Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect/ Google Analytics Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 Jembreeze

Jembreeze

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 04 December 2010 - 11:28 AM

Hi,
I have been having a redirect problem for about a month now, and I can't seem to get rid of it. Every time I try to google search something the links I click are not the links I want to be opened. I either get redirected to some site called elocals.com or google-analytics. I am using Google Chrome. Any help would be appreciated, thanks!



DDS (Ver_10-11-27.01) - NTFSx86
Run by Jem at 10:17:46.47 on Sat 12/04/2010
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1123 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jem\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\jem\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\jem\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-8 1153368]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-11-8 11136]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [2010-11-8 5760]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-11-16 21504]

=============== Created Last 30 ================

2010-12-04 03:15:46 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-04 02:58:21 98816 ----a-w- c:\windows\sed.exe
2010-12-04 02:58:21 89088 ----a-w- c:\windows\MBR.exe
2010-12-04 02:58:21 256512 ----a-w- c:\windows\PEV.exe
2010-12-04 02:58:21 161792 ----a-w- c:\windows\SWREG.exe
2010-12-03 23:29:58 -------- d-----w- c:\users\jem\appdata\roaming\GetRightToGo
2010-12-03 19:27:10 -------- d-----w- c:\program files\Mplayer
2010-12-03 19:24:55 -------- d-----w- c:\program files\Fox
2010-12-03 19:24:39 304128 ----a-w- c:\windows\IsUninst.exe
2010-12-03 00:59:08 -------- d-----w- c:\program files\ATI Technologies
2010-12-03 00:59:06 -------- d-----w- c:\program files\ATI
2010-12-03 00:57:57 -------- d-----w- C:\ATI
2010-12-03 00:38:27 -------- d-----w- c:\program files\VideoLAN
2010-12-02 20:36:56 -------- d-----w- c:\program files\Microsoft
2010-12-02 20:36:39 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-02 20:36:01 -------- d-----w- c:\windows\PCHEALTH
2010-12-02 20:21:30 -------- d-----w- c:\users\jem\appdata\local\{A8CD4799-AC63-418D-A9EC-D94445016631}
2010-12-02 20:21:14 -------- d-----w- c:\users\jem\Tracing
2010-12-02 20:11:47 6260088 ----a-w- c:\program files\common files\windows live\.cache\2214f77e1cb925d01\Silverlight.4.0.exe
2010-12-02 20:10:09 -------- d-----w- c:\users\jem\appdata\local\Windows Live
2010-12-02 20:04:24 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-02 20:01:17 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-12-02 20:01:17 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-12-02 20:01:17 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-12-02 20:01:11 134144 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2010-12-02 20:01:09 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-12-02 20:01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-12-02 20:01:01 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-12-02 20:01:00 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-12-02 20:01:00 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-12-02 20:01:00 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-12-02 20:01:00 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-02 20:01:00 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-02 20:01:00 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-02 19:58:54 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-02 19:58:54 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-02 19:58:54 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-02 19:41:16 -------- d-----w- c:\windows\system32\vi-VN
2010-12-02 19:41:16 -------- d-----w- c:\windows\system32\eu-ES
2010-12-02 19:41:16 -------- d-----w- c:\windows\system32\ca-ES
2010-12-02 19:19:31 -------- d-----w- c:\windows\system32\EventProviders
2010-11-30 20:40:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-30 20:38:26 -------- d-----w- c:\windows\ShellNew
2010-11-30 15:03:42 -------- d-----w- c:\progra~2\DivX
2010-11-30 14:26:55 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8851530f-5862-4ba4-b7f0-f94b31dee059}\mpengine.dll
2010-11-26 01:43:09 -------- d-----w- c:\users\jem\appdata\local\Apple Computer
2010-11-26 01:42:07 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-26 01:42:07 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-26 01:40:49 -------- d-----w- c:\program files\iPod
2010-11-26 01:40:47 -------- d-----w- c:\program files\iTunes
2010-11-26 01:40:47 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-26 01:39:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-26 01:38:37 -------- d-----w- c:\users\jem\appdata\local\Apple
2010-11-26 01:36:03 -------- d-----w- c:\program files\Bonjour
2010-11-17 22:43:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-17 22:43:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-17 22:43:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-17 22:43:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-17 22:43:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-17 22:37:59 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2010-11-17 22:36:57 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-11-17 22:36:57 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-11-17 22:36:57 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-11-17 22:36:57 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-17 22:36:57 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-11-17 22:36:57 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-11-17 22:36:57 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-11-17 22:36:57 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-11-17 22:36:56 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-11-17 22:36:56 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-11-17 22:36:51 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-11-17 22:12:59 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-11-17 22:07:17 834048 ----a-w- c:\windows\system32\wininet.dll
2010-11-17 22:07:16 389632 ----a-w- c:\windows\system32\html.iec
2010-11-17 22:07:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-17 20:24:47 -------- d-----w- C:\PerfLogs
2010-11-17 17:34:44 -------- d-----w- c:\users\jem\appdata\local\Adobe
2010-11-17 04:51:20 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\default\MpEngine.dll
2010-11-17 04:51:05 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-17 04:51:01 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-17 04:49:59 215040 ----a-w- c:\windows\system32\msdtcuiu.dll
2010-11-17 04:48:59 76288 ----a-w- c:\windows\system32\systeminfo.exe
2010-11-17 04:47:52 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-11-17 04:47:50 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-11-17 04:47:46 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-11-17 04:47:46 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-11-17 04:47:29 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-11-17 04:47:29 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-11-17 04:47:29 258560 ----a-w- c:\windows\system32\dpx.dll
2010-11-13 16:54:16 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-13 16:49:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-13 16:49:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-13 16:49:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-08 22:14:36 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-08 22:14:36 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-08 22:14:36 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-08 22:11:29 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-08 22:11:25 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-08 22:11:16 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-08 22:11:07 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2010-11-08 22:08:57 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-08 22:08:56 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-08 22:04:17 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-08 22:04:17 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-08 22:04:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-08 22:04:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-08 22:04:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-08 22:04:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-08 22:04:16 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-08 22:04:16 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-08 22:01:10 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-08 22:01:08 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-08 22:01:07 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-08 22:01:07 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-08 22:01:07 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-08 22:01:07 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-08 22:01:03 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-08 21:59:33 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-08 21:59:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-08 21:59:31 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-08 21:58:03 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-08 21:56:39 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-08 21:56:39 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-08 21:56:39 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-08 21:54:04 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-08 21:54:04 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-08 21:54:04 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-08 21:54:04 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-08 21:54:04 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-08 21:48:27 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-11-08 21:47:08 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-08 21:41:04 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-08 21:39:27 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-08 21:39:27 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-08 21:39:27 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-08 21:31:41 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-08 21:31:41 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-08 21:31:33 -------- d-----w- c:\windows\Panther
2010-11-08 21:31:17 -------- d-----w- C:\Boot
2010-11-08 21:30:55 -------- d-----w- c:\windows\system32\OEM
2010-11-08 21:25:19 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-08 21:20:59 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-08 21:20:58 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-08 21:20:58 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-08 21:20:58 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-08 21:20:58 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-08 21:20:57 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-08 21:14:55 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-11-08 21:09:07 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-11-08 21:05:32 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-08 21:05:32 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-08 21:03:21 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-11-08 21:03:21 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-08 21:03:21 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-08 21:03:20 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-08 20:59:20 37888 ----a-w- c:\windows\system32\printcom.dll
2010-11-08 20:56:08 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-08 20:54:48 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-08 20:54:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-08 20:54:48 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-08 20:54:42 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-08 20:54:41 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-08 20:54:41 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-08 20:54:41 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-08 20:54:41 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-08 20:49:32 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-11-08 20:49:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-08 20:47:27 -------- d-sh--w- c:\windows\Installer
2010-11-08 19:57:58 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-08 19:57:36 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-08 19:56:58 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-08 19:56:11 243712 ----a-w- c:\windows\system32\rastls.dll
2010-11-08 19:55:45 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-08 19:54:35 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-08 19:54:35 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-08 19:54:35 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-08 19:54:34 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-11-08 19:54:34 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-08 19:54:34 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-08 19:54:34 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-11-08 19:54:33 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-08 19:54:33 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-08 19:54:33 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-08 19:52:54 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-08 19:29:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-08 19:29:57 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-08 19:28:01 -------- d-----w- c:\program files\CCleaner
2010-11-08 19:23:53 -------- d-----w- c:\users\jem\appdata\roaming\Malwarebytes
2010-11-08 19:23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 19:23:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 19:23:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 19:23:44 -------- d-----w- c:\progra~2\Malwarebytes
2010-11-08 19:18:35 -------- d-----w- c:\program files\SpywareGuard
2010-11-08 19:13:22 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-11-08 19:13:22 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-11-08 19:13:21 -------- d-----w- c:\program files\SpywareBlaster
2010-11-08 18:48:59 -------- d-----w- c:\program files\common files\Windows Live
2010-11-08 18:45:13 -------- d-----w- c:\users\jem\appdata\roaming\Razer
2010-11-08 18:43:14 5760 ----a-w- c:\windows\system32\drivers\vHidDev.sys
2010-11-08 18:43:14 11136 ----a-w- c:\windows\system32\drivers\danew.sys
2010-11-08 18:43:13 73728 ----a-w- c:\windows\system32\DeathAdder.cpl
2010-11-08 18:22:01 -------- d-----w- c:\users\jem\appdata\local\Google
2010-11-08 18:21:44 -------- d-----w- c:\users\jem\appdata\local\Deployment
2010-11-08 18:21:44 -------- d-----w- c:\users\jem\appdata\local\Apps
2010-11-08 18:05:43 0 ----a-w- c:\windows\ativpsrm.bin
2010-11-08 18:05:03 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-11-08 18:04:42 98304 ----a-w- c:\windows\system32\cabview.dll
2010-11-08 17:54:53 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-08 17:54:04 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-08 17:53:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-08 17:53:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-11-17 19:18:19 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-17 19:18:14 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-08 21:14:55 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 20:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll

============= FINISH: 10:18:48.52 ===============

Attached Files


Edited by Jembreeze, 04 December 2010 - 11:28 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:05 AM

Posted 11 December 2010 - 05:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 11 December 2010 - 05:31 PM

Thanks for replying. I have only run Spybot Search & Destroy so far, and it didn't do much. I still get re-directed every link I click now on ANY search engine I use.

Here are my gmer files attached and DDS log.

Attached Files



#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 12 December 2010 - 10:36 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed then you will be advised by email when I respond to your topic.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

==========

Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please copy/paste the contents of that document in your next reply.

==========

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Scan With RKUnHooker

  • Please download http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE
  • Save it to your desktop.
  • Double-click it to run.
  • Click the Reporttab and then click Scan.
  • Check Drivers & Stealth and Uncheck the rest then Click OK.
  • Wait till the scanner has finished and then click File --> Save Report.
  • Save the report to your desktop and click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore it

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


==========

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply

==========

With your next post please provide:

  • OTL.txt
  • Extra.txt
  • RKU log
  • MbrCheck log
  • You will likely need to post the logs over several posts.

Kind regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 13 December 2010 - 06:54 PM

Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player
Adobe Reader 9.4.1
````````````````````````````````
Process Check:
objlist.exe by Laurent

````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1501
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 146):
0x81A0F000 \SystemRoot\system32\ntkrnlpa.exe
0x81DC8000 \SystemRoot\system32\hal.dll
0x80402000 \SystemRoot\system32\kdcom.dll
0x80409000 \SystemRoot\system32\PSHED.dll
0x8041A000 \SystemRoot\system32\BOOTVID.dll
0x80422000 \SystemRoot\system32\CLFS.SYS
0x80463000 \SystemRoot\system32\CI.dll
0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\System32\drivers\partmgr.sys
0x80690000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80693000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069D000 \SystemRoot\system32\drivers\volmgr.sys
0x806AC000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F6000 \SystemRoot\system32\drivers\pciide.sys
0x806FD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071B000 \SystemRoot\system32\drivers\atapi.sys
0x80723000 \SystemRoot\system32\drivers\ataport.SYS
0x80741000 \SystemRoot\system32\drivers\fltmgr.sys
0x80773000 \SystemRoot\system32\drivers\fileinfo.sys
0x80783000 \SystemRoot\System32\Drivers\ksecdd.sys
0x86E03000 \SystemRoot\system32\drivers\ndis.sys
0x86F0E000 \SystemRoot\system32\drivers\msrpc.sys
0x86F39000 \SystemRoot\system32\drivers\NETIO.SYS
0x8700E000 \SystemRoot\System32\drivers\tcpip.sys
0x870F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8720E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8731E000 \SystemRoot\system32\drivers\volsnap.sys
0x87357000 \SystemRoot\System32\Drivers\spldr.sys
0x8735F000 \SystemRoot\System32\Drivers\mup.sys
0x8736E000 \SystemRoot\System32\drivers\ecache.sys
0x87395000 \SystemRoot\system32\drivers\disk.sys
0x873A6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x873C7000 \SystemRoot\system32\drivers\crcdisk.sys
0x873F0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87113000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87123000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8AE00000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8B313000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B3B4000 \SystemRoot\System32\drivers\watchdog.sys
0x8712C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8B3C0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x871A1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B3CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B3D9000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B3F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8B603000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B690000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B6A3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B6AE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B6B9000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8B6CA000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B6E4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B6E8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B717000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B758000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B763000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B77A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B785000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B7A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B7B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B7CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B7E0000 \SystemRoot\system32\DRIVERS\vHidDev.sys
0x8B7E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B7F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x871DF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B7F9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x86F74000 \SystemRoot\system32\DRIVERS\ks.sys
0x871EF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x87000000 \SystemRoot\system32\DRIVERS\umbus.sys
0x86F9E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B3F7000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x86FD3000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x86FDC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x86FED000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x86FF5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B80A000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
0x8B846000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8B94A000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x805CC000 \SystemRoot\system32\drivers\modem.sys
0x8BA08000 \SystemRoot\system32\drivers\HdAudio.sys
0x8BA47000 \SystemRoot\system32\drivers\portcls.sys
0x8BA74000 \SystemRoot\system32\drivers\drmk.sys
0x8BA99000 \SystemRoot\system32\drivers\danew.sys
0x8BA9C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8BAA5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BAA7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BAB0000 \SystemRoot\System32\Drivers\Null.SYS
0x8BAB7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BABE000 \SystemRoot\System32\drivers\vga.sys
0x8BACA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BAEB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BAF3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BAFB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BB06000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BB14000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BB1D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BB33000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BB47000 \SystemRoot\system32\drivers\afd.sys
0x8BB8F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BBC1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BBD7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BBE5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x805D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8BC09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8BC45000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8BC4F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BC66000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8BC8E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BC9B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BCA6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x92C90000 \SystemRoot\System32\win32k.sys
0x8BCAE000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BCB8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x92EB0000 \SystemRoot\System32\TSDDD.dll
0x92ED0000 \SystemRoot\System32\cdd.dll
0x8BCC7000 \SystemRoot\system32\drivers\luafv.sys
0x8BCEA000 \SystemRoot\system32\drivers\spsys.sys
0x8BD9A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8BDAA000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BDD4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BDDE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96204000 \SystemRoot\system32\drivers\HTTP.sys
0x96271000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9628E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x962A7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x962BC000 \SystemRoot\system32\drivers\mrxdav.sys
0x962DD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x962FC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96335000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9634D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x96375000 \SystemRoot\System32\DRIVERS\srv.sys
0x9660C000 \SystemRoot\system32\drivers\peauth.sys
0x966EA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x966F4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96700000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x96715000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x96727000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9673D000 \SystemRoot\System32\Drivers\usbaapl.sys
0x77BD0000 \Windows\System32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
504 csrss.exe
564 C:\Windows\System32\wininit.exe
576 csrss.exe
608 C:\Windows\System32\services.exe
636 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
808 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
904 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\Ati2evxx.exe
1016 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1224 C:\Windows\System32\SLsvc.exe
1264 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\Ati2evxx.exe
1428 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\spoolsv.exe
1688 C:\Windows\System32\svchost.exe
1940 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1976 C:\Program Files\Bonjour\mDNSResponder.exe
2032 C:\Windows\System32\svchost.exe
196 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\SearchIndexer.exe
1540 WUDFHost.exe
2412 C:\Windows\System32\taskeng.exe
2836 C:\Windows\System32\taskeng.exe
2900 C:\Windows\System32\dwm.exe
2968 C:\Windows\explorer.exe
3180 C:\Program Files\Razer\DeathAdder\razerhid.exe
3212 C:\Program Files\iTunes\iTunesHelper.exe
3220 C:\Program Files\Windows Sidebar\sidebar.exe
3240 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3272 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3328 C:\Program Files\SpywareGuard\sgmain.exe
3476 C:\Program Files\Razer\DeathAdder\razertra.exe
3652 C:\Program Files\SpywareGuard\sgbhp.exe
3672 C:\Program Files\iPod\bin\iPodService.exe
3768 C:\Program Files\Razer\DeathAdder\razerofa.exe
4032 C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
800 C:\Windows\System32\mobsync.exe
1124 C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
3592 C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
3148 C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
2596 C:\Windows\System32\wuauclt.exe
4060 C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
2304 C:\Windows\System32\notepad.exe
2792 C:\Windows\notepad.exe
4076 C:\Windows\notepad.exe
2108 C:\Program Files\Windows Live\Contacts\wlcomm.exe
3404 C:\Windows\System32\SearchProtocolHost.exe
456 C:\Windows\System32\SearchFilterHost.exe
3808 C:\Users\Jem\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`84f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`04f00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC7KP

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

OTL logfile created on: 12/13/2010 6:38:26 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jem\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.71 Gb Total Space | 37.65 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive G: | 7.60 Gb Total Space | 0.73 Gb Free Space | 9.66% Space Free | Partition Type: FAT32

Computer Name: JEM-PC | User Name: Jem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/13 18:37:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jem\Desktop\OTL.exe
PRC - [2010/11/30 18:02:35 | 000,991,800 | ---- | M] (Google Inc.) -- C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/05 16:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2010/04/27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/12/19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/12/13 18:37:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jem\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jem\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/21 21:50:16 | 000,005,760 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vHidDev.sys -- (vHidDev)
DRV - [2009/04/21 17:58:42 | 000,011,136 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\danew.sys -- (danewFltr)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/02/21 14:48:56 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/02/21 14:48:56 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/02/21 14:48:56 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2010/12/02 16:12:12 | 000,426,642 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14695 more lines...
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - Startup: C:\Users\Jem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.66 213.109.73.174 1.1.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jem\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jem\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/10/24 10:34:52 | 000,009,227 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/13 18:37:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Jem\Desktop\OTL.exe
[2010/12/09 18:16:41 | 000,000,000 | ---D | C] -- C:\Users\Jem\Documents\Bills
[2010/12/03 22:17:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/12/03 22:15:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/03 22:01:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/03 22:00:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/12/03 21:58:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/03 21:58:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/03 21:58:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/03 21:58:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/03 21:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/03 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Roaming\GetRightToGo
[2010/12/03 18:29:58 | 000,000,000 | ---D | C] -- C:\Users\Jem\Documents\Downloads
[2010/12/03 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mplayer
[2010/12/03 14:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fox
[2010/12/03 14:24:39 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/12/02 19:59:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/12/02 19:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/12/02 19:57:57 | 000,000,000 | ---D | C] -- C:\ATI
[2010/12/02 19:39:19 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Roaming\vlc
[2010/12/02 19:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/02 15:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/12/02 15:36:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/12/02 15:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/12/02 15:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/12/02 15:36:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/12/02 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jem\Documents\My Received Files
[2010/12/02 15:21:30 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Local\{A8CD4799-AC63-418D-A9EC-D94445016631}
[2010/12/02 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\Jem\Tracing
[2010/12/02 15:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/12/02 15:10:09 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Local\Windows Live
[2010/12/02 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/12/02 15:02:57 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/12/02 15:02:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/12/02 15:02:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/12/02 15:02:16 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/12/02 15:02:15 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/12/02 15:02:14 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/12/02 15:02:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/12/02 15:02:13 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/12/02 15:02:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/12/02 15:02:13 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/12/02 15:02:13 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/12/02 15:02:13 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/12/02 15:02:13 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/12/02 15:02:13 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/12/02 15:02:13 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/12/02 15:02:13 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/12/02 15:02:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/12/02 15:02:13 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/12/02 15:02:13 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/12/02 15:02:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/12/02 15:02:12 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/12/02 15:02:12 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/12/02 15:02:12 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/12/02 15:02:12 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/12/02 15:02:12 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/12/02 15:02:12 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/12/02 15:02:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/12/02 15:02:12 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/12/02 15:01:17 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/12/02 15:01:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/12/02 15:01:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/12/02 15:01:01 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/12/02 15:01:00 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/12/02 15:01:00 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/12/02 15:01:00 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/12/02 15:01:00 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/12/02 15:01:00 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/12/02 14:58:54 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/12/02 14:58:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/12/02 14:41:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/12/02 14:41:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/12/02 14:41:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/12/02 14:19:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/11/30 15:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/11/30 15:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/11/30 15:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/11/30 15:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/11/30 15:38:26 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2010/11/30 15:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/11/30 10:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/11/25 20:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Roaming\Apple Computer
[2010/11/25 20:43:09 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Local\Apple Computer
[2010/11/25 20:42:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/11/25 20:42:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/11/25 20:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/25 20:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/25 20:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/25 20:39:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/25 20:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/25 20:38:37 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Local\Apple
[2010/11/25 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/11/25 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/11/25 20:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/25 20:35:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/11/17 17:43:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/11/17 17:43:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/11/17 17:43:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/11/17 17:38:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/11/17 17:38:14 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/11/17 17:38:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/11/17 17:38:12 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/11/17 17:38:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/11/17 17:38:09 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/11/17 17:38:08 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/11/17 17:38:07 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/11/17 17:38:06 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/11/17 17:38:05 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/11/17 17:38:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/11/17 17:38:05 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/11/17 17:38:03 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/11/17 17:38:02 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/11/17 17:38:02 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/11/17 17:38:02 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/11/17 17:38:01 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/11/17 17:38:00 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/11/17 17:37:59 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/11/17 17:37:59 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/11/17 17:37:59 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/11/17 17:37:58 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/11/17 17:37:58 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/11/17 17:37:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/11/17 17:37:56 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/11/17 17:37:56 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/11/17 17:37:56 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/11/17 17:37:56 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/11/17 17:37:55 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/11/17 17:37:54 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/11/17 17:37:54 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/11/17 17:37:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/11/17 17:37:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/11/17 17:37:54 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/11/17 17:37:54 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/11/17 17:37:53 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/11/17 17:37:53 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/11/17 17:37:53 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/11/17 17:37:51 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/11/17 17:37:50 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/11/17 17:37:50 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/11/17 17:37:49 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/11/17 17:37:49 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/11/17 17:37:49 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/11/17 17:37:48 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/11/17 17:37:48 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/11/17 17:37:48 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/11/17 17:37:48 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/11/17 17:37:47 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/11/17 17:37:47 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/11/17 17:37:47 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/11/17 17:37:47 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/11/17 17:37:46 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/11/17 17:37:46 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/11/17 17:37:45 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/11/17 17:37:45 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/11/17 17:37:45 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/11/17 17:37:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/11/17 17:37:45 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/11/17 17:37:44 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/11/17 17:37:44 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/11/17 17:37:44 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/11/17 17:37:44 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/11/17 17:37:43 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/11/17 17:37:43 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/11/17 17:37:43 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/11/17 17:37:42 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/11/17 17:37:42 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/11/17 17:37:42 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/11/17 17:37:42 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/11/17 17:37:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/11/17 17:37:42 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/11/17 17:37:41 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/11/17 17:37:41 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/11/17 17:37:40 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/11/17 17:37:40 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/11/17 17:37:40 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/11/17 17:37:40 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/11/17 17:37:40 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/11/17 17:37:40 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/11/17 17:37:39 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/11/17 17:37:39 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/11/17 17:37:39 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/11/17 17:37:38 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/11/17 17:37:38 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/11/17 17:37:38 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/11/17 17:37:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/11/17 17:37:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/11/17 17:37:37 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/11/17 17:37:37 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/11/17 17:37:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/11/17 17:37:36 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/11/17 17:37:36 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/11/17 17:37:35 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/11/17 17:37:35 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/11/17 17:37:35 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/11/17 17:37:34 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/11/17 17:37:34 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/11/17 17:37:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/11/17 17:37:34 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/11/17 17:37:33 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/11/17 17:37:33 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/11/17 17:37:32 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/11/17 17:37:32 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/11/17 17:37:32 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/11/17 17:37:32 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/11/17 17:37:32 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/11/17 17:37:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/11/17 17:37:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/11/17 17:37:31 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/11/17 17:37:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/11/17 17:37:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/11/17 17:37:30 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/11/17 17:37:30 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/11/17 17:37:30 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/11/17 17:37:30 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/11/17 17:37:30 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/11/17 17:37:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/11/17 17:37:29 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/11/17 17:37:29 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/11/17 17:37:29 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/11/17 17:37:29 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/11/17 17:37:29 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/11/17 17:37:29 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/11/17 17:37:28 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/11/17 17:37:28 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/11/17 17:37:28 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/11/17 17:37:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/11/17 17:37:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/11/17 17:37:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/11/17 17:37:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/11/17 17:37:28 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/11/17 17:37:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/11/17 17:37:27 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/11/17 17:37:27 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/11/17 17:37:27 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/11/17 17:37:27 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/11/17 17:37:27 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/11/17 17:37:27 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/11/17 17:37:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/11/17 17:37:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/11/17 17:37:27 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/11/17 17:37:27 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/11/17 17:37:26 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/11/17 17:37:26 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/11/17 17:37:26 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/11/17 17:37:26 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/11/17 17:37:26 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/11/17 17:37:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/11/17 17:37:26 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/11/17 17:37:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/11/17 17:37:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/11/17 17:37:26 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/11/17 17:37:26 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/11/17 17:37:25 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/11/17 17:37:25 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/11/17 17:37:25 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/11/17 17:37:25 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/11/17 17:37:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/11/17 17:37:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/11/17 17:37:25 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/11/17 17:37:25 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/11/17 17:37:25 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/11/17 17:37:24 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/11/17 17:37:24 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/11/17 17:37:24 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/11/17 17:37:24 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/11/17 17:37:24 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/11/17 17:37:24 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/11/17 17:37:24 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/11/17 17:37:24 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/11/17 17:37:24 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/11/17 17:37:24 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/11/17 17:37:23 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/11/17 17:37:23 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/11/17 17:37:23 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/11/17 17:37:22 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/11/17 17:37:22 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/11/17 17:37:21 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/11/17 17:37:20 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/11/17 17:37:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/11/17 17:37:20 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/11/17 17:37:20 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/11/17 17:37:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/11/17 17:37:20 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/11/17 17:37:20 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/11/17 17:37:20 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/11/17 17:37:19 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/11/17 17:37:19 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/11/17 17:37:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/11/17 17:37:19 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/11/17 17:37:19 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/11/17 17:37:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/11/17 17:37:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/11/17 17:37:19 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/11/17 17:37:19 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/11/17 17:37:19 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/11/17 17:37:18 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/11/17 17:37:18 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/11/17 17:37:18 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/11/17 17:37:18 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/11/17 17:37:18 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/11/17 17:37:18 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/11/17 17:37:18 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/11/17 17:37:18 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/11/17 17:37:18 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/11/17 17:37:18 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/11/17 17:37:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/11/17 17:37:18 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/11/17 17:37:18 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/11/17 17:37:18 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/11/17 17:37:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/11/17 17:37:17 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/11/17 17:37:17 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/11/17 17:37:17 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/11/17 17:37:17 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/11/17 17:37:17 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/11/17 17:37:17 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/11/17 17:37:17 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/11/17 17:37:17 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/11/17 17:37:17 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/11/17 17:37:17 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/11/17 17:37:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/11/17 17:37:17 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/11/17 17:37:17 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/11/17 17:37:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/11/17 17:37:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/11/17 17:37:17 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/11/17 17:37:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/11/17 17:37:17 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/11/17 17:37:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/11/17 17:37:16 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/11/17 17:37:16 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/11/17 17:37:16 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/11/17 17:37:16 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/11/17 17:37:16 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/11/17 17:37:16 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/11/17 17:37:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/11/17 17:37:16 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/11/17 17:37:15 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/11/17 17:37:15 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/11/17 17:37:15 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/11/17 17:37:15 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/11/17 17:37:15 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/11/17 17:37:15 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/11/17 17:37:15 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/11/17 17:37:15 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/11/17 17:37:15 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/11/17 17:37:15 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/11/17 17:37:15 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/11/17 17:37:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/11/17 17:37:14 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/11/17 17:37:14 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/11/17 17:37:14 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/11/17 17:37:14 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/11/17 17:37:14 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/11/17 17:37:14 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/11/17 17:37:14 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/11/17 17:37:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/11/17 17:37:14 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/11/17 17:37:14 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/11/17 17:37:14 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/11/17 17:37:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/11/17 17:37:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/11/17 17:37:13 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/11/17 17:37:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/11/17 17:37:13 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/11/17 17:37:13 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/11/17 17:37:13 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/11/17 17:37:13 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/11/17 17:37:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/11/17 17:37:13 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/11/17 17:37:13 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/11/17 17:37:13 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/11/17 17:37:12 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/11/17 17:37:12 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/11/17 17:37:12 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/11/17 17:37:12 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/11/17 17:37:12 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/11/17 17:37:12 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/11/17 17:37:12 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/11/17 17:37:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/11/17 17:37:12 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/11/17 17:37:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/11/17 17:37:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/11/17 17:37:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/11/17 17:37:11 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/11/17 17:37:11 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/11/17 17:37:11 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/11/17 17:37:11 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/11/17 17:37:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/11/17 17:37:11 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/11/17 17:37:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/11/17 17:37:11 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/11/17 17:37:11 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/11/17 17:37:11 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/11/17 17:37:11 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/11/17 17:37:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/11/17 17:37:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/11/17 17:37:11 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/11/17 17:37:11 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/11/17 17:37:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/11/17 17:37:10 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/11/17 17:37:10 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/11/17 17:37:10 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/11/17 17:37:10 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/11/17 17:37:10 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/11/17 17:37:10 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/11/17 17:37:10 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/11/17 17:37:10 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/11/17 17:37:10 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/11/17 17:37:10 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/11/17 17:37:10 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/11/17 17:37:10 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/11/17 17:37:10 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/11/17 17:37:10 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/11/17 17:37:10 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/11/17 17:37:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/11/17 17:37:10 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/11/17 17:37:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/11/17 17:37:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/11/17 17:37:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/11/17 17:37:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/11/17 17:37:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/11/17 17:37:10 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/11/17 17:37:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/11/17 17:37:09 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/11/17 17:37:09 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/11/17 17:37:09 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/11/17 17:37:09 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/11/17 17:37:09 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/11/17 17:37:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/11/17 17:37:09 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/11/17 17:37:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/11/17 17:37:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/11/17 17:37:09 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/11/17 17:37:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/11/17 17:37:09 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/11/17 17:37:09 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/11/17 17:37:09 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/11/17 17:37:09 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/11/17 17:37:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/11/17 17:37:08 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/11/17 17:37:08 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/11/17 17:37:08 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/11/17 17:37:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/11/17 17:37:08 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/11/17 17:37:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/11/17 17:37:07 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/11/17 17:37:07 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/11/17 17:37:07 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/11/17 17:37:07 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/11/17 17:37:07 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/11/17 17:37:07 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/11/17 17:37:07 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/11/17 17:37:07 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/11/17 17:37:07 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/11/17 17:37:07 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/11/17 17:37:07 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/11/17 17:37:07 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/11/17 17:37:07 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/11/17 17:37:07 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/11/17 17:37:07 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/11/17 17:37:07 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/11/17 17:37:07 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/11/17 17:37:07 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/11/17 17:37:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/11/17 17:37:07 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/11/17 17:37:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/11/17 17:37:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/11/17 17:37:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/11/17 17:37:07 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/11/17 17:37:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/11/17 17:37:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/11/17 17:37:06 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/11/17 17:37:06 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/11/17 17:37:06 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/11/17 17:37:06 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/11/17 17:37:06 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/11/17 17:37:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/11/17 17:37:06 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/11/17 17:37:06 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/11/17 17:37:06 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/11/17 17:37:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/11/17 17:37:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/11/17 17:37:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/11/17 17:37:06 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/11/17 17:37:06 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/11/17 17:37:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/11/17 17:37:06 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/11/17 17:37:06 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/11/17 17:37:06 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/11/17 17:37:06 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/11/17 17:37:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/11/17 17:37:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/11/17 17:37:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/11/17 17:37:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/11/17 17:37:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/11/17 17:37:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/11/17 17:37:06 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010/11/17 17:37:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/11/17 17:37:06 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/11/17 17:37:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/11/17 17:37:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/11/17 17:37:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/11/17 17:37:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/11/17 17:37:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/11/17 17:37:06 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/11/17 17:37:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/11/17 17:37:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/11/17 17:37:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/11/17 17:37:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/11/17 17:37:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/11/17 17:37:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/11/17 17:37:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/11/17 17:37:05 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/11/17 17:37:05 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/11/17 17:37:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/11/17 17:37:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/11/17 17:37:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/11/17 17:37:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/11/17 17:37:05 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/11/17 17:37:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/11/17 17:37:05 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/11/17 17:37:05 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/11/17 17:37:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/11/17 17:37:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/11/17 17:37:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/11/17 17:37:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/11/17 17:37:04 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/11/17 17:37:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/11/17 17:37:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/11/17 17:36:57 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/11/17 17:36:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/11/17 17:36:56 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/11/17 17:36:51 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/11/17 17:13:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/11/17 17:13:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/11/17 17:13:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/11/17 17:13:08 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/11/17 17:13:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/11/17 17:13:03 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/11/17 17:12:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/11/17 17:12:52 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/11/17 17:12:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/11/17 17:12:51 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/11/17 17:12:50 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/11/17 17:12:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/11/17 17:12:47 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/11/17 17:12:45 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/11/17 17:12:43 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/11/17 17:12:42 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/11/17 17:12:40 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/11/17 17:07:16 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/11/17 17:07:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/11/17 17:07:16 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/11/17 17:07:16 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/11/17 17:07:16 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/11/17 17:07:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/11/17 15:24:47 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010/11/17 12:34:44 | 000,000,000 | ---D | C] -- C:\Users\Jem\AppData\Local\Adobe
[2010/11/17 12:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/17 12:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/17 12:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/16 23:51:05 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2010/11/16 23:50:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/11/16 23:50:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/11/16 23:50:53 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2010/11/16 23:50:50 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2010/11/16 23:50:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2010/11/16 23:50:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2010/11/16 23:50:46 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2010/11/16 23:50:45 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2010/11/16 23:50:42 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2010/11/16 23:50:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/11/16 23:50:35 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2010/11/16 23:50:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2010/11/16 23:50:34 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2010/11/16 23:50:32 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/11/16 23:50:31 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2010/11/16 23:50:29 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2010/11/16 23:50:28 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2010/11/16 23:50:28 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2010/11/16 23:50:28 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/11/16 23:50:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2010/11/16 23:50:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2010/11/16 23:50:26 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/11/16 23:50:24 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2010/11/16 23:50:23 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2010/11/16 23:50:21 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
[2010/11/16 23:50:19 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2010/11/16 23:50:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2010/11/16 23:50:17 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2010/11/16 23:50:17 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2010/11/16 23:50:17 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/11/16 23:50:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2010/11/16 23:50:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/11/16 23:50:13 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2010/11/16 23:50:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2010/11/16 23:50:08 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/11/16 23:50:07 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2010/11/16 23:50:07 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2010/11/16 23:50:06 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2010/11/16 23:50:06 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/11/16 23:50:05 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2010/11/16 23:50:05 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2010/11/16 23:50:04 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2010/11/16 23:50:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2010/11/16 23:50:03 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2010/11/16 23:50:03 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2010/11/16 23:50:02 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2010/11/16 23:50:02 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/11/16 23:50:01 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2010/11/16 23:50:01 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2010/11/16 23:50:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010/11/16 23:50:00 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2010/11/16 23:49:59 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2010/11/16 23:49:59 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2010/11/16 23:49:58 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2010/11/16 23:49:57 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2010/11/16 23:49:56 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2010/11/16 23:49:55 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2010/11/16 23:49:54 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2010/11/16 23:49:53 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2010/11/16 23:49:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2010/11/16 23:49:49 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2010/11/16 23:49:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2010/11/16 23:49:48 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2010/11/16 23:49:45 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2010/11/16 23:49:45 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2010/11/16 23:49:45 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2010/11/16 23:49:45 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2010/11/16 23:49:45 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2010/11/16 23:49:44 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010/11/16 23:49:44 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2010/11/16 23:49:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2010/11/16 23:49:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2010/11/16 23:49:43 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/11/16 23:49:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2010/11/16 23:49:42 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2010/11/16 23:49:42 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2010/11/16 23:49:42 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2010/11/16 23:49:42 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2010/11/16 23:49:41 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2010/11/16 23:49:41 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2010/11/16 23:49:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2010/11/16 23:49:40 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2010/11/16 23:49:39 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2010/11/16 23:49:39 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2010/11/16 23:49:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2010/11/16 23:49:39 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2010/11/16 23:49:38 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2010/11/16 23:49:37 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2010/11/16 23:49:36 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2010/11/16 23:49:36 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2010/11/16 23:49:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/11/16 23:49:35 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2010/11/16 23:49:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2010/11/16 23:49:35 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2010/11/16 23:49:35 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2010/11/16 23:49:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/11/16 23:49:34 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2010/11/16 23:49:34 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2010/11/16 23:49:34 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2010/11/16 23:49:33 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2010/11/16 23:49:33 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2010/11/16 23:49:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2010/11/16 23:49:31 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2010/11/16 23:49:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2010/11/16 23:49:31 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2010/11/16 23:49:31 | 000,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2010/11/16 23:49:31 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/11/16 23:49:30 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2010/11/16 23:49:30 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2010/11/16 23:49:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2010/11/16 23:49:30 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2010/11/16 23:49:30 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2010/11/16 23:49:30 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2010/11/16 23:49:30 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2010/11/16 23:49:29 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2010/11/16 23:49:29 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2010/11/16 23:49:29 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2010/11/16 23:49:29 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/11/16 23:49:28 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2010/11/16 23:49:27 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2010/11/16 23:49:27 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2010/11/16 23:49:27 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/11/16 23:49:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/11/16 23:49:26 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2010/11/16 23:49:23 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2010/11/16 23:49:23 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2010/11/16 23:49:23 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2010/11/16 23:49:23 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2010/11/16 23:49:23 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2010/11/16 23:49:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2010/11/16 23:49:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2010/11/16 23:49:22 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2010/11/16 23:49:22 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2010/11/16 23:49:22 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2010/11/16 23:49:21 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2010/11/16 23:49:21 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2010/11/16 23:49:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2010/11/16 23:49:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
[2010/11/16 23:49:21 | 000,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2010/11/16 23:49:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2010/11/16 23:49:20 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2010/11/16 23:49:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2010/11/16 23:49:19 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2010/11/16 23:49:18 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2010/11/16 23:49:17 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2010/11/16 23:49:16 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2010/11/16 23:49:16 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2010/11/16 23:49:15 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2010/11/16 23:49:15 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2010/11/16 23:49:15 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2010/11/16 23:49:15 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
[2010/11/16 23:49:14 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2010/11/16 23:49:14 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2010/11/16 23:49:14 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2010/11/16 23:49:14 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2010/11/16 23:49:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2010/11/16 23:49:14 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2010/11/16 23:49:13 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2010/11/16 23:49:13 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2010/11/16 23:49:13 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2010/11/16 23:49:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2010/11/16 23:49:12 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
[2010/11/16 23:49:12 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2010/11/16 23:49:12 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/11/16 23:49:12 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2010/11/16 23:49:12 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2010/11/16 23:49:12 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2010/11/16 23:49:11 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2010/11/16 23:49:11 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2010/11/16 23:49:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2010/11/16 23:49:11 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2010/11/16 23:49:11 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/11/16 23:49:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2010/11/16 23:49:11 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2010/11/16 23:49:11 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2010/11/16 23:49:10 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2010/11/16 23:49:10 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2010/11/16 23:49:10 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2010/11/16 23:49:10 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2010/11/16 23:49:09 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010/11/16 23:49:09 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2010/11/16 23:49:09 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2010/11/16 23:49:09 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2010/11/16 23:49:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2010/11/16 23:49:09 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2010/11/16 23:49:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2010/11/16 23:49:09 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2010/11/16 23:49:08 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2010/11/16 23:49:08 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/11/16 23:49:08 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2010/11/16 23:49:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2010/11/16 23:49:08 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2010/11/16 23:49:08 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2010/11/16 23:49:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2010/11/16 23:49:07 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2010/11/16 23:49:07 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2010/11/16 23:49:07 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2010/11/16 23:49:07 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2010/11/16 23:49:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2010/11/16 23:49:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2010/11/16 23:49:06 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2010/11/16 23:49:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2010/11/16 23:49:06 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2010/11/16 23:49:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2010/11/16 23:49:05 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2010/11/16 23:49:05 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2010/11/16 23:49:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2010/11/16 23:49:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2010/11/16 23:49:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2010/11/16 23:49:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/11/16 23:49:04 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2010/11/16 23:49:04 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2010/11/16 23:49:04 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2010/11/16 23:49:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2010/11/16 23:49:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2010/11/16 23:49:03 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2010/11/16 23:49:03 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2010/11/16 23:49:03 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2010/11/16 23:49:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2010/11/16 23:49:02 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2010/11/16 23:49:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2010/11/16 23:49:02 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2010/11/16 23:49:01 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll
[2010/11/16 23:49:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2010/11/16 23:49:01 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2010/11/16 23:49:01 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2010/11/16 23:49:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2010/11/16 23:49:01 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/11/16 23:49:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/11/16 23:49:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2010/11/16 23:49:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2010/11/16 23:49:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2010/11/16 23:49:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2010/11/16 23:48:59 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2010/11/16 23:48:59 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2010/11/16 23:48:59 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2010/11/16 23:48:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2010/11/16 23:48:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2010/11/16 23:48:59 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2010/11/16 23:48:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2010/11/16 23:48:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2010/11/16 23:48:59 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2010/11/16 23:48:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2010/11/16 23:48:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2010/11/16 23:48:59 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2010/11/16 23:48:58 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2010/11/16 23:48:58 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2010/11/16 23:48:58 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2010/11/16 23:48:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2010/11/16 23:48:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2010/11/16 23:48:55 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2010/11/16 23:48:54 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2010/11/16 23:48:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2010/11/16 23:48:54 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2010/11/16 23:48:54 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/11/16 23:48:54 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2010/11/16 23:48:54 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2010/11/16 23:48:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2010/11/16 23:48:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2010/11/16 23:48:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
[2010/11/16 23:48:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2010/11/16 23:48:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2010/11/16 23:48:53 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2010/11/16 23:48:53 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2010/11/16 23:48:53 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2010/11/16 23:48:52 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2010/11/16 23:48:52 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2010/11/16 23:48:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2010/11/16 23:48:52 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2010/11/16 23:48:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2010/11/16 23:48:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2010/11/16 23:48:52 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2010/11/16 23:48:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2010/11/16 23:48:52 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2010/11/16 23:48:52 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2010/11/16 23:48:51 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2010/11/16 23:48:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2010/11/16 23:48:51 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2010/11/16 23:48:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/11/16 23:48:51 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2010/11/16 23:48:51 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2010/11/16 23:48:51 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010/11/16 23:48:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2010/11/16 23:48:51 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2010/11/16 23:48:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2010/11/16 23:48:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2010/11/16 23:48:50 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2010/11/16 23:48:50 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2010/11/16 23:48:50 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2010/11/16 23:48:50 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2010/11/16 23:48:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2010/11/16 23:48:50 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2010/11/16 23:48:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2010/11/16 23:48:49 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2010/11/16 23:48:49 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2010/11/16 23:48:49 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2010/11/16 23:48:49 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/11/16 23:48:49 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2010/11/16 23:48:49 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2010/11/16 23:48:49 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2010/11/16 23:48:49 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2010/11/16 23:48:49 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2010/11/16 23:48:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2010/11/16 23:48:49 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2010/11/16 23:48:49 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2010/11/16 23:48:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2010/11/16 23:48:49 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2010/11/16 23:48:49 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2010/11/16 23:48:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2010/11/16 23:48:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2010/11/16 23:48:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2010/11/16 23:48:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2010/11/16 23:48:48 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2010/11/16 23:48:48 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2010/11/16 23:48:48 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2010/11/16 23:48:48 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2010/11/16 23:48:48 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2010/11/16 23:48:48 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2010/11/16 23:48:48 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2010/11/16 23:48:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2010/11/16 23:48:48 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2010/11/16 23:48:48 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2010/11/16 23:48:48 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2010/11/16 23:48:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2010/11/16 23:48:48 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/11/16 23:48:48 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2010/11/16 23:48:47 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2010/11/16 23:48:47 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2010/11/16 23:48:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2010/11/16 23:48:47 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/11/16 23:48:47 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2010/11/16 23:48:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2010/11/16 23:48:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2010/11/16 23:48:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2010/11/16 23:48:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2010/11/16 23:48:47 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/11/16 23:48:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2010/11/16 23:48:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2010/11/16 23:48:47 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2010/11/16 23:48:46 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2010/11/16 23:48:46 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2010/11/16 23:48:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2010/11/16 23:48:46 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2010/11/16 23:48:46 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2010/11/16 23:48:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2010/11/16 23:48:46 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2010/11/16 23:48:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/11/16 23:48:46 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2010/11/16 23:48:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2010/11/16 23:48:46 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2010/11/16 23:48:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2010/11/16 23:48:46 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2010/11/16 23:48:45 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2010/11/16 23:48:45 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2010/11/16 23:48:45 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2010/11/16 23:48:45 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/11/16 23:48:45 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2010/11/16 23:48:45 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2010/11/16 23:48:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2010/11/16 23:48:45 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2010/11/16 23:48:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2010/11/16 23:48:45 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2010/11/16 23:48:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2010/11/16 23:48:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2010/11/16 23:48:44 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2010/11/16 23:48:44 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2010/11/16 23:48:44 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2010/11/16 23:48:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2010/11/16 23:48:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2010/11/16 23:48:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2010/11/16 23:48:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2010/11/16 23:48:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/11/16 23:48:44 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2010/11/16 23:48:44 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/11/16 23:48:43 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2010/11/16 23:48:43 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2010/11/16 23:48:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2010/11/16 23:48:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2010/11/16 23:48:43 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2010/11/16 23:48:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2010/11/16 23:48:43 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2010/11/16 23:48:43 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2010/11/16 23:48:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2010/11/16 23:48:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2010/11/16 23:48:42 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2010/11/16 23:48:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2010/11/16 23:48:42 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2010/11/16 23:48:42 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2010/11/16 23:48:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2010/11/16 23:48:42 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2010/11/16 23:48:42 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2010/11/16 23:48:42 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2010/11/16 23:48:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2010/11/16 23:48:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2010/11/16 23:48:42 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2010/11/16 23:48:42 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2010/11/16 23:48:42 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2010/11/16 23:48:42 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2010/11/16 23:48:42 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2010/11/16 23:48:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2010/11/16 23:48:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/11/16 23:48:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2010/11/16 23:48:42 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2010/11/16 23:48:42 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2010/11/16 23:48:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2010/11/16 23:48:41 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2010/11/16 23:48:41 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2010/11/16 23:48:41 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2010/11/16 23:48:41 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2010/11/16 23:48:41 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2010/11/16 23:48:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2010/11/16 23:48:41 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2010/11/16 23:48:41 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2010/11/16 23:48:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2010/11/16 23:48:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2010/11/16 23:48:41 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2010/11/16 23:48:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2010/11/16 23:48:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2010/11/16 23:48:40 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2010/11/16 23:48:40 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2010/11/16 23:48:40 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2010/11/16 23:48:40 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2010/11/16 23:48:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2010/11/16 23:48:40 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2010/11/16 23:48:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2010/11/16 23:48:40 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2010/11/16 23:48:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2010/11/16 23:48:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2010/11/16 23:48:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2010/11/16 23:48:40 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2010/11/16 23:48:39 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2010/11/16 23:48:39 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2010/11/16 23:48:39 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2010/11/16 23:48:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2010/11/16 23:48:39 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2010/11/16 23:48:39 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2010/11/16 23:48:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/11/16 23:48:39 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2010/11/16 23:48:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2010/11/16 23:48:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2010/11/16 23:48:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2010/11/16 23:48:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2010/11/16 23:48:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2010/11/16 23:48:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2010/11/16 23:48:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2010/11/16 23:48:38 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2010/11/16 23:48:38 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2010/11/16 23:48:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2010/11/16 23:48:38 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2010/11/16 23:48:38 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2010/11/16 23:48:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2010/11/16 23:48:38 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2010/11/16 23:48:38 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2010/11/16 23:48:38 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2010/11/16 23:48:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2010/11/16 23:48:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2010/11/16 23:48:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2010/11/16 23:48:37 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2010/11/16 23:48:37 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2010/11/16 23:48:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2010/11/16 23:48:37 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2010/11/16 23:48:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2010/11/16 23:48:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2010/11/16 23:48:37 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2010/11/16 23:48:37 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2010/11/16 23:48:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2010/11/16 23:48:37 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2010/11/16 23:48:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2010/11/16 23:48:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2010/11/16 23:48:37 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2010/11/16 23:48:37 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2010/11/16 23:48:37 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2010/11/16 23:48:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2010/11/16 23:48:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2010/11/16 23:48:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/11/16 23:48:37 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2010/11/16 23:48:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2010/11/16 23:48:37 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2010/11/16 23:48:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2010/11/16 23:48:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2010/11/16 23:48:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2010/11/16 23:48:37 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/11/16 23:48:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2010/11/16 23:48:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2010/11/16 23:48:36 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2010/11/16 23:48:35 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2010/11/16 23:48:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2010/11/16 23:48:35 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2010/11/16 23:48:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2010/11/16 23:48:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2010/11/16 23:48:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2010/11/16 23:48:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2010/11/16 23:48:35 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2010/11/16 23:48:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2010/11/16 23:48:35 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2010/11/16 23:48:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2010/11/16 23:48:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2010/11/16 23:48:34 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2010/11/16 23:48:34 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2010/11/16 23:48:34 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2010/11/16 23:48:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2010/11/16 23:48:34 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2010/11/16 23:48:34 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2010/11/16 23:48:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll
[2010/11/16 23:48:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2010/11/16 23:48:33 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2010/11/16 23:48:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2010/11/16 23:48:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2010/11/16 23:48:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2010/11/16 23:48:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2010/11/16 23:48:32 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2010/11/16 23:48:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2010/11/16 23:48:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2010/11/16 23:48:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2010/11/16 23:48:32 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2010/11/16 23:48:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2010/11/16 23:48:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2010/11/16 23:48:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2010/11/16 23:48:32 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2010/11/16 23:48:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2010/11/16 23:48:32 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2010/11/16 23:48:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/11/16 23:48:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2010/11/16 23:48:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2010/11/16 23:48:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2010/11/16 23:48:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2010/11/16 23:48:31 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2010/11/16 23:48:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2010/11/16 23:48:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2010/11/16 23:48:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2010/11/16 23:48:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2010/11/16 23:48:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2010/11/16 23:48:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2010/11/16 23:48:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2010/11/16 23:48:30 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2010/11/16 23:48:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/11/16 23:48:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2010/11/16 23:48:30 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2010/11/16 23:48:30 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2010/11/16 23:48:30 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/11/16 23:48:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2010/11/16 23:48:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2010/11/16 23:48:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/11/16 23:48:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2010/11/16 23:48:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2010/11/16 23:48:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2010/11/16 23:48:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
[2010/11/16 23:48:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2010/11/16 23:48:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2010/11/16 23:48:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2010/11/16 23:48:28 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2010/11/16 23:48:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2010/11/16 23:48:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2010/11/16 23:48:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2010/11/16 23:48:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2010/11/16 23:48:26 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2010/11/16 23:48:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2010/11/16 23:48:25 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2010/11/16 23:48:25 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2010/11/16 23:48:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2010/11/16 23:48:24 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2010/11/16 23:48:24 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2010/11/16 23:48:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2010/11/16 23:48:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2010/11/16 23:48:24 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2010/11/16 23:48:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\umpass.sys
[2010/11/16 23:48:24 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010/11/16 23:48:24 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2010/11/16 23:48:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2010/11/16 23:48:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2010/11/16 23:48:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2010/11/16 23:48:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2010/11/16 23:48:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2010/11/16 23:48:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2010/11/16 23:47:50 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2010/11/16 23:47:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2010/11/16 23:47:46 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2010/11/16 23:47:29 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2010/11/16 23:47:29 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2010/11/16 23:47:29 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll

========== Files - Modified Within 30 Days ==========

[2010/12/13 18:37:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Jem\Desktop\OTL.exe
[2010/12/13 18:35:25 | 000,869,086 | ---- | M] () -- C:\Users\Jem\Desktop\SecurityCheck.exe
[2010/12/13 18:31:13 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/13 18:31:13 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/13 18:27:07 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841326591-4019813759-3774131800-1000UA.job
[2010/12/13 18:25:42 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 18:25:42 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 18:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/13 18:25:30 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/12 21:16:37 | 000,624,128 | ---- | M] () -- C:\Users\Jem\Desktop\dds.scr
[2010/12/12 20:45:01 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2841326591-4019813759-3774131800-1000Core.job
[2010/12/10 21:13:36 | 000,025,600 | ---- | M] () -- C:\Users\Jem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/08 09:31:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/12/07 18:29:30 | 000,025,088 | ---- | M] () -- C:\Users\Jem\Documents\Little Big Project Script.doc
[2010/12/07 12:54:59 | 000,026,112 | ---- | M] () -- C:\Users\Jem\Documents\Letter of Explanation.doc
[2010/12/04 10:20:05 | 000,288,107 | ---- | M] () -- C:\Users\Jem\Desktop\gmer.zip
[2010/12/03 22:00:07 | 147,233,087 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/03 14:24:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/03 14:24:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/12/02 18:14:42 | 000,242,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/02 16:12:12 | 000,426,642 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/02 14:48:57 | 000,000,943 | ---- | M] () -- C:\Users\Jem\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/30 15:43:22 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/11/30 15:40:36 | 000,001,876 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/17 14:18:19 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010/11/17 14:18:14 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll

========== Files Created - No Company Name ==========

[2010/12/13 18:35:17 | 000,869,086 | ---- | C] () -- C:\Users\Jem\Desktop\SecurityCheck.exe
[2010/12/12 21:16:32 | 000,624,128 | ---- | C] () -- C:\Users\Jem\Desktop\dds.scr
[2010/12/08 09:31:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/12/07 18:29:29 | 000,025,088 | ---- | C] () -- C:\Users\Jem\Documents\Little Big Project Script.doc
[2010/12/04 10:20:02 | 000,288,107 | ---- | C] () -- C:\Users\Jem\Desktop\gmer.zip
[2010/12/03 22:00:07 | 147,233,087 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/03 21:58:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/03 21:58:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/03 21:58:21 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/03 21:58:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/03 21:58:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/03 14:24:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/12/03 14:24:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/12/02 19:44:16 | 000,025,600 | ---- | C] () -- C:\Users\Jem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/01 14:57:00 | 000,026,112 | ---- | C] () -- C:\Users\Jem\Documents\Letter of Explanation.doc
[2010/11/30 15:43:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/30 15:40:36 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/11/17 17:38:18 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/11/17 17:37:46 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/11/17 17:37:45 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/11/17 17:37:40 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/11/17 17:37:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 17:37:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/17 17:37:35 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/11/17 17:37:32 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/11/17 17:37:25 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/11/17 17:37:24 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/11/17 17:37:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/17 17:37:05 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/11/17 17:37:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/11/16 23:49:22 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/11/16 23:48:22 | 000,141,611 | ---- | C] () -- C:\Windows\System32\drivers\VSTProf.cty
[2010/11/16 23:48:22 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2010/11/16 23:48:20 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2010/11/16 23:48:19 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2010/11/16 23:48:19 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2010/11/16 23:48:19 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

< End of report >

OTL Extras logfile created on: 12/13/2010 6:38:26 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Jem\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.71 Gb Total Space | 37.65 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.92 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive G: | 7.60 Gb Total Space | 0.73 Gb Free Space | 9.66% Space Free | Partition Type: FAT32

Computer Name: JEM-PC | User Name: Jem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Jem\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{803B74CD-F80C-4270-844A-B7116A25DA3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F9AC3E58-56AA-4955-AA8E-837F166CC732}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{222F8FFA-6534-4BD7-B607-EEA70C01CB1A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BA7B0F1-6538-49CD-AC25-C666D5269051}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BC040B27-91DB-4C78-BE52-3E9143B800FC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9CDBD2B-2DB8-4051-A41B-81E1037B25DE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F0B5E4E6-9E13-4454-8F87-485178459FD3}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B8D36A6B-C45F-430E-9D38-5CE57131BE33}C:\program files\fox\aliens versus predator\avp.exe" = protocol=6 | dir=in | app=c:\program files\fox\aliens versus predator\avp.exe |
"UDP Query User{68FEE3F9-4F8D-43A5-B4EB-C8B7A888A754}C:\program files\fox\aliens versus predator\avp.exe" = protocol=17 | dir=in | app=c:\program files\fox\aliens versus predator\avp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF1D029E-E39A-38AC-05A8-7D95EB3B0505}" = ATI Catalyst Install Manager
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BF}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mplayer.com" = Mplayer.com
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2010 6:21:38 PM | Computer Name = Jem-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/2/2010 8:58:34 PM | Computer Name = Jem-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\MFC80U.DLL".Error
in manifest or policy file "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\Microsoft.VC80.MFCLOC.MANIFEST"
on line 5. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/2/2010 8:58:36 PM | Computer Name = Jem-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\Bin\MFC80U.DLL".Error
in manifest or policy file "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\Bin\Microsoft.VC80.MFCLOC.MANIFEST"
on line 5. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/2/2010 8:58:37 PM | Computer Name = Jem-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\Bin\MFC80U.DLL".Error
in manifest or policy file "C:\ATI\SUPPORT\catalyst_8-31-100_vista32_rtm\Bin\Microsoft.VC80.MFCLOC.MANIFEST"
on line 5. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42".
Please
use sxstrace.exe for detailed diagnosis.

Error - 12/3/2010 3:44:43 PM | Computer Name = Jem-PC | Source = Application Error | ID = 1000
Description = Faulting application mic.exe, version 1.0.0.1, time stamp 0x36ae55f5,
faulting module TSD32.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
code 0xc0000135, fault offset 0x00009eed, process id 0xd34, application start time
0x01cb93228477a735.

Error - 12/4/2010 12:10:10 AM | Computer Name = Jem-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/4/2010 2:59:36 AM | Computer Name = Jem-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/4/2010 11:24:50 AM | Computer Name = Jem-PC | Source = Perflib | ID = 1010
Description =

Error - 12/7/2010 2:16:48 PM | Computer Name = Jem-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/10/2010 12:40:35 AM | Computer Name = Jem-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 11/23/2010 3:01:53 AM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/23/2010 9:19:18 PM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/25/2010 12:54:19 AM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/25/2010 9:05:26 PM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/26/2010 3:18:42 PM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/27/2010 7:35:34 PM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/28/2010 11:11:18 AM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/28/2010 3:35:23 PM | Computer Name = Jem-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/29/2010 11:16:51 AM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =

Error - 11/30/2010 10:22:31 AM | Computer Name = Jem-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#6 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 13 December 2010 - 08:34 PM

You forgot the RKU log. Please post it after you have completed these steps.

Your router is infected!

Let's fix that first...

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK.
  • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

==========

Please run the following command post the logs.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

==========

Next right click and delete any copies of Combofix that you might have.

Please download ComboFix from one of these locations:

Link 1
Link 2

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click it & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

I don't see an Anti Virus Program running on your machine
Download and install an antivirus program, and make sure that you keep it updated


New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Install MSE now!
http://www.microsoft.com/security_essentials/

=========

Run RKU per my prior instructions and post the log.

=========

How is your computer running? What problems remain?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#7 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 13 December 2010 - 10:33 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Jem-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : quickclic.net

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-1C-26-3A-93-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : quickclic.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-8A-1F-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1dac:9259:5d74:8c2d%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.105(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, December 13, 2010 6:25:36 PM
Lease Expires . . . . . . . . . . : Tuesday, December 14, 2010 6:25:35 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333795
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6A-25-93-00-1C-23-8A-1F-82
DNS Servers . . . . . . . . . . . : 213.109.65.66
213.109.73.174
1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : quickclic.net
Description . . . . . . . . . . . : isatap.quickclic.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:385e:2e1c:302d:e522(Preferred)
Link-local IPv6 Address . . . . . : fe80::385e:2e1c:302d:e522%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C423789A-9E44-4953-99B1-A7B050672B8C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 213.109.65.66



Pinging mwbyte.vo.llnwd.net [208.111.128.6] with 32 bytes of data:

Reply from 208.111.128.6: bytes=32 time=27ms TTL=55

Reply from 208.111.128.6: bytes=32 time=31ms TTL=55



Ping statistics for 208.111.128.6:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 31ms, Average = 29ms

===========================================================================
Interface List
9 ...00 1c 26 3a 93 48 ...... Broadcom 802.11g Network Adapter
8 ...00 1c 23 8a 1f 82 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.quickclic.net
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{C423789A-9E44-4953-99B1-A7B050672B8C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.105 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.105 276
192.168.1.105 255.255.255.255 On-link 192.168.1.105 276
192.168.1.255 255.255.255.255 On-link 192.168.1.105 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.105 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.105 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:5ef5:79fd:385e:2e1c:302d:e522/128
On-link
8 276 fe80::/64 On-link
10 266 fe80::/64 On-link
8 276 fe80::1dac:9259:5d74:8c2d/128
On-link
10 266 fe80::385e:2e1c:302d:e522/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None



ComboFix 10-12-13.02 - Jem 12/13/2010 22:08:16.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1917.1136 [GMT -5:00]
Running from: c:\users\Jem\Documents\My Everything\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
.

2010-12-14 03:16 . 2010-12-14 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 23:29 . 2010-12-03 23:31 -------- d-----w- c:\users\Jem\AppData\Roaming\GetRightToGo
2010-12-03 19:27 . 2010-12-03 19:27 -------- d-----w- c:\program files\Mplayer
2010-12-03 19:24 . 2010-12-03 19:24 -------- d-----w- c:\program files\Fox
2010-12-03 19:24 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2010-12-03 00:59 . 2010-12-03 00:59 -------- d-----w- c:\program files\ATI Technologies
2010-12-03 00:59 . 2010-12-03 00:59 -------- d-----w- c:\program files\ATI
2010-12-03 00:57 . 2010-12-03 00:57 -------- d-----w- C:\ATI
2010-12-03 00:39 . 2010-12-06 21:27 -------- d-----w- c:\users\Jem\AppData\Roaming\vlc
2010-12-03 00:38 . 2010-12-03 00:38 -------- d-----w- c:\program files\VideoLAN
2010-12-02 20:36 . 2010-12-02 20:36 -------- d-----w- c:\program files\Microsoft
2010-12-02 20:36 . 2010-12-02 20:36 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-12-02 20:36 . 2010-12-02 20:36 -------- d-----w- c:\program files\Windows Live
2010-12-02 20:36 . 2010-12-02 20:36 -------- d-----w- c:\windows\PCHEALTH
2010-12-02 20:21 . 2010-12-02 20:21 -------- d-----w- c:\users\Jem\AppData\Local\{A8CD4799-AC63-418D-A9EC-D94445016631}
2010-12-02 20:21 . 2010-12-13 23:26 -------- d-----w- c:\users\Jem\Tracing
2010-12-02 20:12 . 2010-12-06 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-12-02 20:11 . 2010-12-02 20:11 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\2214f77e1cb925d01\Silverlight.4.0.exe
2010-12-02 20:10 . 2010-12-02 20:20 -------- d-----w- c:\users\Jem\AppData\Local\Windows Live
2010-12-02 20:04 . 2010-12-02 20:04 -------- d-----w- c:\program files\Windows Portable Devices
2010-12-02 20:01 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-12-02 20:01 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-12-02 20:01 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-12-02 20:01 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-12-02 20:01 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-12-02 20:01 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-12-02 20:01 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-12-02 20:01 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-12-02 20:01 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-02 20:01 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-12-02 20:01 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-12-02 20:01 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-02 20:00 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2010-12-02 19:58 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-12-02 19:58 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-12-02 19:58 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-12-02 19:41 . 2010-12-02 19:41 -------- d-----w- c:\windows\system32\ca-ES
2010-12-02 19:41 . 2010-12-02 19:41 -------- d-----w- c:\windows\system32\eu-ES
2010-12-02 19:41 . 2010-12-02 19:41 -------- d-----w- c:\windows\system32\vi-VN
2010-12-02 19:19 . 2010-12-02 19:19 -------- d-----w- c:\windows\system32\EventProviders
2010-11-30 20:58 . 2010-11-30 21:02 -------- d-----w- c:\programdata\WinZip
2010-11-30 20:40 . 2010-11-30 20:40 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-11-30 20:38 . 2010-11-30 20:40 -------- d-----w- c:\windows\ShellNew
2010-11-30 15:03 . 2010-11-30 15:05 -------- d-----w- c:\programdata\DivX
2010-11-30 14:26 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8851530F-5862-4BA4-B7F0-F94B31DEE059}\mpengine.dll
2010-11-26 01:43 . 2010-11-26 02:52 -------- d-----w- c:\users\Jem\AppData\Roaming\Apple Computer
2010-11-26 01:43 . 2010-11-26 01:43 -------- d-----w- c:\users\Jem\AppData\Local\Apple Computer
2010-11-26 01:42 . 2010-11-26 01:42 -------- dc----w- c:\windows\system32\DRVSTORE
2010-11-26 01:42 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-11-26 01:42 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-11-26 01:40 . 2010-11-26 01:40 -------- d-----w- c:\program files\iPod
2010-11-26 01:40 . 2010-11-26 01:42 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-26 01:40 . 2010-11-26 01:42 -------- d-----w- c:\program files\iTunes
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-26 01:39 . 2010-11-26 01:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-11-26 01:39 . 2010-11-26 01:39 -------- d-----w- c:\program files\QuickTime
2010-11-26 01:39 . 2010-11-26 01:40 -------- d-----w- c:\programdata\Apple Computer
2010-11-26 01:38 . 2010-11-26 01:38 -------- d-----w- c:\users\Jem\AppData\Local\Apple
2010-11-26 01:38 . 2010-11-26 01:38 -------- d-----w- c:\program files\Apple Software Update
2010-11-26 01:36 . 2010-11-26 01:36 -------- d-----w- c:\program files\Bonjour
2010-11-26 01:35 . 2010-11-26 01:40 -------- d-----w- c:\program files\Common Files\Apple
2010-11-26 01:35 . 2010-11-26 01:38 -------- d-----w- c:\programdata\Apple
2010-11-17 22:43 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-17 22:43 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-17 22:43 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-17 22:43 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-17 22:43 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-17 22:37 . 2009-04-11 06:28 978432 ----a-w- c:\windows\system32\drmv2clt.dll
2010-11-17 22:36 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-11-17 22:36 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-11-17 22:36 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-11-17 22:36 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-11-17 22:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-11-17 22:36 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-11-17 22:36 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-17 22:36 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-11-17 22:36 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-11-17 22:36 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-11-17 22:36 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-11-17 22:12 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-17 22:07 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-11-17 22:07 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-11-17 22:07 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-17 20:24 . 2010-11-17 20:24 -------- d-----w- C:\PerfLogs
2010-11-17 17:34 . 2010-11-17 17:36 -------- d-----w- c:\users\Jem\AppData\Local\Adobe
2010-11-17 17:32 . 2010-11-17 17:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-17 04:51 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-11-17 04:51 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2010-11-17 04:49 . 2008-01-19 07:34 215040 ----a-w- c:\windows\system32\msdtcuiu.dll
2010-11-17 04:48 . 2008-01-19 07:37 296448 ----a-w- c:\windows\system32\xwizards.dll
2010-11-17 04:47 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2010-11-17 04:47 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2010-11-17 04:47 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll
2010-11-17 04:47 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2010-11-17 04:47 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll
2010-11-17 04:47 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll
2010-11-17 04:47 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-17 19:18 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-11-17 19:18 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-11-13 16:54 . 2010-11-13 16:54 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-11-13 16:49 . 2010-11-13 16:49 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-13 16:49 . 2010-11-13 16:49 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-11-13 16:49 . 2010-11-13 16:49 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-11-13 16:49 . 2010-11-13 16:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-08 22:14 . 2010-11-08 22:14 23552 ----a-w- c:\windows\system32\lpk.dll
2010-11-08 22:14 . 2010-11-08 22:14 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-08 22:14 . 2010-11-08 22:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-08 22:11 . 2010-11-08 22:11 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-08 22:11 . 2010-11-08 22:11 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-08 22:11 . 2010-11-08 22:11 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-08 22:08 . 2010-11-08 22:08 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-08 22:08 . 2010-11-08 22:08 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-08 22:04 . 2010-11-08 22:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-08 22:04 . 2010-11-08 22:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-08 22:04 . 2010-11-08 22:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-08 22:04 . 2010-11-08 22:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-08 22:04 . 2010-11-08 22:04 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-08 22:04 . 2010-11-08 22:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-08 22:04 . 2010-11-08 22:04 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-08 22:04 . 2010-11-08 22:04 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-08 22:01 . 2010-11-08 22:01 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-08 22:01 . 2010-11-08 22:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-08 22:01 . 2010-11-08 22:01 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-08 22:01 . 2010-11-08 22:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-08 22:01 . 2010-11-08 22:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-11-08 22:01 . 2010-11-08 22:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-08 22:01 . 2010-11-08 22:01 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-11-08 21:59 . 2010-11-08 21:59 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-11-08 21:59 . 2010-11-08 21:59 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-08 21:59 . 2010-11-08 21:59 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-08 21:58 . 2010-11-08 21:58 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-08 21:56 . 2010-11-08 21:56 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-08 21:56 . 2010-11-08 21:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-08 21:56 . 2010-11-08 21:56 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-08 21:54 . 2010-11-08 21:54 2868224 ----a-w- c:\windows\system32\mf.dll
2010-11-08 21:54 . 2010-11-08 21:54 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-08 21:54 . 2010-11-08 21:54 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-08 21:54 . 2010-11-08 21:54 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-08 21:54 . 2010-11-08 21:54 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-08 21:48 . 2010-11-08 21:48 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-11-08 21:47 . 2010-11-08 21:47 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-08 21:41 . 2010-11-08 21:41 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-08 21:39 . 2010-11-08 21:39 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-08 21:39 . 2010-11-08 21:39 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-11-08 21:39 . 2010-11-08 21:39 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-11-08 21:25 . 2010-11-08 21:25 623616 ----a-w- c:\windows\system32\localspl.dll
2010-11-08 21:20 . 2010-11-08 21:20 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-08 21:20 . 2010-11-08 21:20 9728 ----a-w- c:\windows\system32\lsass.exe
2010-11-08 21:20 . 2010-11-08 21:20 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-08 21:20 . 2010-11-08 21:20 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-11-08 21:20 . 2010-11-08 21:20 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-08 21:20 . 2010-11-08 21:20 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-08 21:15 . 2010-11-08 21:15 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2010-11-08 21:15 . 2010-11-08 21:15 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-08 21:15 . 2010-11-08 21:15 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2010-11-08 21:15 . 2010-11-08 21:15 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2010-11-08 21:15 . 2010-11-08 21:15 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2010-11-08 21:15 . 2010-11-08 21:15 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2010-11-08 21:15 . 2010-11-08 21:15 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2010-11-08 21:15 . 2010-11-08 21:15 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2010-11-08 21:15 . 2010-11-08 21:15 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2010-11-08 21:15 . 2010-11-08 21:15 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2010-11-08 21:15 . 2010-11-08 21:15 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2010-11-08 21:15 . 2010-11-08 21:15 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2010-11-08 21:15 . 2010-11-08 21:15 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2010-11-08 21:15 . 2010-11-08 21:15 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2010-11-08 21:15 . 2010-11-08 21:15 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2010-11-08 21:15 . 2010-11-08 21:15 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2010-11-08 21:15 . 2010-11-08 21:15 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2010-11-08 21:15 . 2010-11-08 21:15 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2010-11-08 21:15 . 2010-11-08 21:15 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2010-11-08 21:14 . 2010-11-08 21:14 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2010-11-08 21:14 . 2010-11-08 21:14 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2010-11-08 21:14 . 2010-11-08 21:14 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2010-11-08 21:14 . 2010-11-08 21:14 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2010-11-08 21:14 . 2010-11-08 21:14 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2010-11-08 21:14 . 2010-11-08 21:14 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2010-11-08 21:14 . 2010-11-08 21:14 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2010-11-08 21:14 . 2010-11-08 21:14 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2010-11-08 21:14 . 2010-11-08 21:14 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2010-11-08 21:14 . 2010-11-08 21:14 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2010-11-08 21:14 . 2010-11-08 21:14 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2010-11-08 21:14 . 2010-11-08 21:14 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2010-11-08 21:14 . 2010-11-08 21:14 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2010-11-08 21:14 . 2010-11-08 21:14 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2010-11-08 21:14 . 2010-11-08 21:14 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2010-11-08 21:14 . 2010-11-08 21:14 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2010-11-08 21:14 . 2010-11-08 21:14 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2010-11-08 21:14 . 2010-11-08 21:14 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2010-11-08 21:14 . 2010-11-08 21:14 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2010-11-08 21:14 . 2010-11-08 21:14 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2010-11-08 21:14 . 2010-11-08 21:14 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-08 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2010-05-05 251392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]

c:\users\Jem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2009-04-21 11136]
S3 vHidDev;Razer Gaming Device;c:\windows\system32\DRIVERS\vHidDev.sys [2009-12-22 5760]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - NORMANDY
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841326591-4019813759-3774131800-1000Core.job
- c:\users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 18:22]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2841326591-4019813759-3774131800-1000UA.job
- c:\users\Jem\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-08 18:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-13 22:16
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-13 22:20:02
ComboFix-quarantined-files.txt 2010-12-14 03:19
ComboFix2.txt 2010-12-04 03:17

Pre-Run: 41,106,325,504 bytes free
Post-Run: 42,242,699,264 bytes free

- - End Of File - - DF8A3A1C2CB446F3D06D846BC26F462E

#8 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 13 December 2010 - 10:34 PM

And the RKU


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B000000 C:\Windows\system32\DRIVERS\atikmdag.sys 5320704 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x81A43000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81A43000 PnpManager 3903488 bytes
0x81A43000 RAW 3903488 bytes
0x81A43000 WMIxWDM 3903488 bytes
0x92E10000 Win32k 2109440 bytes
0x92E10000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x87201000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x86E07000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8B846000 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 1064960 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87009000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80468000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x96805000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B94A000 C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8BF3C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B513000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8AC0C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80548000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8711E000 C:\Windows\system32\DRIVERS\bcmwl6.sys 479232 bytes (Broadcom Corporation, BCM 802.11g Network Adapter wireless driver)
0x80784000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x95A06000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x95B77000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806AD000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8BD59000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80604000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80427000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8AD20000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8BC0C000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x87193000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8BE04000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B80A000 C:\Windows\system32\DRIVERS\VSTAZL3.SYS 245760 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x86F3D000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x95AFE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x87311000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x86FA2000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81A10000 ACPI_HAL 208896 bytes
0x81A10000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x80742000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8BDA1000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8ACF1000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8BC4B000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x86F12000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x86F78000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BEF5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8BE61000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x95B4F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x87361000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065B000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8BC78000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x96936000 C:\Windows\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x8AD8E000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x87399000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x95ABE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8BCDC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x95ADF000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x80724000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x95A73000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x870F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8BEC2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8ACD3000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x95A90000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B5D9000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x95B37000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8BE4A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8AD6C000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8BDE9000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x96920000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8BDD3000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8BD2F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x95AA9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8ADD4000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x968F9000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8ADC0000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BD45000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8AC99000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8BF29000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x805DF000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9690E000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8ACC2000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 69632 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x87388000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x86FD7000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8710E000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80774000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8ADEB000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8BEE5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8070C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x871D1000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8BEB3000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x87352000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80682000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8ADB1000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B5CA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8069E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x93050000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x805D1000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8BD18000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806FE000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BCAB000 C:\Windows\System32\Drivers\usbaapl.sys 57344 bytes (Apple, Inc., Apple Mobile Device USB Driver)
0x8BE89000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x86FF1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x871EB000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x968ED000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8BCD0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B5B4000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8BE96000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8ACAC000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8ACB7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8BD0D000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8AD83000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8AD61000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x873E3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80694000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8BEA9000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x871E1000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8BF1F000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8BE40000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x968E3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B5C0000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x873BA000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8BCB9000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8BCA0000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x86FE8000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x96959000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8BD26000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x87000000 C:\Windows\system32\DRIVERS\sffdisk.sys 36864 bytes (Microsoft Corporation, Small Form Factor Disk Driver)
0x93030000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x873EE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x873F7000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064A000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8071C000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8041F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BEA1000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x871F8000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80653000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8BCFD000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8BD05000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B5F7000 C:\Windows\system32\DRIVERS\sffp_sd.sys 32768 bytes (Microsoft Corporation, Small Form Factor SD Protocol Driver)
0x8734A000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8BCC9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8AC00000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8BCC2000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x806F7000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8B5F1000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8ACED000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x80691000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8BC9D000 C:\Windows\system32\drivers\danew.sys 12288 bytes (Razer (Asia-Pacific) Pte Ltd, Razer DeathAdder USB Optical Mouse Driver)
0x8AC07000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8BCA9000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8ADE9000 C:\Windows\system32\DRIVERS\vHidDev.sys 8192 bytes (Windows ® Win 7 DDK provider, Virtual Hid Device)
==============================================
>Stealth
==============================================


THANKS SO much... Wow. I'm gonna become an organ donor!

I'm installing Security Essentials now, I haven't tried doing anything with the internet yet, just waiting to see if you see anymore problems first.

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 14 December 2010 - 01:49 PM

It didn't work. Your router is still redirected by a DNS in Russia.

DNS Servers . . . . . . . . . . . : 213.109.65.66


Did you actually reset the router to its default settings and create a new password? Did you insert a paperclip to reset or did you just change your password? What is the exact make and model of your router?

Please also do this...

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.66 213.109.73.174 1.1.1.1
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Then this....

Delete you Internet Connection log from earlier then....

* Go to start > Run copy/paste the contents of the code box excluding "code" in the run box and click OK.

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt
A command window opens. Wait until a log.txt file opens.

* Please copy/paste the log file in your reply.

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 15 December 2010 - 12:57 AM

Hey,

Yeah, I reset it and put a new password on the router and everything. My router is a Linksys WRT54GL.


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jem\Desktop\cmd.bat deleted successfully.
C:\Users\Jem\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jem
->Temp folder emptied: 1081731 bytes
->Temporary Internet Files folder emptied: 54632682 bytes
->Google Chrome cache emptied: 166282989 bytes
->Flash cache emptied: 29271 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 657440 bytes
RecycleBin emptied: 4167 bytes

Total Files Cleaned = 212.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12152010_004316

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000001FA16CD5A3C3030AE not found!

Registry entries deleted on Reboot...




Windows IP Configuration

Host Name . . . . . . . . . . . . : Jem-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : quickclic.net

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
Physical Address. . . . . . . . . : 00-1C-26-3A-93-48
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : quickclic.net
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1C-23-8A-1F-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1dac:9259:5d74:8c2d%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 15, 2010 12:47:39 AM
Lease Expires . . . . . . . . . . : Thursday, December 16, 2010 12:47:39 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333795
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6A-25-93-00-1C-23-8A-1F-82
DNS Servers . . . . . . . . . . . : 207.210.47.10
207.210.47.40
207.210.47.41
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : quickclic.net
Description . . . . . . . . . . . : isatap.quickclic.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:c53:29b4:302d:e522(Preferred)
Link-local IPv6 Address . . . . . : fe80::c53:29b4:302d:e522%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{C423789A-9E44-4953-99B1-A7B050672B8C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: slb.quickclic.net
Address: 207.210.47.10

Name: google.com
Address: 173.194.32.104



Pinging google.com [173.194.32.104] with 32 bytes of data:

Reply from 173.194.32.104: bytes=32 time=13ms TTL=58

Reply from 173.194.32.104: bytes=32 time=10ms TTL=58



Ping statistics for 173.194.32.104:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 13ms, Average = 11ms

===========================================================================
Interface List
9 ...00 1c 26 3a 93 48 ...... Broadcom 802.11g Network Adapter
8 ...00 1c 23 8a 1f 82 ...... Broadcom 440x 10/100 Integrated Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.quickclic.net
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{C423789A-9E44-4953-99B1-A7B050672B8C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 266
192.168.1.100 255.255.255.255 On-link 192.168.1.100 266
192.168.1.255 255.255.255.255 On-link 192.168.1.100 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:c53:29b4:302d:e522/128
On-link
8 266 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::c53:29b4:302d:e522/128
On-link
8 266 fe80::1dac:9259:5d74:8c2d/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
8 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 15 December 2010 - 10:29 AM

That worked! What problems remain?
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 15 December 2010 - 10:30 AM

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How is it running now?

Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#13 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 December 2010 - 01:18 PM

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5326

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12/16/2010 11:46:20 AM
mbam-log-2010-12-16 (11-46-20).txt

Scan type: Quick scan
Objects scanned: 132944
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The ESET Scan didn't return any list of threats, and didn't give me a log to send you. It would seem everything's clean! WOW!! Thank you soo so much for your help!

#14 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 PM

Posted 16 December 2010 - 04:59 PM

Your Welcome. :thumbup2:

Congratulations! You now appear clean!

**********

Please pay particularly close attention to the instructions that follow. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

  • Press the Windows Key + R on your keyboard.
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall


    Posted Image

  • The following will implement some very important cleanup procedures as well as reset System Restore points.

**********

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Commands
    [CLEARALLRESTOREPOINTS]
    [resethosts]
    [emptytemp]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.


**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program.
  • Then Click the big Posted Image button.
  • Restart your computer when prompted.

**********

Recommendations


Below are some recommendations to lower your chances of (re)infection.


  • Have one antivirus application installed and running at all times.

  • Avoid file sharing, P2P, illegal downloads or rogue sites. This is a sure way to get severely infected.

  • Install an Anti-Spyware program, and update it regularly

    Malwarebytes' Anti-Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.

    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.

  • Prevention article : To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

  • Keep your other software up to date as well. Periodically run the Secunia Online Software Inspector (OSI).

  • Consider Firefox as your primary browser. Its safer, fast and secure!

  • Install WOT. Never inadvertently surf to a dangerous website again.

  • Install NoScript. Pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust.

  • Stay up to date!

    Again the MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.

Good luck & safe surfing,
Kind Regards,
thcbytes
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#15 Jembreeze

Jembreeze
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 December 2010 - 06:41 PM

Everything is working very fine now!!! THANKS SO MUCH! I have a question about my video card, but I think I'll post that in another thread on this forum, there's probably more people on here that have malware infections that need your help! Once again, thanks so much!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users