Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

persistant rootkit survived D2D system reinstall on Acer Laptop.


  • This topic is locked This topic is locked
37 replies to this topic

#1 SteveHam

SteveHam

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 07 September 2010 - 06:00 PM

This is my Wifes newish Acer Aspire 6530, & still in it's first year warantie. Acer are almost uncontactable & we need to get at least one of our 3 laptops malware free as we are away from the UK in Greece.

Did get through to Acer & they sugested a factory restore using the on board D2D recovery... Did that a couple of weeks back... Made a DVD recovery disc (2 Disks) then Conected to internet & updated Vista home premium. Downloaded MBAM & scanned, I also downloaded AVG 9.0 28 day trial & installed that along with the AVG firewall.

The symptoms: To start with not many, other than slowness & some odd warnings. No Internet redirects as such. Then Windows defender started stopping working, I checked the history & found it had let through and allowed to install a registry key

HKCU@S-1-5-21-3301625118-1092049821-1787829980\SOFTWARE\Microsoft\internet Explorer\Main\\Start Page

I did a web search & turned up very little info on this, but none good...

I now have 2 new keys called:

HKEY_USERS\S-1-5-21-3301625118-1092049821-1787829980-1000

HKEY_USERS\S-1-5-21-3301625118-1092049821-1787829980-1000_Classes

Next day we had aquiered an adition drive called Q: This was inacsesable... This has since diapeared from "Computer" but is still listed when GMER is run.

I opened a DOS box as Admin & did "netstat -abfno" to be greeted by lots of connections including some who's host service were located on X: (This is the D2D recovery partition)???

The Windows logs seem to be full of oddness too...

It would be greatly appreciated if Anybody cares to help?

Steve

p.s. Have attached a MBRCheck log & a RKUnhooker log as I did these just to make sure, before posting for help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by katofreud08 at 0:54:56.31 on 06/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3293.1295 [GMT 3:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\PLFSetI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\KATOFR~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\katofreud08\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0810&m=aspire_6530g
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0810&m=aspire_6530g
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [WarReg_PopUp] c:\program files\acer\wr_popup\WarReg_PopUp.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService]
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2010-8-18 43184]
R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-8-25 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-25 52872]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-8-5 58984]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-25 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-25 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-25 243024]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\18130\RapportCerberus_18130.sys [2010-8-5 34536]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-8-5 168936]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2010-8-18 61424]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-25 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-25 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-25 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-25 5897808]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2010-8-18 81504]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-11 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2010-8-18 3521024]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-26 45056]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2010-8-18 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-26 131072]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-8-5 763112]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-8-25 122448]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-8-25 30288]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-8-25 27216]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-8-19 22072]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-23 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-25 431432]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-8-18 30192]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-09-05 21:43:46 0 d--h--w- C:\$AVG
2010-09-05 17:26:27 0 d-----w- c:\windows\system32\eu-ES
2010-09-05 17:26:27 0 d-----w- c:\windows\system32\ca-ES
2010-09-05 17:26:26 0 d-----w- c:\windows\system32\vi-VN
2010-09-05 17:05:17 0 d-----w- c:\windows\system32\EventProviders
2010-09-05 16:59:29 524288 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000002.regtrans-ms
2010-09-05 16:59:28 65536 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TM.blf
2010-09-05 16:59:28 524288 --sha-w- c:\users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000001.regtrans-ms
2010-09-04 00:00:45 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-03 22:45:03 294348889 ----a-w- c:\windows\MEMORY.DMP
2010-09-03 10:07:32 412 ----a-w- c:\windows\MAXLINK.INI
2010-09-03 10:07:21 0 d-----w- c:\programdata\InstallShield
2010-09-03 10:06:00 0 d-----w- c:\programdata\ScanSoft
2010-09-03 10:06:00 0 d-----w- c:\program files\common files\ScanSoft Shared
2010-09-03 10:05:35 0 d-----w- c:\program files\ScanSoft
2010-09-03 10:03:13 0 d-----w- c:\program files\common files\CANON
2010-09-03 09:54:59 0 d-----w- c:\program files\Canon
2010-09-03 09:19:00 0 d--h--w- c:\programdata\CanonBJ
2010-09-03 09:17:04 216064 ----a-w- c:\windows\system32\CNMLM8T.DLL
2010-09-01 16:33:38 0 d-----w- c:\programdata\Sun
2010-09-01 16:32:58 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-01 15:59:51 20 ----a-w- c:\windows\system32\SYSTEM
2010-09-01 05:08:26 17 ----a-w- c:\windows\system32\shortcut_ex.dat
2010-08-31 14:01:22 0 d-----w- c:\programdata\VirtualizedApplications
2010-08-31 09:00:58 0 d-----w- c:\users\katofr~1\appdata\roaming\SoftGrid Client
2010-08-31 08:58:55 0 d-----w- c:\program files\Microsoft Application Virtualization Client
2010-08-31 08:56:29 0 d-----w- c:\users\katofr~1\appdata\roaming\TP
2010-08-27 11:51:35 0 d-----w- c:\users\katofr~1\appdata\roaming\AVG9
2010-08-26 05:50:52 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-26 05:50:52 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-26 05:50:52 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-26 05:50:52 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-26 05:50:52 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-25 18:38:37 0 d-----w- c:\programdata\PlayMovie
2010-08-25 10:21:24 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-08-25 10:21:19 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2010-08-25 10:21:19 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2010-08-25 10:21:16 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2010-08-25 10:21:16 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2010-08-25 10:21:14 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-08-25 10:21:11 1480704 ----a-w- c:\windows\system32\mssrch.dll
2010-08-25 10:21:09 684032 ----a-w- c:\windows\system32\drivers\spsys.sys
2010-08-25 10:21:07 1576960 ----a-w- c:\windows\system32\tquery.dll
2010-08-25 10:21:06 779136 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-08-25 10:21:02 561152 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-08-25 10:21:01 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-08-25 10:19:59 199680 ----a-w- c:\windows\system32\WebClnt.dll
2010-08-25 10:18:59 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-08-25 10:17:59 50688 ----a-w- c:\windows\system32\wsnmp32.dll
2010-08-25 10:16:34 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-08-25 10:16:34 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-08-25 10:16:34 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-08-25 10:16:34 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-08-25 10:16:34 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-08-25 10:16:34 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-08-25 10:16:33 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-08-25 10:16:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-08-25 10:16:18 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-08-25 10:16:18 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-08-25 10:15:41 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-08-25 09:32:55 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-25 09:32:55 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 09:32:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-25 09:32:44 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 09:32:41 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-25 09:32:30 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-25 09:30:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-08-25 09:29:17 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-25 09:27:52 0 d-----w- c:\program files\AVG
2010-08-25 09:27:18 0 d-----w- c:\programdata\avg9
2010-08-25 08:33:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-08-24 09:20:04 0 d-----w- c:\users\katofr~1\appdata\roaming\Trusteer
2010-08-24 09:19:58 0 d-----w- c:\program files\Trusteer
2010-08-24 09:16:36 0 d-----w- c:\programdata\Trusteer
2010-08-24 07:42:07 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-08-23 08:52:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-23 08:14:50 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-23 08:14:44 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-08-23 08:03:33 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-23 07:51:44 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-08-23 07:51:40 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-08-23 07:51:40 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-08-23 07:50:33 0 d-----w- c:\program files\MSXML 4.0
2010-08-19 06:04:54 0 d---a-w- c:\windows\Audio
2010-08-19 05:12:03 22072 ----a-w- c:\windows\system32\drivers\usbfilter.sys
2010-08-19 05:12:02 0 d-----w- c:\program files\AMD
2010-08-18 23:07:30 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-18 23:07:30 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-08-18 23:07:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-18 23:07:04 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-08-18 23:07:04 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-08-18 23:07:03 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-08-18 23:07:03 471552 ----a-w- c:\windows\system32\secproc.dll
2010-08-18 23:07:01 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-08-18 23:07:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-18 23:07:00 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-08-18 23:07:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-08-18 23:06:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-08-18 23:01:42 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-08-18 23:01:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-08-18 23:01:38 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-08-18 23:01:36 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-08-18 23:01:35 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-08-18 23:01:35 10240 ----a-w- c:\windows\system32\finger.exe
2010-08-18 23:01:34 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-08-18 23:01:34 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-08-18 23:01:30 17920 ----a-w- c:\windows\system32\netevent.dll
2010-08-18 22:50:16 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-08-18 22:50:16 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-08-18 22:50:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-08-18 22:50:12 72704 ----a-w- c:\windows\system32\secur32.dll
2010-08-18 22:50:12 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-08-18 22:50:10 9728 ----a-w- c:\windows\system32\lsass.exe
2010-08-18 22:48:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-08-18 22:47:51 2868224 ----a-w- c:\windows\system32\mf.dll
2010-08-18 22:47:48 98816 ----a-w- c:\windows\system32\mfps.dll
2010-08-18 22:47:48 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-08-18 22:47:48 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-08-18 22:47:47 2048 ----a-w- c:\windows\system32\mferror.dll
2010-08-18 22:45:26 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-08-18 22:45:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-08-18 22:45:18 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-08-18 22:45:18 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-08-18 22:45:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-18 22:43:18 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-18 22:43:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-08-18 22:43:08 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-08-18 22:43:08 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-08-18 22:43:03 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-18 22:42:47 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-08-18 22:42:37 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-08-18 22:42:37 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-08-18 22:41:47 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-08-18 22:41:44 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-08-18 22:41:44 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-08-18 22:41:43 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-08-18 22:41:43 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-08-18 22:41:43 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-08-18 22:41:41 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-08-18 22:41:23 623616 ----a-w- c:\windows\system32\localspl.dll
2010-08-18 22:41:18 243712 ----a-w- c:\windows\system32\rastls.dll
2010-08-18 22:41:13 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-18 22:41:12 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-18 22:40:59 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-18 22:40:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-08-18 22:38:34 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-18 22:38:09 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-08-18 22:38:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-08-18 22:38:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-08-18 22:36:57 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-08-18 22:34:46 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-18 22:32:57 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-08-18 22:07:21 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-18 22:07:16 98304 ----a-w- c:\windows\system32\cabview.dll
2010-08-18 21:48:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-08-18 21:48:20 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-08-18 21:48:06 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-08-18 21:48:06 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-08-18 21:30:44 0 d-----w- c:\users\katofr~1\appdata\roaming\Malwarebytes
2010-08-18 21:30:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 21:30:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 21:30:35 0 d-----w- c:\programdata\Malwarebytes
2010-08-18 21:30:35 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-18 20:26:10 553 ----a-w- c:\windows\USetup.iss
2010-08-18 20:26:09 290816 ----a-w- c:\windows\RTKVADDA.EXE
2010-08-18 20:19:16 0 d-----w- c:\program files\Realtek
2010-08-18 20:19:01 0 d-----w- c:\programdata\ATI
2010-08-18 20:18:44 98768 ----a-w- c:\windows\system32\log.xml
2010-08-18 20:13:23 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-18 20:10:32 14033923 ----a-w- c:\windows\system32\acer.exe
2010-08-18 20:10:31 36909056 ----a-w- c:\windows\system32\acer.scr
2010-08-18 20:10:27 0 d-----w- c:\program files\Acer Incorporated
2010-08-18 20:10:25 0 d-----w- c:\windows\ACER
2010-08-18 20:08:56 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-08-18 20:02:05 0 d-----w- c:\program files\Acer Arcade Deluxe
2010-08-18 20:02:02 0 d-----w- c:\programdata\CyberLink
2010-08-18 20:02:01 0 d-----w- c:\programdata\Temp
2010-08-18 20:00:55 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2010-08-18 20:00:55 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2010-08-18 20:00:42 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2010-08-18 20:00:40 5632 ----a-w- c:\windows\system32\biologon.dll
2010-08-18 20:00:25 43184 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2010-08-18 20:00:25 331776 ----a-w- c:\windows\system32\DrvCrypt.dll
2010-08-18 20:00:25 16384 ----a-w- c:\windows\system32\AlfaFF.dll
2010-08-18 20:00:19 1468928 ----a-w- c:\windows\system32\bsapi.dll
2010-08-18 19:59:38 0 d-----w- c:\program files\common files\SPBA
2010-08-18 19:59:35 0 d-----w- c:\programdata\UIB
2010-08-18 19:58:57 20 ----a-w- C:\Medion.ini
2010-08-18 19:58:57 0 d-----w- C:\CLSetup
2010-08-18 19:48:41 0 ----a-w- c:\windows\system32\LogConfigTemp.xml
2010-08-18 19:47:58 92 ----a-w- c:\windows\GridV.UNI
2010-08-18 19:47:56 0 d-----w- c:\program files\Acer Inc
2010-08-18 19:46:11 83 ----a-w- c:\windows\QtZgAcer.UNI
2010-08-18 19:46:06 0 d-----w- c:\program files\Launch Manager
2010-08-18 19:45:43 626688 ----a-w- c:\windows\Image.dll
2010-08-18 19:45:43 4838 ----a-w- c:\windows\Suyin.reg
2010-08-18 19:45:43 36 ----a-w- c:\windows\PidList.ini
2010-08-18 19:45:43 262144 ----a-w- c:\windows\Acer Crystal Eye webcam.EXE
2010-08-18 19:45:43 222382 ----a-w- c:\windows\Acer Crystal Eye webcam.ico
2010-08-18 19:45:43 200704 ----a-w- c:\windows\PLFSetI.exe
2010-08-18 19:45:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-08-18 19:44:30 0 d-----w- c:\program files\Synaptics
2010-08-18 19:36:31 0 d-----w- c:\program files\ATI
2010-08-18 19:36:28 0 d-----w- c:\program files\ATI Technologies
2010-08-18 19:34:27 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-18 19:31:20 0 d-----w- c:\programdata\Google
2010-08-18 19:28:18 0 d-----w- c:\users\katofr~1\appdata\roaming\Acer GameZone Console

==================== Find3M ====================

2010-09-05 17:34:20 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-05 17:34:20 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-05 17:34:20 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-05 17:26:14 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-05 17:18:21 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-08-23 07:53:59 95888 ----a-w- c:\windows\fonts\cordiaub.ttf
2010-08-18 20:19:24 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-08-05 16:19:28 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:55:41.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 13 September 2010 - 12:52 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 02:53 PM

Hello myrti,

Don't apologise about the delay, I know you guys are working really hard at the moment. We are just really glad that you are going to help us.

I ran MBAM the other day and picked up a couple of secondary infections, I have included the log below.

Symptoms are pretty much as I described above. This is stand alone machine, that has very recently been restored to factory settings. Despite this I still think it is being used as a server, but you will be able to tell this by the logs I have posted below.

If you need us/me to return the computer to its factory settings using D2D reinstall before attempting a fix thats not a problem.

Posted below are the MBAM log and the two OTL logs.

Thank you once again for your help.

-------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4447

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

12/09/2010 19:02:58
mbam-log-2010-09-12 (19-02-58).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Objects scanned: 262103
Time elapsed: 2 hour(s), 23 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\$RECYCLE.BIN\S-1-5-21-3301625118-1092049821-1787829980-1000\$RQ1YFMY.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 13/09/2010 22:09:26 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\katofreud08\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 107.85 Gb Free Space | 74.87% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 138.00 Gb Free Space | 98.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATOFREUD08-PC
Current User Name: katofreud08
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/13 22:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\katofreud08\Desktop\OTL.exe
PRC - [2010/08/25 12:31:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/25 12:31:42 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/25 12:31:19 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/25 12:31:16 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/08/25 12:30:49 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/25 12:30:46 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/25 12:30:44 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/25 12:30:40 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/08/25 12:30:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/25 12:30:15 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/08/25 12:30:14 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/08/24 10:45:41 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/23 10:43:14 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\katofreud08\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/08/19 00:37:17 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/08/18 23:00:41 | 003,438,592 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2010/08/18 23:00:31 | 003,521,024 | ---- | M] () -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
PRC - [2010/08/18 23:00:21 | 003,673,600 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
PRC - [2010/08/18 22:30:43 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/08/05 19:19:20 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 003,207,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/04/11 09:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/19 13:26:34 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/01 19:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 03:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/07/24 15:54:18 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008/07/24 15:54:10 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008/07/18 16:04:36 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008/06/30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/06/17 07:23:24 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/06/02 19:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/05/30 22:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2008/04/26 07:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/26 07:36:20 | 000,028,672 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008/04/26 07:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\SPBA\upeksvr.exe
PRC - [2008/03/18 07:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/03 23:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2007/04/03 19:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 22:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\katofreud08\Desktop\OTL.exe
MOD - [2010/08/25 12:32:57 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/08/19 00:37:17 | 000,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
MOD - [2010/08/05 19:19:26 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/04/11 09:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 05:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/25 12:31:16 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/08/25 12:30:49 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/25 12:30:37 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/25 12:30:14 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/08/19 00:37:17 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/08/18 23:00:31 | 003,521,024 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/06/30 14:23:12 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/02/28 02:33:14 | 000,821,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/25 04:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/07/30 03:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/06/02 19:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/04/26 07:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/26 07:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/18 07:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/03/03 23:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/21 05:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/07 02:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/08/25 12:32:55 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/25 12:32:55 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/25 12:32:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/25 12:32:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/25 12:30:46 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/08/25 12:30:17 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/08/25 12:30:17 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/08/25 12:30:16 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/08/25 12:29:17 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/08/18 23:00:25 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2010/08/05 19:29:22 | 000,034,536 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\18130\RapportCerberus_18130.sys -- (RapportCerberus_18130)
DRV - [2010/08/05 19:19:28 | 000,168,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2008/08/19 13:03:28 | 002,161,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/30 03:53:12 | 000,060,464 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/07/30 03:53:10 | 000,018,992 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/07/30 03:53:10 | 000,016,944 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2008/07/28 10:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 17:58:00 | 003,885,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/22 14:58:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008/07/18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008/07/18 04:09:00 | 000,148,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/06/06 05:01:50 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/05/29 03:54:20 | 000,022,072 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2008/04/28 04:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/25 05:08:42 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/21 07:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/30 12:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/30 12:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008/01/30 03:45:38 | 000,050,576 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb)
DRV - [2008/01/21 05:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 05:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 05:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 05:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 05:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 05:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 05:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 05:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 05:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 05:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 05:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 05:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 05:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 05:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 05:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 05:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 05:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 05:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 05:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 05:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 05:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 05:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 05:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 05:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 05:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2007/03/28 17:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/01/26 09:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/02 16:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 12:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 12:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 12:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 12:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 12:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 12:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 12:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 12:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 12:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 12:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 12:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 11:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 11:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 11:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 11:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 11:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 10:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6530g


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...;m=aspire_6530g
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/19 00:41:30 | 000,000,761 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3301625118-1092049821-1787829980-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.97.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/13 22:07:40 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\katofreud08\Desktop\OTL.exe
[2010/09/07 23:32:05 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Apps
[2010/09/06 20:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/06 20:34:26 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/09/06 20:34:25 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/09/06 20:34:25 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/09/06 20:33:12 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/09/06 20:33:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/09/06 20:33:11 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/09/06 20:33:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/09/06 20:33:10 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/09/06 20:33:10 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/09/06 20:33:10 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/09/06 20:33:10 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/09/06 20:33:10 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/09/06 20:33:10 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/09/06 20:33:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/09/06 20:33:10 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/09/06 20:33:10 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/09/06 20:33:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/09/06 20:33:09 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/09/06 20:33:09 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/09/06 20:33:09 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/09/06 20:33:09 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/09/06 20:33:09 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/09/06 20:33:08 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/09/06 20:33:08 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/09/06 20:33:08 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/09/06 20:33:08 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/09/06 20:33:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/09/06 20:33:08 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/09/06 20:32:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/09/06 20:32:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/09/06 20:31:59 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/09/06 20:31:53 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/09/06 20:31:53 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/09/06 20:31:53 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/09/06 20:31:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/09/06 20:31:53 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/09/06 20:31:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/09/06 20:30:24 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/09/06 20:30:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/09/06 01:02:44 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\Desktop\gmer
[2010/09/06 00:43:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/05 20:26:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/05 20:26:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/05 20:26:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/09/05 20:05:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/09/04 19:08:55 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\Desktop\SteveStuff
[2010/09/04 18:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/09/04 03:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/09/04 01:45:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/03 15:12:22 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/03 15:03:26 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Scansoft
[2010/09/03 13:15:01 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Canon
[2010/09/03 13:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/09/03 13:07:13 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\ScanSoft
[2010/09/03 13:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2010/09/03 13:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2010/09/03 13:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft
[2010/09/03 13:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/09/03 12:59:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2010/09/03 12:55:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/09/03 12:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/09/03 12:19:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/09/03 12:17:04 | 000,216,064 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM8T.DLL
[2010/09/01 19:33:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/01 19:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/01 19:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/01 19:32:58 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/01 19:32:58 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/01 19:32:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/01 19:32:58 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/01 19:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/01 19:27:28 | 000,874,272 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\katofreud08\Desktop\JavaSetup6u21.exe
[2010/08/31 17:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/08/31 12:01:52 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\SoftGrid Client
[2010/08/31 12:00:58 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\SoftGrid Client
[2010/08/31 11:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/31 11:58:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/08/31 11:56:29 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\TP
[2010/08/27 14:51:35 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\AVG9
[2010/08/26 08:50:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/08/26 08:50:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/08/26 08:50:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/08/25 21:38:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayMovie
[2010/08/25 21:38:34 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\CyberLink
[2010/08/25 21:38:31 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\PlayMovie
[2010/08/25 21:38:27 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\SoftDMA
[2010/08/25 21:38:22 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Acer Arcade Deluxe
[2010/08/25 21:38:21 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\CyberLink
[2010/08/25 13:21:24 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/08/25 13:21:19 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/08/25 13:21:16 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/08/25 13:21:16 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/08/25 13:21:14 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/08/25 13:21:11 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/08/25 13:21:09 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/08/25 13:21:07 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/08/25 13:21:06 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/08/25 13:21:01 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/08/25 13:20:59 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/08/25 13:20:57 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/08/25 13:20:53 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/08/25 13:20:53 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/08/25 13:20:51 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/08/25 13:20:50 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2010/08/25 13:20:50 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/08/25 13:20:49 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/08/25 13:20:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/08/25 13:20:46 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/08/25 13:20:45 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/08/25 13:20:44 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/08/25 13:20:40 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/08/25 13:20:38 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2010/08/25 13:20:38 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/08/25 13:20:38 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/08/25 13:20:38 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/08/25 13:20:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/08/25 13:20:35 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/08/25 13:20:35 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/08/25 13:20:34 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/08/25 13:20:33 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/08/25 13:20:32 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/08/25 13:20:30 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/08/25 13:20:30 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/08/25 13:20:29 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/08/25 13:20:26 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/08/25 13:20:21 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/08/25 13:20:21 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/08/25 13:20:20 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/08/25 13:20:20 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/08/25 13:20:20 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/08/25 13:20:18 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/08/25 13:20:17 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/08/25 13:20:17 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/08/25 13:20:17 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/08/25 13:20:16 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/08/25 13:20:16 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/08/25 13:20:16 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/08/25 13:20:16 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/08/25 13:20:15 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/08/25 13:20:15 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/08/25 13:20:13 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/08/25 13:20:13 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/08/25 13:20:12 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/08/25 13:20:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/08/25 13:20:11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/08/25 13:20:05 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/08/25 13:20:05 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/08/25 13:20:05 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/08/25 13:20:05 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2010/08/25 13:20:04 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/08/25 13:20:03 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/08/25 13:20:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2010/08/25 13:20:01 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/08/25 13:20:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2010/08/25 13:20:00 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/08/25 13:19:58 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/08/25 13:19:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/08/25 13:19:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/08/25 13:19:57 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/08/25 13:19:57 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/08/25 13:19:56 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/08/25 13:19:55 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/08/25 13:19:52 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2010/08/25 13:19:51 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/08/25 13:19:50 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/08/25 13:19:50 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/08/25 13:19:48 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/08/25 13:19:47 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/08/25 13:19:47 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/08/25 13:19:46 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/08/25 13:19:41 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/08/25 13:19:40 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/08/25 13:19:39 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/08/25 13:19:39 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/08/25 13:19:38 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/08/25 13:19:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/08/25 13:19:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/08/25 13:19:37 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/08/25 13:19:36 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/08/25 13:19:35 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/08/25 13:19:32 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/08/25 13:19:32 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/08/25 13:19:30 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/08/25 13:19:30 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/08/25 13:19:30 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/08/25 13:19:26 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/08/25 13:19:25 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/08/25 13:19:24 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/08/25 13:19:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/08/25 13:19:23 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/08/25 13:19:19 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/08/25 13:19:18 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/08/25 13:19:18 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/08/25 13:19:17 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/08/25 13:19:17 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/08/25 13:19:16 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/08/25 13:19:16 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/08/25 13:19:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/08/25 13:19:08 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/08/25 13:19:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/08/25 13:19:07 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/08/25 13:19:05 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/08/25 13:19:03 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/08/25 13:19:03 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/08/25 13:19:02 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/08/25 13:19:02 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/08/25 13:19:02 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/08/25 13:19:02 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/08/25 13:19:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/08/25 13:19:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/08/25 13:19:00 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/08/25 13:19:00 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/08/25 13:18:59 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/08/25 13:18:59 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/08/25 13:18:58 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/08/25 13:18:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/08/25 13:18:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/08/25 13:18:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/08/25 13:18:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/08/25 13:18:57 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/08/25 13:18:57 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/08/25 13:18:56 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/08/25 13:18:55 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/08/25 13:18:55 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/08/25 13:18:55 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/08/25 13:18:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/08/25 13:18:54 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/08/25 13:18:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/08/25 13:18:54 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/08/25 13:18:54 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/08/25 13:18:53 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/08/25 13:18:53 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/08/25 13:18:53 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/08/25 13:18:52 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/08/25 13:18:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/08/25 13:18:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/08/25 13:18:51 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/08/25 13:18:51 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/08/25 13:18:50 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/08/25 13:18:50 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/08/25 13:18:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/08/25 13:18:48 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/08/25 13:18:47 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/08/25 13:18:47 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/08/25 13:18:47 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/08/25 13:18:47 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/08/25 13:18:46 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/08/25 13:18:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/08/25 13:18:44 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/08/25 13:18:44 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/08/25 13:18:44 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/08/25 13:18:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/08/25 13:18:43 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/08/25 13:18:42 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/08/25 13:18:42 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/08/25 13:18:41 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/08/25 13:18:39 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/08/25 13:18:38 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/08/25 13:18:38 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/08/25 13:18:38 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/08/25 13:18:38 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/08/25 13:18:37 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/08/25 13:18:37 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/08/25 13:18:36 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/08/25 13:18:35 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/08/25 13:18:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/08/25 13:18:34 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/08/25 13:18:32 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/08/25 13:18:32 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/08/25 13:18:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/08/25 13:18:31 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/08/25 13:18:31 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/08/25 13:18:30 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/08/25 13:18:30 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/08/25 13:18:30 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/08/25 13:18:25 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/08/25 13:18:25 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/08/25 13:18:25 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/08/25 13:18:24 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/08/25 13:18:24 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/08/25 13:18:22 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/08/25 13:18:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/08/25 13:18:21 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/08/25 13:18:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/08/25 13:18:20 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/08/25 13:18:19 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/08/25 13:18:18 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/08/25 13:18:17 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/08/25 13:18:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/08/25 13:18:16 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/08/25 13:18:16 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/08/25 13:18:14 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/08/25 13:18:13 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/08/25 13:18:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/08/25 13:18:12 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/08/25 13:18:12 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/08/25 13:18:12 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/08/25 13:18:11 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/08/25 13:18:11 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/08/25 13:18:10 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/08/25 13:18:09 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/08/25 13:18:09 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/08/25 13:18:09 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/08/25 13:18:09 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/08/25 13:18:09 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/08/25 13:18:08 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2010/08/25 13:18:08 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/08/25 13:18:08 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/08/25 13:18:08 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/08/25 13:18:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/08/25 13:18:08 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/08/25 13:18:07 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/08/25 13:18:07 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/08/25 13:18:07 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/08/25 13:18:07 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/08/25 13:18:06 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/08/25 13:18:06 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/08/25 13:18:06 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/08/25 13:18:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/08/25 13:18:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/08/25 13:18:05 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/08/25 13:18:05 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/08/25 13:18:05 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/08/25 13:18:05 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/08/25 13:18:05 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/08/25 13:18:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/08/25 13:18:04 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/08/25 13:18:04 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/08/25 13:18:04 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/08/25 13:18:04 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/08/25 13:18:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/08/25 13:18:03 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/08/25 13:18:03 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/08/25 13:18:02 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/08/25 13:18:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/08/25 13:18:01 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/08/25 13:18:01 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/08/25 13:18:00 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/08/25 13:18:00 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/08/25 13:18:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/08/25 13:17:59 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/08/25 13:17:58 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/08/25 13:17:56 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/08/25 13:17:56 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/08/25 13:17:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/08/25 13:17:55 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/08/25 13:17:55 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/08/25 13:17:55 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/08/25 13:17:55 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/08/25 13:17:55 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/08/25 13:17:54 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/08/25 13:17:54 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/08/25 13:17:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/08/25 13:17:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/08/25 13:17:53 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/08/25 13:17:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/08/25 13:17:52 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/08/25 13:17:52 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/08/25 13:17:52 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/08/25 13:17:52 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/08/25 13:17:51 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/08/25 13:17:51 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/08/25 13:17:50 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/08/25 13:17:50 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/08/25 13:17:49 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/08/25 13:17:49 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/08/25 13:17:49 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/08/25 13:17:49 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/08/25 13:17:48 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/08/25 13:17:48 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/08/25 13:17:48 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/08/25 13:17:48 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/08/25 13:17:47 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/08/25 13:17:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/08/25 13:17:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/08/25 13:17:47 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/08/25 13:17:47 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/08/25 13:17:47 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/08/25 13:17:46 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/08/25 13:17:46 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/08/25 13:17:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/08/25 13:17:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/08/25 13:17:45 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/08/25 13:17:45 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/08/25 13:17:45 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/08/25 13:17:45 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/08/25 13:17:45 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/08/25 13:17:44 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/08/25 13:17:44 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/08/25 13:17:44 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/08/25 13:17:44 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/08/25 13:17:44 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/08/25 13:17:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/08/25 13:17:43 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/08/25 13:17:43 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/08/25 13:17:43 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/08/25 13:17:43 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/08/25 13:17:43 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/08/25 13:17:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/08/25 13:17:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/08/25 13:17:42 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/08/25 13:17:42 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/08/25 13:17:42 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/08/25 13:17:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/08/25 13:17:42 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/08/25 13:17:42 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/08/25 13:17:42 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/08/25 13:17:41 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/08/25 13:17:41 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/08/25 13:17:41 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/08/25 13:17:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/08/25 13:17:41 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/08/25 13:17:40 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/08/25 13:17:40 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2010/08/25 13:17:39 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/08/25 13:17:39 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/08/25 13:17:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/08/25 13:17:39 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/08/25 13:17:39 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/08/25 13:17:38 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/08/25 13:17:38 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/08/25 13:17:38 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/08/25 13:17:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/08/25 13:17:37 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/08/25 13:17:37 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/08/25 13:17:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/08/25 13:17:36 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/08/25 13:17:36 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/08/25 13:17:35 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/08/25 13:17:35 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/08/25 13:17:34 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/08/25 13:17:34 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/08/25 13:17:34 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/08/25 13:17:33 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/08/25 13:17:33 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/08/25 13:17:32 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/08/25 13:17:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/08/25 13:17:31 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/08/25 13:17:31 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/08/25 13:17:31 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/08/25 13:17:31 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/08/25 13:17:31 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/08/25 13:17:30 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/08/25 13:17:30 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/08/25 13:17:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/08/25 13:17:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/08/25 13:17:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/08/25 13:17:29 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/08/25 13:17:29 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/08/25 13:17:28 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/08/25 13:17:27 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/08/25 13:17:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/08/25 13:17:26 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/08/25 13:17:26 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/08/25 13:17:26 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/08/25 13:17:25 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/08/25 13:17:25 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/08/25 13:17:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/08/25 13:17:24 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/08/25 13:17:24 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/08/25 13:17:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/08/25 13:17:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/08/25 13:17:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/08/25 13:17:22 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/08/25 13:17:22 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/08/25 13:17:21 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/08/25 13:17:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/08/25 13:17:21 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/08/25 13:17:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/08/25 13:17:21 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/08/25 13:17:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/08/25 13:17:21 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/08/25 13:17:20 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/08/25 13:17:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/08/25 13:17:20 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/08/25 13:17:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/08/25 13:17:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/08/25 13:17:19 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/08/25 13:17:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/08/25 13:17:19 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/08/25 13:17:19 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/08/25 13:17:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/08/25 13:17:18 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/08/25 13:17:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/08/25 13:17:17 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/08/25 13:17:17 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/08/25 13:17:17 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/08/25 13:17:17 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/08/25 13:17:16 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/08/25 13:17:16 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/08/25 13:17:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/08/25 13:17:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010/08/25 13:17:16 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/08/25 13:17:16 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/08/25 13:17:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/08/25 13:17:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/08/25 13:17:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/08/25 13:17:14 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/08/25 13:17:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/08/25 13:17:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/08/25 13:17:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/08/25 13:17:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/08/25 13:17:12 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/08/25 13:17:12 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/08/25 13:17:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/08/25 13:17:12 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/08/25 13:17:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/08/25 13:17:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/08/25 13:17:08 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/08/25 13:17:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/08/25 13:17:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/08/25 13:17:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/08/25 13:17:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/08/25 13:16:28 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/08/25 13:16:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/08/25 13:16:18 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/08/25 13:15:41 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/08/25 12:32:55 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/08/25 12:32:55 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/25 12:32:52 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/25 12:32:44 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/25 12:32:42 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/25 12:32:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/08/25 12:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/25 12:30:46 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/08/25 12:29:17 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/08/25 12:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/25 12:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/08/25 11:42:58 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\katofreud08\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/25 11:33:33 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/08/25 11:33:31 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/08/24 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/24 12:55:32 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Adobe
[2010/08/24 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Trusteer
[2010/08/24 12:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/08/24 12:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/08/24 12:02:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/24 12:02:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/24 12:02:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/24 12:02:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/24 12:02:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/24 12:02:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/24 12:02:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/24 12:02:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/24 12:02:16 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/24 12:02:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/24 12:02:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/24 12:02:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/24 12:02:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/24 12:02:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/24 12:02:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/24 12:01:22 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/08/24 12:01:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/08/24 12:01:22 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/08/24 12:01:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/08/24 12:01:21 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/08/24 12:01:21 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/08/24 12:01:21 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/08/24 12:01:21 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/08/24 12:01:20 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/08/24 12:01:20 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/08/24 12:01:20 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/08/24 12:01:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/08/24 12:01:19 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/08/24 12:01:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/08/24 12:01:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/08/24 12:01:18 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/24 12:01:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/08/24 12:01:17 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/08/24 12:01:15 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/08/24 12:01:15 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/08/24 12:01:15 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/08/24 12:01:15 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/08/24 12:01:14 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/08/24 12:01:14 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/08/24 12:01:14 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/08/23 11:52:53 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/08/23 11:03:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/08/23 10:51:44 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/08/23 10:51:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/08/23 10:50:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/19 09:04:54 | 000,000,000 | ---D | C] -- C:\Windows\Audio
[2010/08/19 08:12:03 | 000,022,072 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\drivers\usbfilter.sys
[2010/08/19 08:12:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/08/19 08:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/08/19 08:11:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/08/19 02:07:30 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/08/19 02:07:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/08/19 02:07:28 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/08/19 02:07:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/08/19 02:07:04 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/08/19 02:07:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/08/19 02:07:03 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/08/19 02:07:01 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/08/19 02:07:01 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/08/19 02:07:00 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/08/19 02:07:00 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/08/19 02:06:58 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/08/19 02:01:42 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/08/19 02:01:38 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/08/19 02:01:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/08/19 02:01:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/08/19 02:01:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/08/19 02:01:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/08/19 02:01:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/08/19 02:01:34 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/08/19 02:01:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/08/19 01:50:16 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/08/19 01:48:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/08/19 01:47:52 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/08/19 01:47:51 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/08/19 01:47:48 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/08/19 01:47:48 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/08/19 01:47:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/08/19 01:47:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/08/19 01:45:26 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/08/19 01:45:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/08/19 01:45:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/08/19 01:45:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/08/19 01:45:17 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/08/19 01:43:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/08/19 01:43:08 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/08/19 01:42:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/08/19 01:42:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/08/19 01:41:44 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/08/19 01:41:43 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/08/19 01:41:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/08/19 01:41:43 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/08/19 01:41:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/08/19 01:41:23 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/08/19 01:41:18 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/08/19 01:41:13 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/19 01:41:12 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/19 01:40:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/08/19 01:37:58 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/19 01:37:48 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/08/19 01:37:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/08/19 01:37:45 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/08/19 01:37:45 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/08/19 01:37:14 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/19 01:37:10 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/08/19 01:37:01 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/08/19 01:37:01 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/08/19 01:36:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/08/19 01:34:46 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/19 01:33:36 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/08/19 01:33:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/08/19 01:33:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/08/19 01:33:29 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/08/19 01:33:05 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/08/19 01:32:57 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/08/19 00:48:45 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/08/19 00:48:45 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/08/19 00:48:20 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/08/19 00:48:20 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/08/19 00:48:20 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/08/19 00:48:06 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/08/19 00:48:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/08/19 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Malwarebytes
[2010/08/19 00:30:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/19 00:30:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/19 00:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/19 00:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/19 00:29:57 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\katofreud08\Desktop\mbam-setup-1.46.exe
[2010/08/19 00:22:56 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Adobe
[2010/08/18 23:26:09 | 000,290,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RTKVADDA.EXE
[2010/08/18 23:19:23 | 002,167,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkHDMI.dll
[2010/08/18 23:19:23 | 000,725,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHDMIExt.dll
[2010/08/18 23:19:23 | 000,148,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtHDMIV.sys
[2010/08/18 23:19:20 | 001,777,664 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010/08/18 23:19:20 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/08/18 23:19:19 | 001,833,504 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2010/08/18 23:19:19 | 001,206,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010/08/18 23:19:19 | 000,547,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010/08/18 23:19:19 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/08/18 23:19:19 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010/08/18 23:19:19 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010/08/18 23:19:18 | 002,167,840 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010/08/18 23:19:18 | 002,161,760 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010/08/18 23:19:18 | 000,805,920 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010/08/18 23:19:18 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010/08/18 23:19:17 | 006,265,376 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010/08/18 23:19:17 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010/08/18 23:19:17 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010/08/18 23:19:17 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010/08/18 23:19:16 | 000,143,360 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2010/08/18 23:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/08/18 23:19:15 | 000,528,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010/08/18 23:19:01 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\ATI
[2010/08/18 23:19:01 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\ATI
[2010/08/18 23:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/08/18 23:17:57 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Google
[2010/08/18 23:10:32 | 014,033,923 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\acer.exe
[2010/08/18 23:10:31 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Macromedia
[2010/08/18 23:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Incorporated
[2010/08/18 23:10:25 | 000,000,000 | ---D | C] -- C:\Windows\ACER
[2010/08/18 23:08:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/08/18 23:06:02 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\PowerCinema
[2010/08/18 23:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Arcade Deluxe
[2010/08/18 23:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010/08/18 23:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010/08/18 23:00:55 | 000,114,688 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2010/08/18 23:00:42 | 000,023,040 | ---- | C] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2010/08/18 23:00:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll
[2010/08/18 23:00:25 | 000,331,776 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2010/08/18 23:00:25 | 000,043,184 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2010/08/18 23:00:25 | 000,016,384 | ---- | C] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2010/08/18 23:00:19 | 001,468,928 | ---- | C] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2010/08/18 22:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SPBA
[2010/08/18 22:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UIB
[2010/08/18 22:58:57 | 000,000,000 | ---D | C] -- C:\CLSetup
[2010/08/18 22:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Acer Inc
[2010/08/18 22:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2010/08/18 22:45:43 | 000,262,144 | ---- | C] (SuYin) -- C:\Windows\Acer Crystal Eye webcam.EXE
[2010/08/18 22:45:17 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\InstallShield
[2010/08/18 22:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/08/18 22:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/08/18 22:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/08/18 22:34:44 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\Documents\My Google Gadgets
[2010/08/18 22:34:34 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Google
[2010/08/18 22:34:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/18 22:34:14 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Searches
[2010/08/18 22:34:04 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Identities
[2010/08/18 22:34:02 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Contacts
[2010/08/18 22:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/08/18 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\VirtualStore
[2010/08/18 22:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\AppData\Local\Temporary Internet Files
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Templates
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Start Menu
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\SendTo
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Recent
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\PrintHood
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\NetHood
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Documents\My Videos
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Documents\My Pictures
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Documents\My Music
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\My Documents
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Local Settings
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\AppData\Local\History
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Cookies
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\Application Data
[2010/08/18 22:28:20 | 000,000,000 | -HSD | C] -- C:\Users\katofreud08\AppData\Local\Application Data
[2010/08/18 22:28:18 | 000,000,000 | --SD | C] -- C:\Users\katofreud08\AppData\Roaming\Microsoft
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Saved Games
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Pictures
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Music
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Links
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Favorites
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Downloads
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Documents
[2010/08/18 22:28:18 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Desktop
[2010/08/18 22:28:18 | 000,000,000 | -H-D | C] -- C:\Users\katofreud08\AppData
[2010/08/18 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Temp
[2010/08/18 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Local\Microsoft
[2010/08/18 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Media Center Programs
[2010/08/18 22:28:18 | 000,000,000 | ---D | C] -- C:\Users\katofreud08\AppData\Roaming\Acer GameZone Console
[2010/08/18 22:28:17 | 000,000,000 | R--D | C] -- C:\Users\katofreud08\Videos
[2008/07/11 16:05:17 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010/09/13 22:15:23 | 001,572,864 | -HS- | M] () -- C:\Users\katofreud08\ntuser.dat
[2010/09/13 22:07:54 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\katofreud08\Desktop\OTL.exe
[2010/09/13 21:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 21:24:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 21:24:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/13 17:00:23 | 064,580,852 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/13 11:56:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 11:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 10:15:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/09/13 10:14:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 10:14:16 | 3454,386,176 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/13 08:20:19 | 000,524,288 | -HS- | M] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000001.regtrans-ms
[2010/09/13 08:20:19 | 000,065,536 | -HS- | M] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TM.blf
[2010/09/13 01:32:41 | 001,828,430 | -H-- | M] () -- C:\Users\katofreud08\AppData\Local\IconCache.db
[2010/09/10 15:30:57 | 000,063,488 | ---- | M] () -- C:\Users\katofreud08\Documents\cdreportproforma#1209.doc
[2010/09/10 15:28:05 | 000,172,978 | ---- | M] () -- C:\Users\katofreud08\Documents\mentally-disordered-offenders-2007.pdf
[2010/09/10 15:27:38 | 006,244,420 | ---- | M] () -- C:\Users\katofreud08\Documents\CDSocialSupervisionSouthWalesJan2010a.pdf
[2010/09/10 15:24:16 | 001,353,026 | ---- | M] () -- C:\Users\katofreud08\Documents\refguidemha.pdf
[2010/09/10 12:21:43 | 000,003,584 | ---- | M] () -- C:\Users\katofreud08\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 12:20:39 | 000,691,826 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/10 12:20:39 | 000,600,822 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/10 12:20:39 | 000,106,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/10 00:14:36 | 000,000,149 | ---- | M] () -- C:\Users\katofreud08\Desktop\check.bat
[2010/09/09 16:31:14 | 001,665,635 | ---- | M] () -- C:\Users\katofreud08\Documents\Inq-Bryan(sum)[1].pdf
[2010/09/07 23:08:01 | 000,284,915 | ---- | M] () -- C:\Users\katofreud08\Desktop\gmer.zip
[2010/09/07 15:50:34 | 000,209,977 | ---- | M] () -- C:\Users\katofreud08\Documents\Argosreceipt8110.pdf
[2010/09/06 20:50:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/06 20:23:45 | 401,983,577 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/06 01:01:08 | 000,000,000 | ---- | M] () -- C:\Users\katofreud08\defogger_reenable
[2010/09/06 00:52:14 | 000,525,824 | ---- | M] () -- C:\Users\katofreud08\Desktop\dds.scr
[2010/09/06 00:51:25 | 000,050,477 | ---- | M] () -- C:\Users\katofreud08\Desktop\Defogger.exe
[2010/09/06 00:16:39 | 000,080,384 | ---- | M] () -- C:\Users\katofreud08\Desktop\MBRCheck.exe
[2010/09/06 00:11:17 | 000,133,632 | ---- | M] () -- C:\Users\katofreud08\Desktop\RKUnhookerLE.EXE
[2010/09/05 20:31:22 | 000,295,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/05 20:20:18 | 000,524,288 | -HS- | M] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 23:20:44 | 000,524,288 | -HS- | M] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/09/04 23:20:44 | 000,065,536 | -HS- | M] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/04 19:28:25 | 028,502,012 | ---- | M] () -- C:\Users\katofreud08\Desktop\HKEY_LOCAL_MACHINE.zip
[2010/09/04 19:15:12 | 000,095,374 | ---- | M] () -- C:\Users\katofreud08\Desktop\HKEY^_LOCAL^_MACHINE.htm
[2010/09/03 16:58:46 | 000,185,344 | ---- | M] () -- C:\Users\katofreud08\Desktop\Registration Form (2)edited.doc
[2010/09/03 15:03:31 | 000,071,016 | ---- | M] () -- C:\Users\katofreud08\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/03 14:33:38 | 000,000,162 | -H-- | M] () -- C:\Users\katofreud08\Desktop\~$gistration Form (2).doc
[2010/09/03 14:33:02 | 000,212,480 | ---- | M] () -- C:\Users\katofreud08\Desktop\Registration Form (2).doc
[2010/09/03 14:07:51 | 000,000,162 | -H-- | M] () -- C:\Users\katofreud08\Documents\~$gosreceipt8110.docx
[2010/09/03 14:06:59 | 000,573,692 | ---- | M] () -- C:\Users\katofreud08\Desktop\sc.jpg
[2010/09/03 13:21:45 | 008,698,438 | ---- | M] () -- C:\Users\katofreud08\Desktop\sc.bmp
[2010/09/03 13:13:27 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP220 series User Registration.LNK
[2010/09/03 13:07:32 | 000,000,412 | ---- | M] () -- C:\Windows\MAXLINK.INI
[2010/09/03 13:02:36 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\My Printer.lnk
[2010/09/03 13:02:24 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2010/09/03 13:01:06 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2010/09/03 13:00:10 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2010/09/03 12:59:28 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\MP220 series On-screen Manual.lnk
[2010/09/03 11:50:30 | 000,293,376 | ---- | M] () -- C:\Users\katofreud08\Desktop\8g8p0hzt.exe
[2010/09/01 19:31:08 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/09/01 19:31:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/09/01 19:31:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/09/01 19:31:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/09/01 19:27:43 | 000,874,272 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\katofreud08\Desktop\JavaSetup6u21.exe
[2010/09/01 18:59:51 | 000,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2010/09/01 10:11:17 | 000,034,891 | ---- | M] () -- C:\Users\katofreud08\Documents\Argosreceipt8110.docx
[2010/09/01 08:08:26 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2010/08/31 22:03:30 | 000,000,942 | ---- | M] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/30 14:20:11 | 000,011,097 | ---- | M] () -- C:\Users\katofreud08\Documents\agency.docx
[2010/08/30 13:32:55 | 000,011,787 | ---- | M] () -- C:\Users\katofreud08\Documents\emailsal.docx
[2010/08/30 11:42:23 | 000,016,793 | ---- | M] () -- C:\Users\katofreud08\Documents\CURRICULUM VITAE2010.docx
[2010/08/29 14:13:36 | 000,000,312 | ---- | M] () -- C:\Users\katofreud08\Desktop\Document1.rtf
[2010/08/28 11:55:37 | 000,616,965 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/08/25 12:32:57 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/08/25 12:32:57 | 000,001,651 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/08/25 12:32:55 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/25 12:32:55 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/08/25 12:32:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/25 12:32:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/25 12:32:42 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/25 12:30:46 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/08/25 12:29:17 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/08/25 11:43:02 | 002,133,536 | ---- | M] (AVG Technologies) -- C:\Users\katofreud08\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/08/25 11:25:24 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/24 12:11:09 | 000,000,947 | ---- | M] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/23 11:50:11 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/08/19 08:18:17 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/08/19 00:30:40 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/19 00:29:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\katofreud08\Desktop\mbam-setup-1.46.exe
[2010/08/18 23:19:24 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010/08/18 23:18:44 | 000,098,768 | ---- | M] () -- C:\Windows\System32\log.xml
[2010/08/18 23:13:23 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/08/18 23:12:30 | 000,524,288 | -HS- | M] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/18 23:07:34 | 000,000,680 | ---- | M] () -- C:\Users\katofreud08\AppData\Local\d3d9caps.dat
[2010/08/18 23:06:01 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2010/08/18 23:00:55 | 000,118,784 | ---- | M] () -- C:\Windows\System32\VMC3KAPI.dll
[2010/08/18 23:00:55 | 000,114,688 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\VCryptAPI.dll
[2010/08/18 23:00:42 | 000,023,040 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Windows\System32\ShlCmd.exe
[2010/08/18 23:00:40 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\biologon.dll
[2010/08/18 23:00:25 | 000,331,776 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\DrvCrypt.dll
[2010/08/18 23:00:25 | 000,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2010/08/18 23:00:25 | 000,016,384 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\AlfaFF.dll
[2010/08/18 23:00:20 | 001,468,928 | ---- | M] (UPEK, Inc.) -- C:\Windows\System32\bsapi.dll
[2010/08/18 22:58:57 | 000,000,020 | ---- | M] () -- C:\Medion.ini
[2010/08/18 22:47:58 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2010/08/18 22:46:11 | 000,000,083 | ---- | M] () -- C:\Windows\QtZgAcer.UNI
[2010/08/18 22:45:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/08/18 22:33:05 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\Acer Store.lnk
[2010/08/18 22:28:20 | 000,000,020 | -HS- | M] () -- C:\Users\katofreud08\ntuser.ini

========== Files Created - No Company Name ==========

[2010/09/10 15:30:56 | 000,063,488 | ---- | C] () -- C:\Users\katofreud08\Documents\cdreportproforma#1209.doc
[2010/09/10 15:28:04 | 000,172,978 | ---- | C] () -- C:\Users\katofreud08\Documents\mentally-disordered-offenders-2007.pdf
[2010/09/10 15:27:37 | 006,244,420 | ---- | C] () -- C:\Users\katofreud08\Documents\CDSocialSupervisionSouthWalesJan2010a.pdf
[2010/09/10 15:24:16 | 001,353,026 | ---- | C] () -- C:\Users\katofreud08\Documents\refguidemha.pdf
[2010/09/10 12:21:41 | 000,003,584 | ---- | C] () -- C:\Users\katofreud08\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 00:14:36 | 000,000,149 | ---- | C] () -- C:\Users\katofreud08\Desktop\check.bat
[2010/09/09 16:31:14 | 001,665,635 | ---- | C] () -- C:\Users\katofreud08\Documents\Inq-Bryan(sum)[1].pdf
[2010/09/07 15:50:24 | 000,209,977 | ---- | C] () -- C:\Users\katofreud08\Documents\Argosreceipt8110.pdf
[2010/09/06 20:50:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/09/06 01:02:10 | 000,284,915 | ---- | C] () -- C:\Users\katofreud08\Desktop\gmer.zip
[2010/09/06 01:01:08 | 000,000,000 | ---- | C] () -- C:\Users\katofreud08\defogger_reenable
[2010/09/06 00:52:04 | 000,525,824 | ---- | C] () -- C:\Users\katofreud08\Desktop\dds.scr
[2010/09/06 00:51:19 | 000,050,477 | ---- | C] () -- C:\Users\katofreud08\Desktop\Defogger.exe
[2010/09/06 00:16:35 | 000,080,384 | ---- | C] () -- C:\Users\katofreud08\Desktop\MBRCheck.exe
[2010/09/06 00:11:14 | 000,133,632 | ---- | C] () -- C:\Users\katofreud08\Desktop\RKUnhookerLE.EXE
[2010/09/05 19:59:29 | 000,524,288 | -HS- | C] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000002.regtrans-ms
[2010/09/05 19:59:28 | 000,524,288 | -HS- | C] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TMContainer00000000000000000001.regtrans-ms
[2010/09/05 19:59:28 | 000,065,536 | -HS- | C] () -- C:\Users\katofreud08\ntuser.dat{841e7fae-b90e-11df-a14a-001e68f92497}.TM.blf
[2010/09/04 19:28:23 | 028,502,012 | ---- | C] () -- C:\Users\katofreud08\Desktop\HKEY_LOCAL_MACHINE.zip
[2010/09/04 19:15:09 | 000,095,374 | ---- | C] () -- C:\Users\katofreud08\Desktop\HKEY^_LOCAL^_MACHINE.htm
[2010/09/04 02:55:12 | 3454,386,176 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/04 01:45:03 | 401,983,577 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/03 15:11:27 | 000,185,344 | ---- | C] () -- C:\Users\katofreud08\Desktop\Registration Form (2)edited.doc
[2010/09/03 14:33:38 | 000,000,162 | -H-- | C] () -- C:\Users\katofreud08\Desktop\~$gistration Form (2).doc
[2010/09/03 14:32:58 | 000,212,480 | ---- | C] () -- C:\Users\katofreud08\Desktop\Registration Form (2).doc
[2010/09/03 14:06:59 | 000,573,692 | ---- | C] () -- C:\Users\katofreud08\Desktop\sc.jpg
[2010/09/03 13:29:28 | 000,000,162 | -H-- | C] () -- C:\Users\katofreud08\Documents\~$gosreceipt8110.docx
[2010/09/03 13:18:34 | 008,698,438 | ---- | C] () -- C:\Users\katofreud08\Desktop\sc.bmp
[2010/09/03 13:13:27 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP220 series User Registration.LNK
[2010/09/03 13:07:32 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/09/03 13:02:36 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2010/09/03 13:02:24 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2010/09/03 13:01:06 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2010/09/03 13:00:10 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2010/09/03 12:59:28 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\MP220 series On-screen Manual.lnk
[2010/09/03 11:50:20 | 000,293,376 | ---- | C] () -- C:\Users\katofreud08\Desktop\8g8p0hzt.exe
[2010/09/01 18:59:51 | 000,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2010/09/01 10:11:16 | 000,034,891 | ---- | C] () -- C:\Users\katofreud08\Documents\Argosreceipt8110.docx
[2010/09/01 08:08:26 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2010/08/31 22:03:30 | 000,000,942 | ---- | C] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/30 13:57:25 | 000,011,097 | ---- | C] () -- C:\Users\katofreud08\Documents\agency.docx
[2010/08/30 13:20:14 | 000,011,787 | ---- | C] () -- C:\Users\katofreud08\Documents\emailsal.docx
[2010/08/29 14:13:36 | 000,000,312 | ---- | C] () -- C:\Users\katofreud08\Desktop\Document1.rtf
[2010/08/25 13:20:15 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/08/25 13:20:11 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/08/25 13:19:47 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/08/25 13:19:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/08/25 13:19:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/08/25 13:19:32 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/08/25 13:19:30 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/08/25 13:19:18 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/08/25 13:18:45 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/08/25 13:18:38 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/08/25 13:17:11 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/08/25 12:32:57 | 000,001,651 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/08/25 12:32:42 | 000,616,965 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/08/25 12:32:42 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/08/25 12:32:41 | 064,580,852 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/24 14:15:10 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/08/24 14:03:20 | 000,016,793 | ---- | C] () -- C:\Users\katofreud08\Documents\CURRICULUM VITAE2010.docx
[2010/08/24 12:02:16 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/08/23 11:56:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 11:56:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 11:50:11 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2010/08/23 11:14:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/23 11:14:44 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/08/19 01:41:47 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/08/19 00:30:40 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 23:26:10 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2010/08/18 23:19:23 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010/08/18 23:18:44 | 000,098,768 | ---- | C] () -- C:\Windows\System32\log.xml
[2010/08/18 23:17:34 | 000,000,947 | ---- | C] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/18 23:13:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/18 23:10:31 | 036,909,056 | ---- | C] () -- C:\Windows\System32\acer.scr
[2010/08/18 23:06:01 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Acer Arcade Deluxe.lnk
[2010/08/18 23:02:01 | 000,006,057 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2010/08/18 23:00:55 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2010/08/18 22:58:57 | 000,000,020 | ---- | C] () -- C:\Medion.ini
[2010/08/18 22:48:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml
[2010/08/18 22:47:58 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2010/08/18 22:46:11 | 000,000,083 | ---- | C] () -- C:\Windows\QtZgAcer.UNI
[2010/08/18 22:45:43 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010/08/18 22:45:43 | 000,222,382 | ---- | C] () -- C:\Windows\Acer Crystal Eye webcam.ico
[2010/08/18 22:45:43 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/18 22:45:43 | 000,004,838 | ---- | C] () -- C:\Windows\Suyin.reg
[2010/08/18 22:45:43 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010/08/18 22:45:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/08/18 22:33:05 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\Acer Store.lnk
[2010/08/18 22:28:30 | 000,000,680 | ---- | C] () -- C:\Users\katofreud08\AppData\Local\d3d9caps.dat
[2010/08/18 22:28:20 | 000,000,020 | -HS- | C] () -- C:\Users\katofreud08\ntuser.ini
[2010/08/18 22:28:19 | 000,524,288 | -HS- | C] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/18 22:28:19 | 000,524,288 | -HS- | C] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/18 22:28:19 | 000,262,144 | -H-- | C] () -- C:\Users\katofreud08\ntuser.dat.LOG1
[2010/08/18 22:28:19 | 000,065,536 | -HS- | C] () -- C:\Users\katofreud08\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/18 22:28:19 | 000,000,000 | -H-- | C] () -- C:\Users\katofreud08\ntuser.dat.LOG2
[2010/08/18 22:28:18 | 000,001,850 | ---- | C] () -- C:\Users\katofreud08\Desktop\Cyberlink PowerDirector.lnk
[2010/08/18 22:28:18 | 000,000,258 | ---- | C] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/08/18 22:28:18 | 000,000,240 | ---- | C] () -- C:\Users\katofreud08\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/08/18 22:28:17 | 001,572,864 | -HS- | C] () -- C:\Users\katofreud08\ntuser.dat
[2008/07/11 16:29:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/07/11 16:29:59 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/07/11 16:04:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/07/11 16:04:13 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/07/11 16:03:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/01/26 09:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 02:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 09:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 02:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 08:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 05:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 05:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 05:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 05:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 05:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 12:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/05/28 09:47:08 | 000,171,016 | R--- | M] (AMD Technologies Inc.) MD5=9879FF9F6A04D660BC245788E1881B00 -- C:\ACER\Preload\Autorun\DRV\AMD VGA Chip RS780MN M82ME-XT M86ME\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/03/12 09:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/03/12 09:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 09:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 09:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 09:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 05:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 05:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 12:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/22 07:59:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=76D70915EB81608DC6ACA87887FAB38F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22120_none_ddac250d3ab7a648\atapi.sys
[2008/02/22 08:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_3d9c5057\atapi.sys
[2008/02/22 08:03:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=92210921EEFC081693F649C3631DEEC2 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18023_none_dd25892021975283\atapi.sys
[2008/03/12 09:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 12:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 12:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/13 08:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 05:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 05:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 05:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 12:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 09:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 09:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 05:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/21 05:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/21 05:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/21 05:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 12:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 12:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 05:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 05:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 05:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 05:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 09:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 09:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/22 17:13:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 09:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 09:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 06:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 06:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 06:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 13:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 13:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/08/18 23:00:25 | 000,043,184 | ---- | M] (Alfa Corporation) -- C:\Windows\System32\drivers\AlfaFF.sys
[2010/08/25 12:29:17 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/08/25 12:30:46 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/08/25 12:32:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/08/25 12:32:44 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/08/25 12:32:55 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/08/25 12:32:55 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2010/06/18 18:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 18:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/16 19:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
< End of report >
------------

#4 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 02:55 PM

Second OTL log (extras)
------------------------------------------------------------------------------
OTL Extras logfile created on: 13/09/2010 22:09:26 - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\katofreud08\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 107.85 Gb Free Space | 74.87% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 138.00 Gb Free Space | 98.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATOFREUD08-PC
Current User Name: katofreud08
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E5B306-BF4C-459F-88DB-C2410BA61842}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{1C6EA513-30A2-4A59-B48F-CB9DDA99FC42}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{2074DDDA-6A76-4DD9-8B90-4D1EB7B805D2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{37F344BD-49F8-4FCE-82B2-D5B408315D1B}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{3AD0952B-9179-4784-BAE8-1819F07BC562}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{59393BA8-D360-4361-84D0-A1D1A32259D2}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5FF82F18-FACA-4E12-B47C-F8EE2B5E814A}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{70452795-A48A-4948-BFAB-DDDAC202B2C7}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{716C5A3A-904E-4274-9F57-12B391B7992A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{73931216-4B2E-4973-93F0-72E94E51981D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{83828E73-E67E-431E-B642-23D8522B6A89}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8E99E582-8885-4A50-84C7-A131DEFEB50E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A231B6F0-AEA8-4A84-AA63-F48FC382DFEC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{B511639B-577C-43E4-A5EE-AFC4FE0CA430}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D6F7F9EB-2D83-40A9-8E01-A7E965BC339A}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{E237ABC8-09B4-44BE-A51C-394B4A329E99}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002097BB-4AFC-F885-A061-D674E5A7D586}" = Catalyst Control Center Localization Czech
"{02755AE5-6643-FF3B-E1B9-C35D88D1B519}" = Catalyst Control Center Core Implementation
"{0D0E5A72-16E4-2976-1BB6-9B1588FD1688}" = CCC Help Danish
"{0D7B6373-8A37-A1FD-8AB0-43AAD69A4173}" = CCC Help Portuguese
"{0DED2BE4-B8D3-6422-613D-79619C997D03}" = CCC Help Czech
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{12F0F9AE-14C1-D9B2-3627-4E7B2E3FCC62}" = Catalyst Control Center Localization Swedish
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{13EAEF04-7E24-F813-9F5E-588ABAB48DDF}" = Catalyst Control Center Localization Spanish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F9DFBC7-D9C5-2F90-EB8C-1BFAA992A264}" = CCC Help Spanish
"{223E1972-08A7-6232-B8BF-AEFB0D55F131}" = Catalyst Control Center Graphics Full New
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28043791-BCD6-349E-1358-74E91F0CC056}" = CCC Help Japanese
"{28C0E907-7C72-7E55-C9D1-822635050011}" = Catalyst Control Center Localization Russian
"{29CF0734-CBA0-E24C-6CE4-CF8CCF65E9F1}" = Catalyst Control Center Localization French
"{29E9D72B-AFAB-5EDF-DF53-FE41147CDF44}" = CCC Help Greek
"{2E4AB89A-C177-40D5-B018-B0152D3F2305}" = Catalyst Control Center - Branding
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{31DC5AB6-0E15-97EF-F8C5-507D9A4254A2}" = Catalyst Control Center Localization Portuguese
"{3C4DF11D-CDB9-9FC4-68B2-0639C35D12B3}" = CCC Help Turkish
"{44353286-A029-E150-E0AC-D5A9A7354EDC}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D5FE96A-7708-CD37-FF52-C7E00D9E4E4C}" = Catalyst Control Center Localization Hungarian
"{5095E8BE-8C1F-EDDA-8E46-8EDA4ECCDC62}" = Catalyst Control Center Localization Dutch
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BD279D5-67E0-9088-1A3D-12F51671021D}" = Catalyst Control Center Localization Norwegian
"{5C77247B-F8B6-FAF4-1681-B5DAE7E62312}" = CCC Help Hungarian
"{6090F363-5D4F-E7D7-5ED7-031A753C3384}" = ccc-utility
"{6252C234-C8D0-5B4F-A142-AC50DBF48718}" = Catalyst Control Center Localization Korean
"{641BC1FD-F2A2-1A40-DAF7-F5A96A96D4CB}" = Catalyst Control Center Localization Polish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C55D7E5-F296-4352-CB18-D53443D26B45}" = Catalyst Control Center Localization Italian
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7157B290-394E-30E1-3B1B-D46CB6913BC8}" = Catalyst Control Center Localization Thai
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A1D1C2B-0F70-1914-CE8D-6A1E6C928AE8}" = CCC Help Chinese Standard
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D36BA0E-75EC-51FB-A7B0-EB7BA6BE0A05}" = CCC Help Korean
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{92894D89-0A51-C4B4-39B4-C5460544F788}" = CCC Help Russian
"{9346230F-C4A8-17D3-D096-7E8367676DD1}" = ATI Catalyst Install Manager
"{9451B7F2-1745-99D0-DEBB-D589EAD4E96C}" = CCC Help Polish
"{9E569D4E-7DB4-2EF9-4E14-786507F4415D}" = CCC Help Norwegian
"{9FB10BC7-66AF-74D8-730C-937D717D7179}" = CCC Help English
"{A15FA2C2-261B-EAB2-B966-8747ACC663BB}" = ccc-core-static
"{A2FAA089-E483-8F22-1EC4-DF063D35BC07}" = CCC Help German
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A73A8DFE-C038-771D-7E02-E10489D5FDE2}" = Catalyst Control Center InstallProxy
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{B12707C5-AC65-1931-DDB4-01BDF3E8199E}" = Catalyst Control Center Localization Chinese Standard
"{B7246337-1876-A73D-4BA1-F82580ECBEFB}" = Catalyst Control Center Localization German
"{BA4022C7-73DC-0475-66D5-42F848C8689C}" = Catalyst Control Center Localization Danish
"{C3998FFF-D1A7-6EDA-A875-1E682FF97C8B}" = CCC Help Dutch
"{C910E5DF-2963-E060-5788-60652960B779}" = CCC Help Chinese Traditional
"{C9AEF005-E9D0-5696-609B-223A1F5895F2}" = CCC Help Thai
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC9A7C19-5B95-738F-8874-CCBD3C953265}" = Catalyst Control Center Localization Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2951D23-EA51-8B7F-21A2-41F70CE18420}" = Catalyst Control Center Localization Finnish
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7CF461-F5F3-B13D-EB0F-D693E93732A8}" = Catalyst Control Center Localization Japanese
"{DDC3E8AB-3642-69AF-92FE-5AF21BC7674E}" = CCC Help Swedish
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E7FDC74E-1212-26E7-F3D3-017B7EAF465D}" = Catalyst Control Center Graphics Light
"{E962C12D-980F-3FD1-4668-EFE380BAAD66}" = CCC Help Italian
"{EB1DFFCD-0910-800A-B11A-15AD9386E524}" = Catalyst Control Center Localization Greek
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD52F0AA-76EB-D838-EF16-BB157EE9351C}" = Catalyst Control Center Graphics Full Existing
"{FDBA1DEC-67ED-BC53-F667-C679FAC0B692}" = CCC Help Finnish
"{FE6C4A72-BB28-6E2D-3EE9-F0E37ECC7EFF}" = Catalyst Control Center Localization Chinese Traditional
"Acer Acer Bio Protection 6.0.00.16" = Acer Bio Protection

AAU 6.0.00.16
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG 9.0
"Canon MP220 series User Registration" = Canon MP220 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Rapport_msi" = Rapport
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 11:50:02 | Computer Name = katofreud08-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18943, time stamp
0x4c25813d, faulting module IEShims.dll, version 8.0.6001.18943, time stamp 0x4c25980e,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x2734, application
start time 0x01cb4ea454ef6000.

Error - 07/09/2010 16:13:54 | Computer Name = katofreud08-PC | Source = Perflib | ID = 1010
Description =

Error - 07/09/2010 20:20:55 | Computer Name = katofreud08-PC | Source = EventSystem | ID = 4621
Description =

Error - 08/09/2010 01:54:15 | Computer Name = katofreud08-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 01:54:44 | Computer Name = katofreud08-PC | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 08/09/2010 01:55:14 | Computer Name = katofreud08-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0061): Streaming Failed

Error - 08/09/2010 01:56:05 | Computer Name = katofreud08-PC | Source = Google Update | ID = 20
Description =

Error - 08/09/2010 09:14:29 | Computer Name = katofreud08-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/09/2010 09:15:47 | Computer Name = katofreud08-PC | Source = CVHSVC | ID = 100
Description = Information only. Too many failures while downloading ranges: 2

Error - 08/09/2010 09:16:52 | Computer Name = katofreud08-PC | Source = CVHSVC | ID = 100
Description = Information only. (Stream product id=0x0061): Streaming Failed

[ System Events ]
Error - 03/09/2010 18:46:48 | Computer Name = katofreud08-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/09/2010 18:46:58 | Computer Name = katofreud08-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/09/2010 18:46:59 | Computer Name = katofreud08-PC | Source = DCOM | ID = 10005
Description =

Error - 03/09/2010 18:47:00 | Computer Name = katofreud08-PC | Source = DCOM | ID = 10005
Description =

Error - 03/09/2010 18:47:10 | Computer Name = katofreud08-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 03/09/2010 19:55:34 | Computer Name = katofreud08-PC | Source = HTTP | ID = 15016
Description =

Error - 03/09/2010 20:23:27 | Computer Name = katofreud08-PC | Source = HTTP | ID = 15016
Description =

Error - 04/09/2010 02:25:03 | Computer Name = katofreud08-PC | Source = HTTP | ID = 15016
Description =

Error - 04/09/2010 02:30:17 | Computer Name = katofreud08-PC | Source = Microsoft-Windows-Service Pack Installer | ID = 8
Description =

Error - 05/09/2010 12:57:30 | Computer Name = katofreud08-PC | Source = HTTP | ID = 15016
Description =


< End of report >


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 13 September 2010 - 03:06 PM

Hi,

can you please provide a log from netstat. The logs so far look clean, to be honest, with the possible exception of the MBR.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 05:04 PM

Heres a current "netstat -abfo" output (With screen error anotation in square brackets)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 katofreud08-PC:0 LISTENING 1232
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 katofreud08-PC:0 LISTENING 4

Can not obtain ownership information
[Screen Shows:- x: Windows Sockets initialization failed:5]

TCP 0.0.0.0:5151 katofreud08-PC:0 LISTENING 3256
[SchedulerSvc.exe]
TCP 0.0.0.0:8384 katofreud08-PC:0 LISTENING 2952
[BackupSvc.exe]
TCP 0.0.0.0:10000 katofreud08-PC:0 LISTENING 2300
[Agentsvc.exe]
TCP 0.0.0.0:49152 katofreud08-PC:0 LISTENING 656
[wininit.exe]
TCP 0.0.0.0:49153 katofreud08-PC:0 LISTENING 1624
Eventlog
[svchost.exe]
TCP 0.0.0.0:49154 katofreud08-PC:0 LISTENING 768
[lsass.exe]
TCP 0.0.0.0:49155 katofreud08-PC:0 LISTENING 1668
Schedule
[svchost.exe]
TCP 0.0.0.0:49156 katofreud08-PC:0 LISTENING 3292
PolicyAgent
[svchost.exe]
TCP 0.0.0.0:49157 katofreud08-PC:0 LISTENING 756
[services.exe]
TCP 127.0.0.1:4664 katofreud08-PC:0 LISTENING 4732
[GoogleDesktop.exe]
TCP 127.0.0.1:10110 katofreud08-PC:0 LISTENING 3832
[avgemc.exe]
TCP 192.168.97.27:139 katofreud08-PC:0 LISTENING 4

Can not obtain ownership information
[Screen Shows:- x: Windows Sockets initialization failed:5]

TCP 192.168.97.27:49191 ey-in-f104.1e100.net:https ESTABLISHED 4732
[GoogleDesktop.exe]
TCP [::]:135 katofreud08-PC:0 LISTENING 1232
RpcSs
[svchost.exe]
TCP [::]:445 katofreud08-PC:0 LISTENING 4

Can not obtain ownership information
[Screen Shows:- x: Windows Sockets initialization failed:5]

TCP [::]:49152 katofreud08-PC:0 LISTENING 656
[wininit.exe]
TCP [::]:49153 katofreud08-PC:0 LISTENING 1624
Eventlog
[svchost.exe]
TCP [::]:49154 katofreud08-PC:0 LISTENING 768
[lsass.exe]
TCP [::]:49155 katofreud08-PC:0 LISTENING 1668
Schedule
[svchost.exe]
TCP [::]:49156 katofreud08-PC:0 LISTENING 3292
PolicyAgent
[svchost.exe]
TCP [::]:49157 katofreud08-PC:0 LISTENING 756
[services.exe]
UDP 0.0.0.0:123 *:* 1844
W32Time
[svchost.exe]
UDP 0.0.0.0:500 *:* 1668
IKEEXT
[svchost.exe]
UDP 0.0.0.0:4500 *:* 1668
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5355 *:* 1540
Dnscache
[svchost.exe]
UDP 0.0.0.0:10001 *:* 2300
[Agentsvc.exe]
UDP 127.0.0.1:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:49152 *:* 1468
[RapportMgmtService.exe]
UDP 127.0.0.1:51162 *:* 6908
[iexplore.exe]
UDP 127.0.0.1:58631 *:* 1844
SSDPSRV
[svchost.exe]
UDP 192.168.97.27:137 *:* 4

Can not obtain ownership information
[Screen Shows:- x: Windows Sockets initialization failed:5]

UDP 192.168.97.27:138 *:* 4

Can not obtain ownership information
[Screen Shows:- x: Windows Sockets initialization failed:5]

UDP 192.168.97.27:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP 192.168.97.27:58630 *:* 1844
SSDPSRV
[svchost.exe]
UDP [::]:123 *:* 1844
W32Time
[svchost.exe]
UDP [::]:500 *:* 1668
IKEEXT
[svchost.exe]
UDP [::]:5355 *:* 1540
Dnscache
[svchost.exe]
UDP [::1]:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP [::1]:58628 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::100:7f:fffe%12]:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::100:7f:fffe%12]:58629 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::a0f1:ce5e:ddaf:e984%10]:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::a0f1:ce5e:ddaf:e984%10]:58627 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::b5b5:5c66:e28c:3fec%11]:1900 *:* 1844
SSDPSRV
[svchost.exe]
UDP [fe80::b5b5:5c66:e28c:3fec%11]:58626 *:* 1844
SSDPSRV
[svchost.exe]
--------------------------------------------------------------------------------------------------------------------------------
c:\wmic process list brief
--------------------------------------------------------------------------------------------------------------------------------
HandleCount Name Priority ProcessId ThreadCount WorkingSetSize
0 System Idle Process 0 0 2 24576
2011 System 8 4 174 115298304
28 smss.exe 11 528 4 745472
954 csrss.exe 13 596 12 7118848
103 wininit.exe 13 656 3 4157440
776 csrss.exe 13 664 11 9367552
560 avgchsvx.exe 8 680 47 430080
284 avgrsx.exe 8 688 28 688128
285 services.exe 9 756 6 7008256
704 lsass.exe 9 768 11 2150400
219 lsm.exe 8 784 10 4509696
196 avgcsrvx.exe 8 804 9 393216
125 winlogon.exe 13 888 3 5824512
320 svchost.exe 8 1164 7 6336512
374 svchost.exe 8 1232 8 6930432
242 RapportMgmtService.exe 8 1468 10 24723456
141 Ati2evxx.exe 8 1600 5 4907008
439 svchost.exe 8 1624 22 14442496
605 svchost.exe 8 1652 43 71315456
1357 svchost.exe 8 1668 52 52252672
107 audiodg.exe 8 1760 3 17338368
126 svchost.exe 8 1784 5 5009408
94 SLsvc.exe 8 1804 4 11821056
467 svchost.exe 8 1844 27 10985472
159 Ati2evxx.exe 8 1972 6 6606848
204 upeksvr.exe 8 196 16 8585216
107 CompPtcVUI.exe 8 848 2 10653696
560 svchost.exe 8 1540 25 15974400
306 spoolsv.exe 8 868 16 9584640
577 AVGIDSAgent.exe 8 1112 29 21725184
293 svchost.exe 8 1584 28 16855040
40 agrsmsvc.exe 8 2196 2 2654208
1429 avgwdsvc.exe 8 2244 42 4390912
789 avgfws9.exe 8 2272 32 19005440
103 Agentsvc.exe 8 2300 2 5054464
59 CLHNService.exe 8 2316 3 3719168
88 eDSService.exe 8 2504 6 4571136
289 ETService.exe 8 2528 10 17063936
88 BASVC.exe 8 2724 5 8564736
42 LSSrvc.exe 8 2804 2 3661824
153 MobilityService.exe 8 2860 5 10440704
68 BackupSvc.exe 8 2952 2 7938048
324 avgam.exe 8 2992 15 2183168
403 avgnsx.exe 8 3028 28 1253376
98 SchedulerSvc.exe 8 3256 5 6119424
121 svchost.exe 8 3292 5 4751360
70 RichVideo.exe 8 3344 4 4247552
87 sftvsa.exe 8 3588 3 4661248
148 svchost.exe 8 3652 7 6918144
46 svchost.exe 8 3692 4 2195456
770 SearchIndexer.exe 8 3764 15 17981440
653 avgemc.exe 8 3832 20 1769472
371 sftlist.exe 8 4016 13 13639680
143 avgcsrvx.exe 8 2108 4 6545408
354 taskeng.exe 8 3212 13 11436032
154 dwm.exe 13 3716 7 66715648
694 explorer.exe 8 3684 29 56700928
299 RapportService.exe 8 4132 15 39088128
130 WmiPrvSE.exe 8 4456 6 6533120
346 MSASCui.exe 8 4624 11 9723904
284 ePower_DMC.exe 8 4632 11 19476480
322 eDSLoader.exe 8 4640 7 16936960
244 eAudio.exe 8 4668 4 14409728
46 BkupTray.exe 8 4684 1 4644864
535 GoogleDesktop.exe 8 4732 14 6729728
141 SynTPEnh.exe 10 4780 5 9195520
79 PLFSetI.exe 8 4788 1 6967296
353 MOM.exe 8 4972 14 6496256
178 CVHSVC.EXE 8 4980 6 9867264
127 QtZgAcer.EXE 8 5876 4 10686464
448 PdtWzd.exe 8 5892 11 14823424
158 ArcadeDeluxeAgent.exe 8 5904 2 9928704
88 unsecapp.exe 8 5960 2 6541312
216 CLMLSvc.exe 6 5988 8 12238848
113 PMVService.exe 8 6068 1 8200192
549 CCC.exe 8 1288 16 8855552
222 RtHDVCpl.exe 8 4428 9 10268672
366 avgtray.exe 8 4988 19 1576960
55 jusched.exe 8 4852 1 4673536
43 BJMYPRT.EXE 8 5124 1 5115904
43 OpWareSE4.exe 8 5856 1 4689920
98 RtkBtMnt.exe 8 4756 2 5681152
175 GoogleToolbarNotifier.exe 8 4932 4 901120
58 AVGIDSMonitor.exe 8 5728 3 5484544
34 SynTPHelper.exe 10 3264 1 3932160
769 iexplore.exe 8 6656 20 38670336
1489 iexplore.exe 8 6908 36 99213312
199 avgcsrvx.exe 8 6952 7 368640
92 FlashUtil10i_ActiveX.exe 8 1952 3 6840320
21 cmd.exe 8 4912 1 2351104
44 conime.exe 8 7704 1 4497408
1013 iexplore.exe 8 8120 20 67817472
944 iexplore.exe 8 6232 18 71204864
835 iexplore.exe 8 6220 14 40796160
85 taskeng.exe 6 2136 5 4292608
148 WMIC.exe 8 4844 3 8499200
124 WmiPrvSE.exe 8 5056 6 7135232

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 13 September 2010 - 05:48 PM

Hi,

that log is actually looking good. The are no established connections and the errors showing the x does not mean it is trying to connect to the partition, but it is part of an error message.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 06:30 PM

Thanks myrti,

But why do we now have a Q: drive that wasn't there before...?

& why does Windows defender turn off every time I connect to the internet ( I always restart it) & then still keep "Permiting" through programs with "Possible unwanted behavoir" without prompting?
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
12/09/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dsencn

file:
C:\Windows\system32\drivers\psrfqbkk.sys

Category:
Not Yet Classified
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
09/092010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
process:
pid:3180

service:
0B5053C9

file:
C:\Windows\system32\0B5053C9.exe

Category:
Not Yet Classified
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
09/09/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
process:
pid:7424

service:
579EF571

file:
C:\Windows\system32\579EF571.exe

Category:
Not Yet Classified

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
09/09/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
process:
pid:7652

service:
D7A8FA9D

file:
C:\Windows\system32\D7A8FA9D.exe

Category:
Not Yet Classified

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
09/09/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Normandy

file:
C:\Windows\system32\drivers\Normandy.sys

Category:
Not Yet Classified

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
07/09/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Normandy

file:
C:\Windows\system32\drivers\Normandy.sys

Category:
Not Yet Classified
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
23/08/2010
Description:
This program has potentially unwanted behavior.

Advice:
Permit this detected item only if you trust the program or the software publisher.

Resources:
iemain:
HKCU@S-1-5-21-3301625118-1092049821-1787829980-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page

Category:
Not Yet Classified
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I know I sound Paranoid, but there seem to be lots of odd things happening... Are there any other checks we can do...?

Steve...

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 13 September 2010 - 06:42 PM

Hi,

I understood that you port a removable drive that is recognized as Q:? Is this not the case? If so why shouldn't it be present?

QUOTE
& why does Windows defender turn off every time I connect to the internet ( I always restart it)


You seem to have AVG Pro, AVG Pro (like many other security suites) disables Windows Defender since they have their own spyware concept.

QUOTE
then still keep "Permiting" through programs with "Possible unwanted behavoir" without prompting?

I can't really answer that one. Maybe that setting was at some point chosen inadvertently. From the log you posted there have been 5 notifications in about the same amount of days. Considering that Windows Defender does not differentiate between normal software and malware, that isn't too much.

I was going to ask you for at least one more log, namely Eset online scan:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 07:15 PM

OK in an attempt to answer the "Windows Defender" Question I did a search here:

http://www.microsoft.com/windows/products/...imeprotect.mspx

I tried running Defender with admin rights (Start>All programs> [right click] Windows defender> Run as admin) User Account control said an unidentified nprogram wants access to your computer MSASCui.exe It says "Unidentified publisher", surley it should say Microsoft...?

If I allow it & then go to Tools I don't get the General Settings option...?

When I try to use the "Start Search" window Google Pops up with it's search window... Don't seem to be able to get to the Windows search option at all... only The google one.

8^(





#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 13 September 2010 - 07:21 PM

Hi,

in your last log it still had Microsoft as a Publisher:
PRC - [2008/01/21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

Please run a search for the file with OTL and use the following settings:
  • Check Scan All Users.
  • For Processes choose none.
  • For Modules choose none.
  • For Services choose none.
  • For Drivers choose none.
  • For Standard Registry choose none.
  • For Extra Registry choose none.
  • For Files Created Within choose none.
  • For Files Modified Within choose none.
  • Under Custom Scans/Fixes paste:
    CODE
    /md5start
    msascui.exe
    /md5stop
  • Finally hit Run Scan and wait for the log to open.
  • Please post the content of the log into your next reply.

I would not expect Windows Defender to run normally while AVG is installed, it is disabled to not interer with the program and it probably is blockd on more than one level.

Where do you always get the google box? On your desktop or in your browser?

regards myrti

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 13 September 2010 - 07:32 PM

Just checked with my wife & she has used a usb hard drive on the computer... Sorry for the confusion.... Running ESET scan now...

OTL logfile created on: 14/09/2010 03:34:15 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\katofreud08\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.04 Gb Total Space | 106.94 Gb Free Space | 74.24% Space Free | Partition Type: NTFS
Drive D: | 140.50 Gb Total Space | 138.00 Gb Free Space | 98.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KATOFREUD08-PC
Current User Name: katofreud08
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: MSASCUI.EXE >
[2008/01/21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) MD5=0D392EDE3B97E0B3131B2F63EF1DB94E -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/01/21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) MD5=0D392EDE3B97E0B3131B2F63EF1DB94E -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_57bcb0ca582f18c5\MSASCui.exe
[2008/01/21 05:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) MD5=0D392EDE3B97E0B3131B2F63EF1DB94E -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_59a829d65550e411\MSASCui.exe
< End of report >

I will have to post the ESET log tomorow as it's 03:57 here & I need to shut my eyes....

Thanks again,

Steve....

Edited by SteveHam, 13 September 2010 - 07:58 PM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 14 September 2010 - 04:21 AM

Hi,

it seems that all the files have Microsoft as distributor, I'm not sure what file was being blocked at this point. Maybe the program just couldn't read the information correctly at the time.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 14 September 2010 - 01:41 PM

I Ran the ESET scan.. Nothing found & I didn't get a log file...?

My wife is not at her best when woken at 3.00am & asked to answer computer related questions... In the cool light of day, after a little quizing she says she hasn't attached the USB drive since we did the D2D reset to factory settings... So no idea what Drive Q: is...?

A gmer scan of Q: gives
---------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-14 20:39:59
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\KATOFR~1\AppData\Local\Temp\fwlyrfoc.sys


---- Files - GMER 1.0.15 ----

File Q:\140061.enu

---- EOF - GMER 1.0.15 ----

---------------------------------------------------------------------------------------------------------------------------------

A web search gives:-ATI Radeon Video Driver file ...?

Would you consider it unusual to have over 2,000 log warnings, in three weeks about down loading files that are not applicable for this system...?

Heres a sample:-
---------------------------------------------------------
Level Date and Time Source Event ID Task Category
Warning 19/08/2010 01:07:02 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package KB978601(Security Update) is not applicable for this system
Warning 19/08/2010 01:07:02 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package KB978601(Security Update) is not applicable for this system
Warning 19/08/2010 01:07:02 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package KB978601(Security Update) is not applicable for this system
Warning 19/08/2010 01:07:01 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package KB978601(Security Update) is not applicable for this system
Warning 19/08/2010 01:05:47 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package KB979309(Security Update) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-hk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-uk-ua-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-th-th-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sl-si-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sk-sk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sr-latn-cs-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ro-ro-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-lt-lt-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-lv-lv-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-et-ee-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-hr-hr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-bg-bg-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:57 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-tr-tr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-sv-se-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ru-ru-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pt-pt-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pt-br-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-pl-pl-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ps-ps-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-nb-no-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-nl-nl-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ko-kr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:56 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-it-it-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-hu-hu-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-he-il-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-fr-fr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-fi-fi-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-es-es-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-el-gr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-de-de-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-da-dk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-cs-cz-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:55 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-tw-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:54 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-zh-cn-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:54 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ar-sa-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:54 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Core-Package-ja-jp-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:54 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WindowsUpdateClient-SelfUpdate-Core-AdmComp-Package_en-US(Language Pack) is not applicable for this system
Warning 19/08/2010 00:48:54 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WindowsUpdateClient-SelfUpdate-Core-AdmComp-Package(Update) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-hk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-uk-ua-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-th-th-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sl-si-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sk-sk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sr-latn-cs-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ro-ro-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-lt-lt-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-lv-lv-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-et-ee-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-hr-hr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:27 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-bg-bg-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-tr-tr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-sv-se-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ru-ru-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pt-pt-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pt-br-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-pl-pl-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ps-ps-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-nb-no-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-nl-nl-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ko-kr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-it-it-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:26 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-hu-hu-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-he-il-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-fr-fr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-fi-fi-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-es-es-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-el-gr-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-de-de-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-da-dk-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-cs-cz-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-tw-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-zh-cn-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ar-sa-MiniLP(Feature Pack) is not applicable for this system
Warning 19/08/2010 00:48:25 Microsoft-Windows-Servicing 4374 None Windows Servicing identified that package WUClient-SelfUpdate-Aux-Package-ja-jp-MiniLP(Feature Pack) is not applicable for this system
-------------------------------------------------------------------------------------

There's more oddness in the logs, but I don't whant to take-up your time, if you fell everthing is OK...

Thanks,

Steve......


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:54 PM

Posted 14 September 2010 - 04:55 PM

Hi,

a look around would suggest that you are using Office 2010 through Click-to-Run. It pretends to have its own partition witht he label Q: even though there isn't really any hardware backing this up. In fact you would not be able to use Office 2010 through Click-to-Run if you had some hardware, such as a flash drive, that is recognized by the label Q:

I'm looking at the warnings, but normally warnings are nothing to be worried about. MS spits out several hundreds of them each day.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users