010/05/07 13:16:22 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2010/05/07 13:16:21 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2010/05/07 13:16:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2010/05/07 13:16:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2010/05/07 13:16:21 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2010/05/07 13:16:21 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2010/05/07 13:16:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2010/05/07 13:16:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2010/05/07 13:16:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2010/05/07 13:16:20 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2010/05/07 13:16:20 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2010/05/07 13:16:20 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2010/05/07 13:16:20 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2010/05/07 13:16:20 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2010/05/07 13:16:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2010/05/07 13:16:19 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2010/05/07 13:16:19 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2010/05/07 13:16:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2010/05/07 13:16:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2010/05/07 13:16:19 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2010/05/07 13:16:19 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2010/05/07 13:16:19 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2010/05/07 13:16:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2010/05/07 13:16:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2010/05/07 13:16:18 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2010/05/07 13:16:18 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2010/05/07 13:16:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2010/05/07 13:16:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2010/05/07 13:16:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2010/05/07 13:16:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2010/05/07 13:16:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2010/05/07 13:16:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2010/05/07 13:16:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2010/05/07 13:16:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2010/05/07 13:16:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2010/05/07 13:16:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2010/05/07 13:16:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2010/05/07 13:16:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2010/05/07 13:16:17 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2010/05/07 13:16:17 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2010/05/07 13:16:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2010/05/07 13:16:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2010/05/07 13:16:17 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2010/05/07 13:16:17 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2010/05/07 13:16:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2010/05/07 13:16:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2010/05/07 13:16:17 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2010/05/07 13:16:17 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2010/05/07 13:16:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2010/05/07 13:16:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2010/05/07 13:16:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2010/05/07 13:16:17 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2010/05/07 13:16:17 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/05/07 13:16:17 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2010/05/07 13:16:17 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2010/05/07 13:16:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2010/05/07 13:16:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2010/05/07 13:16:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/05/07 13:16:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2010/05/07 13:16:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2010/05/07 13:16:16 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2010/05/07 13:16:16 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2010/05/07 13:16:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2010/05/07 13:16:16 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2010/05/07 13:16:16 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2010/05/07 13:16:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2010/05/07 13:16:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2010/05/07 13:16:16 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2010/05/07 13:16:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2010/05/07 13:16:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2010/05/07 13:16:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2010/05/07 13:16:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2010/05/07 13:16:15 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2010/05/07 13:16:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2010/05/07 13:16:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2010/05/07 13:16:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2010/05/07 13:16:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2010/05/07 13:16:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2010/05/07 13:16:14 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2010/05/07 13:16:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2010/05/07 13:16:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2010/05/07 13:16:14 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2010/05/07 13:16:14 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2010/05/07 13:16:14 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2010/05/07 13:16:14 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll
[2010/05/07 13:16:13 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2010/05/07 13:16:13 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2010/05/07 13:16:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2010/05/07 13:16:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2010/05/07 13:16:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2010/05/07 13:16:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2010/05/07 13:16:12 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2010/05/07 13:16:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010/05/07 13:16:11 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2010/05/07 13:16:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2010/05/07 13:16:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2010/05/07 13:16:11 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2010/05/07 13:16:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2010/05/07 13:16:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2010/05/07 13:16:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2010/05/07 13:16:11 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2010/05/07 13:16:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/05/07 13:16:11 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2010/05/07 13:16:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2010/05/07 13:16:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2010/05/07 13:16:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2010/05/07 13:16:10 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2010/05/07 13:16:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2010/05/07 13:16:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2010/05/07 13:16:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/05/07 13:16:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2010/05/07 13:16:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2010/05/07 13:16:08 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2010/05/07 13:16:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2010/05/07 13:16:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2010/05/07 13:16:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2010/05/07 13:16:06 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2010/05/07 13:16:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2010/05/07 13:16:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2010/05/07 13:16:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2010/05/07 13:16:05 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2010/05/07 13:16:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2010/05/07 13:16:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2010/05/07 13:16:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2010/05/07 13:16:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/05/07 13:16:01 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2010/05/07 13:16:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2010/05/07 13:16:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2010/05/07 13:16:00 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2010/05/07 13:15:57 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2010/05/07 13:15:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2010/05/07 13:15:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2010/05/07 13:15:56 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2010/05/07 13:15:56 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010/05/07 13:15:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2010/05/07 13:15:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2010/05/07 13:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2010/05/07 13:15:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2010/05/07 13:15:54 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2010/05/07 13:15:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2010/05/07 13:15:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2010/05/07 13:15:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2010/05/07 13:15:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2010/05/07 13:15:49 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010/05/07 13:15:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2010/05/07 13:15:48 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2010/05/07 13:15:48 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2010/05/07 13:15:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2010/05/07 13:15:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2010/05/07 13:15:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2010/05/07 13:14:49 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2010/05/07 13:14:42 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2010/05/07 13:14:41 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2010/05/07 13:14:21 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/05/07 13:14:20 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2010/05/07 13:14:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll
[2010/05/07 12:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/07 12:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/07 11:52:16 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Macromedia
[2010/05/06 23:49:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/05/06 23:49:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/05/06 23:49:44 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/05/06 23:49:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/05/06 23:49:43 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/05/06 23:49:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/05/06 23:49:43 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/05/06 23:49:43 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/05/06 23:49:42 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/05/06 23:49:42 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/05/06 23:49:42 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/05/06 23:49:41 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/05/06 23:49:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/05/06 23:49:40 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/05/06 23:49:40 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/05/06 23:49:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/05/06 23:49:31 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/05/06 23:49:29 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/05/06 23:49:27 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/05/06 23:49:27 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/05/06 23:49:26 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/05/06 23:49:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/05/06 23:49:26 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/05/06 23:49:26 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/05/06 23:49:26 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/05/06 21:59:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/05/06 13:34:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010/05/06 09:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2010/05/06 07:11:08 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/05/06 01:41:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/06 01:41:44 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/06 01:41:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/06 01:41:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/06 01:41:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/05/06 01:40:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/05/06 01:40:11 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/05/06 01:35:17 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/05/06 01:35:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/05/06 01:35:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/05/06 01:35:16 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/05/06 01:35:16 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/05/06 01:35:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/05/06 01:35:16 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/05/06 01:35:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/05/06 01:35:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/05/06 01:31:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/05/06 01:31:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/05/06 01:31:56 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/05/06 01:31:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/05/06 01:31:55 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/05/06 01:30:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/05/06 01:30:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/05/06 01:28:38 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/05/06 01:25:33 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/05/06 01:25:33 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/05/06 01:25:32 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/05/06 01:25:32 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/05/06 01:25:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/05/06 01:25:31 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/05/06 01:23:54 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/06 01:23:53 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/06 01:08:16 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/05/06 01:08:16 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/05/06 00:55:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/06 00:54:26 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/05/06 00:49:23 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/06 00:43:43 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/05/06 00:43:43 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/05/06 00:43:43 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/05/06 00:43:42 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/05/06 00:43:42 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/05/06 00:43:42 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/05/06 00:43:42 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/05/06 00:43:41 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/05/06 00:43:41 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/05/06 00:43:40 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/05/06 00:43:39 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/05/06 00:43:38 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/05/06 00:43:38 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/05/06 00:43:37 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/05/06 00:43:37 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/05/06 00:43:36 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/05/06 00:43:35 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/05/06 00:43:35 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/05/06 00:43:34 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/05/06 00:43:32 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/05/06 00:43:32 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/05/06 00:43:31 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/05/06 00:43:31 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/05/06 00:43:31 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/05/06 00:43:30 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/05/06 00:43:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/05/06 00:43:29 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/05/06 00:43:28 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/05/06 00:43:27 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/05/06 00:43:27 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/05/06 00:43:26 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/05/06 00:43:26 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/05/06 00:43:25 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/05/06 00:43:25 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/05/06 00:43:24 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/05/06 00:43:23 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/05/06 00:43:23 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/05/06 00:43:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/05/06 00:43:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/05/06 00:43:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/05/06 00:43:21 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/05/06 00:43:21 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/05/06 00:43:20 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/05/06 00:43:20 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/05/06 00:43:20 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/05/06 00:43:20 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/05/06 00:43:19 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/05/06 00:43:19 | 001,966,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/05/06 00:43:19 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/05/06 00:43:18 | 003,466,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/05/06 00:43:18 | 002,657,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/05/06 00:43:17 | 004,497,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/05/06 00:43:17 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/05/06 00:43:17 | 001,523,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/05/06 00:43:16 | 002,599,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/05/06 00:43:16 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/05/06 00:43:16 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/05/06 00:43:15 | 004,875,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/05/06 00:43:15 | 002,243,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/05/06 00:43:14 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/05/06 00:43:14 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/05/06 00:43:14 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/05/06 00:43:13 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/05/06 00:43:13 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/05/06 00:43:12 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/05/06 00:43:12 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/05/06 00:43:12 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/05/06 00:43:12 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/05/06 00:43:11 | 009,847,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/05/06 00:43:10 | 002,643,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/05/06 00:43:10 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/05/06 00:43:10 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/05/06 00:43:09 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/05/06 00:43:09 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/05/06 00:43:08 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/05/06 00:43:08 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/05/06 00:43:07 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/05/06 00:43:07 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/05/06 00:38:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/05/06 00:35:33 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/06 00:35:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/06 00:27:44 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/05/06 00:26:46 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/05/06 00:24:33 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/05/06 00:23:12 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/05/06 00:23:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/05/06 00:23:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/05/06 00:23:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/05/06 00:23:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/05/05 23:52:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/05/05 23:34:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/05/05 23:32:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/05 23:32:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/05 23:29:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/05/05 23:29:14 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/05/05 23:27:38 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/05 23:27:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/05 23:27:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/05 23:27:37 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/05 23:27:37 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/05 23:26:27 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/05/05 21:50:52 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/05 21:50:52 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/05 21:50:06 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/05 21:50:06 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/05 21:50:06 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/05 21:49:37 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/05 21:49:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/05 21:22:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0308000.029
[2010/05/05 21:01:58 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Documents\Symantec
[2010/05/05 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/05/05 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Citrix
[2010/05/05 20:56:17 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Deployment
[2010/05/05 20:54:28 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/05 20:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/05/05 20:53:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010/05/05 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Symantec
[2010/05/05 19:11:27 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\Documents\Updater5
[2010/05/05 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Apps
[2010/05/05 16:37:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/05/05 16:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/05/05 16:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/05/05 16:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/05/05 15:50:26 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Toshiba
[2010/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Adobe
[2010/05/05 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Adobe
[2010/05/05 15:49:49 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Searches
[2010/05/05 15:49:38 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Identities
[2010/05/05 15:49:36 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Contacts
[2010/05/05 15:47:35 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\VirtualStore
[2010/05/05 15:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\AppData\Local\Temporary Internet Files
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Templates
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Start Menu
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\SendTo
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Recent
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\PrintHood
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\NetHood
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Documents\My Videos
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Documents\My Pictures
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Documents\My Music
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\My Documents
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Local Settings
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\AppData\Local\History
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Cookies
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\Application Data
[2010/05/05 15:34:33 | 000,000,000 | -HSD | C] -- C:\Users\Toshiba admin\AppData\Local\Application Data
[2010/05/05 15:34:31 | 000,000,000 | --SD | C] -- C:\Users\Toshiba admin\AppData\Roaming\Microsoft
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Videos
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Saved Games
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Pictures
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Music
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Links
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Favorites
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Downloads
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Documents
[2010/05/05 15:34:31 | 000,000,000 | R--D | C] -- C:\Users\Toshiba admin\Desktop
[2010/05/05 15:34:31 | 000,000,000 | -H-D | C] -- C:\Users\Toshiba admin\AppData
[2010/05/05 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Temp
[2010/05/05 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Local\Microsoft
[2010/05/05 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Toshiba admin\AppData\Roaming\Media Center Programs
[2010/05/05 15:28:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/05/05 15:23:42 | 000,694,784 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2010/05/05 15:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/05/05 15:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/05/05 15:17:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Toshiba admin\*.tmp files -> C:\Users\Toshiba admin\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/18 22:16:21 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 22:16:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/18 22:12:39 | 004,980,736 | -HS- | M] () -- C:\Users\Toshiba admin\ntuser.dat
[2010/05/18 22:09:02 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Toshiba admin\Desktop\OTL.exe
[2010/05/18 18:26:27 | 000,716,194 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/18 18:26:27 | 000,622,952 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/18 18:26:27 | 000,108,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/18 18:25:23 | 000,034,952 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/05/18 18:16:38 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/05/18 18:16:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/18 18:16:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/18 17:44:17 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/18 17:44:17 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/18 17:44:09 | 001,898,873 | -H-- | M] () -- C:\Users\Toshiba admin\AppData\Local\IconCache.db
[2010/05/18 16:22:30 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/18 13:24:37 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/05/18 12:16:39 | 000,000,000 | ---- | M] () -- C:\Users\Toshiba admin\defogger_reenable
[2010/05/18 12:16:04 | 000,050,477 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\Defogger.exe
[2010/05/17 22:09:20 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/05/17 14:10:11 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Startup Analyser.job
[2010/05/17 08:39:10 | 000,001,910 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\Stop Startup Analyser.lnk
[2010/05/16 12:49:00 | 000,004,132 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\leatherhead.HTM
[2010/05/16 09:03:58 | 000,002,539 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\HiJackThis.lnk
[2010/05/16 00:04:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/05/16 00:04:03 | 000,000,023 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/05/16 00:04:03 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/05/15 23:57:06 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/05/15 23:09:24 | 006,301,975 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\config2.nt.rtf
[2010/05/15 23:08:19 | 006,301,975 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\config1.nt.rtf
[2010/05/15 22:30:11 | 000,004,165 | ---- | M] () -- C:\Users\Toshiba admin\Documents\regkey.reg
[2010/05/13 22:30:06 | 000,037,600 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/05/13 22:16:11 | 000,000,894 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\RegRun Control Center.lnk
[2010/05/13 21:47:54 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 21:47:54 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 21:47:54 | 000,065,536 | -HS- | M] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TM.blf
[2010/05/13 17:35:50 | 020,396,740 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\regrunplat.zip
[2010/05/11 20:13:48 | 000,001,060 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\Spybot - Search & Destroy.lnk
[2010/05/11 10:29:24 | 000,091,832 | ---- | M] () -- C:\Users\Toshiba admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/11 10:29:07 | 000,344,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/10 20:26:44 | 000,176,506 | ---- | M] () -- C:\Windows\Loft Management System Uninstaller.exe
[2010/05/10 20:26:11 | 000,000,950 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\LMS.lnk
[2010/05/10 20:15:27 | 000,185,267 | ---- | M] () -- C:\Windows\Federation Secretaries System Uninstaller.exe
[2010/05/10 20:00:34 | 000,000,950 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\FSS5.lnk
[2010/05/10 14:27:54 | 007,249,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Toshiba admin\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/05/10 10:59:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/10 10:49:05 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/09 19:47:44 | 000,607,013 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100511-213541.backup
[2010/05/08 06:49:55 | 001,402,880 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\HiJackThis.msi
[2010/05/08 06:05:18 | 000,001,117 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\PC Fixer.lnk
[2010/05/07 17:39:59 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010/05/07 15:17:53 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/05/07 15:17:50 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010/05/07 12:12:28 | 001,601,756 | ---- | M] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/06 22:01:54 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/05/06 07:16:44 | 000,001,594 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/05/06 07:11:08 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/05/06 01:41:45 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/05/06 01:41:44 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/05/06 01:41:44 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/05/06 01:41:44 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/05/06 01:41:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/05/06 01:40:12 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2010/05/06 01:40:11 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2010/05/06 01:35:17 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/05/06 01:35:17 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/05/06 01:35:16 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/05/06 01:35:16 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/05/06 01:35:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/05/06 01:35:16 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/05/06 01:35:16 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/05/06 01:35:16 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/05/06 01:35:16 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/05/06 01:31:57 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2010/05/06 01:31:57 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/05/06 01:31:56 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/05/06 01:31:56 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/05/06 01:31:56 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/05/06 01:31:55 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/05/06 01:31:51 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010/05/06 01:30:16 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2010/05/06 01:30:15 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2010/05/06 01:28:38 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/05/06 01:25:33 | 002,868,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/05/06 01:25:33 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/05/06 01:25:32 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/05/06 01:25:32 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/05/06 01:25:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/05/06 01:25:31 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/05/06 01:23:54 | 003,600,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/05/06 01:23:53 | 003,548,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/05/06 01:08:16 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/05/06 01:08:16 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/05/06 00:55:57 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/06 00:54:26 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/05/06 00:43:43 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2010/05/06 00:43:43 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2010/05/06 00:43:43 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2010/05/06 00:43:42 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2010/05/06 00:43:42 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2010/05/06 00:43:42 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2010/05/06 00:43:42 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2010/05/06 00:43:41 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2010/05/06 00:43:41 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2010/05/06 00:43:40 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2010/05/06 00:43:39 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2010/05/06 00:43:39 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2010/05/06 00:43:38 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2010/05/06 00:43:38 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2010/05/06 00:43:37 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2010/05/06 00:43:37 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2010/05/06 00:43:36 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2010/05/06 00:43:35 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2010/05/06 00:43:34 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2010/05/06 00:43:33 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2010/05/06 00:43:32 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2010/05/06 00:43:32 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2010/05/06 00:43:31 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2010/05/06 00:43:31 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2010/05/06 00:43:30 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2010/05/06 00:43:30 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2010/05/06 00:43:29 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2010/05/06 00:43:28 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2010/05/06 00:43:28 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2010/05/06 00:43:27 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2010/05/06 00:43:26 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2010/05/06 00:43:26 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2010/05/06 00:43:25 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2010/05/06 00:43:25 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2010/05/06 00:43:24 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2010/05/06 00:43:24 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2010/05/06 00:43:23 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2010/05/06 00:43:23 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2010/05/06 00:43:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2010/05/06 00:43:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2010/05/06 00:43:21 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2010/05/06 00:43:21 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2010/05/06 00:43:20 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2010/05/06 00:43:20 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2010/05/06 00:43:20 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2010/05/06 00:43:20 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2010/05/06 00:43:19 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2010/05/06 00:43:19 | 001,966,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2010/05/06 00:43:19 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2010/05/06 00:43:18 | 003,466,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2010/05/06 00:43:18 | 002,657,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2010/05/06 00:43:17 | 004,497,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2010/05/06 00:43:17 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2010/05/06 00:43:17 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2010/05/06 00:43:16 | 002,599,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2010/05/06 00:43:16 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2010/05/06 00:43:16 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2010/05/06 00:43:15 | 004,875,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2010/05/06 00:43:15 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2010/05/06 00:43:15 | 002,243,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2010/05/06 00:43:14 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2010/05/06 00:43:14 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2010/05/06 00:43:13 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2010/05/06 00:43:13 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2010/05/06 00:43:12 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2010/05/06 00:43:12 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2010/05/06 00:43:12 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2010/05/06 00:43:12 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2010/05/06 00:43:11 | 009,847,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2010/05/06 00:43:10 | 002,643,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2010/05/06 00:43:10 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2010/05/06 00:43:10 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2010/05/06 00:43:09 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2010/05/06 00:43:09 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2010/05/06 00:43:08 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2010/05/06 00:43:08 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2010/05/06 00:43:07 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2010/05/06 00:43:07 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2010/05/06 00:38:54 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/05/06 00:35:33 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/05/06 00:35:33 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/05/06 00:27:44 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2010/05/06 00:26:46 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/05/06 00:24:33 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2010/05/06 00:23:12 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/05/06 00:23:12 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/05/06 00:23:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/05/06 00:23:07 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/05/06 00:23:07 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/05/06 00:04:52 | 026,148,864 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/05/06 00:04:52 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/06 00:04:51 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/05 23:52:27 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/05/05 23:34:00 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2010/05/05 23:32:09 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/05/05 23:32:09 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/05/05 23:29:37 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/05/05 23:29:14 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/05/05 23:27:38 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/05/05 23:27:38 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/05/05 23:27:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/05/05 23:27:37 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/05/05 23:27:37 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/05/05 23:26:27 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/05/05 21:50:52 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/05/05 21:50:52 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/05/05 21:50:06 | 000,575,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/05/05 21:50:06 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/05/05 21:50:06 | 000,035,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/05/05 21:49:37 | 000,171,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/05/05 21:49:37 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/05/05 20:56:30 | 000,103,720 | ---- | M] () -- C:\Users\Toshiba admin\GoToAssistDownloadHelper.exe
[2010/05/05 20:53:53 | 000,107,368 | R--- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/05/05 16:04:01 | 000,000,000 | -H-- | M] () -- C:\Users\Toshiba admin\Documents\Default.rdp
[2010/05/05 15:50:46 | 000,524,288 | -HS- | M] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/05 15:49:32 | 000,001,436 | ---- | M] () -- C:\Users\Toshiba admin\Desktop\eBay.co.uk.lnk
[2010/05/05 15:34:33 | 000,000,020 | -HS- | M] () -- C:\Users\Toshiba admin\ntuser.ini
[2010/05/05 15:23:20 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Equium L40_05468-AV_PSL41E-00500.MRK
[2010/04/29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Toshiba admin\*.tmp files -> C:\Users\Toshiba admin\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/18 16:22:30 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/18 13:24:37 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010/05/18 12:16:39 | 000,000,000 | ---- | C] () -- C:\Users\Toshiba admin\defogger_reenable
[2010/05/18 12:16:01 | 000,050,477 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\Defogger.exe
[2010/05/17 08:39:10 | 000,001,910 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\Stop Startup Analyser.lnk
[2010/05/16 12:48:44 | 000,004,132 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\leatherhead.HTM
[2010/05/16 00:22:43 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\Startup Analyser.job
[2010/05/15 23:56:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/15 23:55:50 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/05/15 23:09:22 | 006,301,975 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\config2.nt.rtf
[2010/05/15 23:08:18 | 006,301,975 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\config1.nt.rtf
[2010/05/14 14:28:55 | 000,004,165 | ---- | C] () -- C:\Users\Toshiba admin\Documents\regkey.reg
[2010/05/13 22:16:11 | 000,000,894 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\RegRun Control Center.lnk
[2010/05/13 22:16:07 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2010/05/13 22:16:07 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.org
[2010/05/13 22:16:07 | 000,020,192 | ---- | C] () -- C:\Windows\WinBait.exe
[2010/05/13 21:39:16 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000002.regtrans-ms
[2010/05/13 21:39:16 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 21:39:16 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba admin\ntuser.dat{7f2feada-5ecf-11df-a80e-001a92aa0fad}.TM.blf
[2010/05/13 17:34:52 | 020,396,740 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\regrunplat.zip
[2010/05/11 22:44:38 | 000,002,539 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\HiJackThis.lnk
[2010/05/11 20:13:48 | 000,001,060 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\Spybot - Search & Destroy.lnk
[2010/05/10 21:46:53 | 000,002,017 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/10 20:26:11 | 000,176,506 | ---- | C] () -- C:\Windows\Loft Management System Uninstaller.exe
[2010/05/10 20:26:11 | 000,000,950 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\LMS.lnk
[2010/05/10 20:00:34 | 000,185,267 | ---- | C] () -- C:\Windows\Federation Secretaries System Uninstaller.exe
[2010/05/10 20:00:34 | 000,000,950 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\FSS5.lnk
[2010/05/10 10:59:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/10 10:49:05 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/08 06:49:53 | 001,402,880 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\HiJackThis.msi
[2010/05/08 06:05:18 | 000,001,117 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\PC Fixer.lnk
[2010/05/07 18:24:45 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/05/07 18:24:42 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/05/07 18:24:30 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/05/07 18:24:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/07 18:24:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/07 18:24:25 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/05/07 18:24:25 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/05/07 18:24:20 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/05/07 18:24:04 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/05/07 18:24:02 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/05/07 18:23:33 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/05/07 18:23:31 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/05/07 18:00:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/05/07 18:00:32 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/05/07 14:12:00 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010/05/07 13:51:01 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/05/07 13:17:22 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/05/07 13:15:45 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2010/05/07 13:15:44 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2010/05/07 13:15:38 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2010/05/07 13:15:37 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2010/05/06 07:16:44 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/05/06 01:31:57 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/05/06 01:31:51 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010/05/05 23:56:00 | 026,148,864 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010/05/05 23:56:00 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010/05/05 23:56:00 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010/05/05 21:42:53 | 001,601,756 | ---- | C] () -- C:\Windows\System32\drivers\N360\0308000.029\Cat.DB
[2010/05/05 20:56:29 | 000,103,720 | ---- | C] () -- C:\Users\Toshiba admin\GoToAssistDownloadHelper.exe
[2010/05/05 16:04:01 | 000,000,000 | -H-- | C] () -- C:\Users\Toshiba admin\Documents\Default.rdp
[2010/05/05 15:49:32 | 000,001,436 | ---- | C] () -- C:\Users\Toshiba admin\Desktop\eBay.co.uk.lnk
[2010/05/05 15:34:33 | 000,000,020 | -HS- | C] () -- C:\Users\Toshiba admin\ntuser.ini
[2010/05/05 15:34:32 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/05/05 15:34:32 | 000,524,288 | -HS- | C] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/05 15:34:32 | 000,262,144 | -H-- | C] () -- C:\Users\Toshiba admin\ntuser.dat.LOG1
[2010/05/05 15:34:32 | 000,065,536 | -HS- | C] () -- C:\Users\Toshiba admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/05 15:34:32 | 000,000,000 | -H-- | C] () -- C:\Users\Toshiba admin\ntuser.dat.LOG2
[2010/05/05 15:34:31 | 004,980,736 | -HS- | C] () -- C:\Users\Toshiba admin\ntuser.dat
[2010/05/05 15:23:42 | 000,063,717 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2010/05/05 15:23:42 | 000,027,864 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2010/05/05 15:23:20 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Equium L40_05468-AV_PSL41E-00500.MRK
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/05/30 17:53:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/05/30 17:52:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/05/30 09:40:56 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/30 09:31:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/05/13 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Digital Support
[2010/05/13 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Regrun
[2010/05/18 17:44:40 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/17 14:10:11 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\Startup Analyser.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/05/07 11:52:16 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Adobe
[2010/05/13 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Digital Support
[2010/05/05 15:49:38 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Identities
[2010/05/07 11:52:16 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Macromedia
[2010/05/10 10:49:16 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Media Center Programs
[2010/05/18 12:07:11 | 000,000,000 | --SD | M] -- C:\Users\Toshiba admin\AppData\Roaming\Microsoft
[2010/05/13 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\Toshiba admin\AppData\Roaming\Regrun

< %APPDATA%\*.exe /s >
[2010/05/11 22:44:39 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Toshiba admin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KR10N.SYS >
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys
[2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< >
< End of report >


#13 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 04:37 PM

Extras.txt
OTL Extras logfile created on: 18/05/2010 22:12:24 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Toshiba admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.66 Gb Total Space | 29.03 Gb Free Space | 52.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54.66 Gb Total Space | 54.57 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-LAPTOP
Current User Name: Toshiba admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{811A39ED-182F-465E-A6EB-7AEA4B209010}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A69EB22A-5038-4BFE-88F0-89E9BCA67243}" = dir=in | app=f:\setup\hpznui01.exe |
"{F4CF2A68-3E86-4C63-AEA3-5CB7A030B4A3}" = dir=in | app=c:\program files\norton 360\engine\3.8.0.41\ccsvchst.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Digital Support" = PC Fixer
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Federation Secretaries System" = Federation Secretaries System
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"Loft Management System" = Loft Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"RegRun Security Suite_is1" = RegRun Security Suite Platinum
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:38:02 | Computer Name = Toshiba-laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 13/05/2010 09:42:19 | Computer Name = Toshiba-laptop | Source = MsiInstaller | ID = 11721
Description =

Error - 13/05/2010 09:55:39 | Computer Name = Toshiba-laptop | Source = Application Hang | ID = 1002
Description = The program dsweb.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: d94 Start Time: 01caf2a3e8bd4e80 Termination Time: 31

Error - 13/05/2010 14:26:14 | Computer Name = Toshiba-laptop | Source = Application Hang | ID = 1002
Description = The program TrojanAnalyser.exe version 6.8.6.2010 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 76c Start Time: 01caf2c04ef5dba5 Termination Time: 16

[ System Events ]
Error - 07/05/2010 06:06:39 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 06:06:39 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 06:06:39 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 06:06:39 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 07:12:27 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7031
Description =

Error - 07/05/2010 07:17:11 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 07:17:11 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 07:17:11 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 07:17:11 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/05/2010 07:17:11 | Computer Name = Toshiba-laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#14 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 18 May 2010 - 05:20 PM

Had problems with malwarebytes downloading and then whilst running it stoped responding several times but did continue each time.
Log below
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4113

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

18/05/2010 23:17:01
mbam-log-2010-05-18 (23-17-01).txt

Scan type: Quick scan
Objects scanned: 124052
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#15 Albear

Albear
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 19 May 2010 - 02:09 AM

This morning and last night each time I rebooted I lost my anti virus and defender, security centre tells me that they are both turned off, i am at the moment using windows essentials. I can restart essentials but not defender, when I click to turn on and open the dialogue boxes freeze and the only way I can close them is to go to task manger, which tels me defender is running but then I have to close it.
The other thing is I changed my network setting from punlic to private and was for the first time ever able to see my network map. I took a screen print and then planned to use ing resizer shrink and attach to this. However pix resizer won't shrink a word doc blush.gif I think the map gives a clue to how I'm being hijacked (??). As I've said previously I do not use any media facilities, tv burning cd. The only functionality I want to use on tis laptop is internet, my pigeon database programs and pictures. I will also use Ofice from time to time. One thing I did do was NOT install Groove when I installed office however I thought I saw on one of the logs that it was installed?
Anyway I digress I'll try and attach the network map .... bthomehub 2 is my router but has no properties.................. bt home hub2 media gateway should not be my gateway but has my router properties???

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users