Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problems


  • This topic is locked This topic is locked
48 replies to this topic

#1 theherotom2

theherotom2

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 08 June 2011 - 07:45 AM

What logs do I need to create, etc?
+Sorry for the missing letter in the title.. how can I add the a? :)

~Tom

Could an admin please merge this with my other content post - Malware problems. Thanks!
(If a member of the malware team reads this thread before a mod is able to do the requested action, could they please help me via this thread instead? Thanks, Tom)



Lately, I have been finding (protected)malicious processes running in the background from time to time (I think I have been able to get rid of them all). Also, new malware keeps being found on my computer, every time I boot. All help appreciated, thanks in advanced!

I have attached my GMER log.

----
----
----

Below is my DDS.txt file:

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by user account at 17:26:44 on 2011-06-10
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2939.1477 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\Windows\system32\Dwm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\IObit\Advanced SystemCare 4\Asc.exe
C:\Users\user account\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user account\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRunOnce: [RegistryDefrag] c:\program files\auslogics\auslogics boostspeed\registrydefrag.exe -report
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8C62F119-DD88-4865-81AB-774EAF5363AE} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{927011F6-887C-4D1C-A122-5111A1D7ED14} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-10 16184]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-6-10 20384]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl874fbf45;MpKsl874fbf45;c:\programdata\microsoft\microsoft antimalware\definition updates\{dbf8de3f-7ae2-4210-bba7-1c7ea198d00f}\MpKsl874fbf45.sys [2011-6-10 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-7 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2011-6-10 954368]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-6-10 30600]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-6-10 19280]
S4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-10 353168]
S4 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-6-10 18768]
S4 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-10 821080]
S4 Partner Service;Partner Service;c:\programdata\partner\partner.exe [2008-8-7 110576]
.
=============== Created Last 30 ================
.
2011-06-10 15:38:38 69336 ----a-w- c:\windows\system32\rdboot32.exe
2011-06-10 15:04:31 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dbf8de3f-7ae2-4210-bba7-1c7ea198d00f}\MpKsl874fbf45.sys
2011-06-10 14:52:29 -------- d-----w- c:\users\user account\appdata\local\Adobe
2011-06-10 14:23:28 -------- d-----w- c:\users\user account\appdata\local\Seven Zip
2011-06-10 14:20:22 -------- d-----w- c:\windows\pss
2011-06-10 13:30:41 -------- d-----w- c:\users\user account\appdata\roaming\Malwarebytes
2011-06-10 13:30:24 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-10 13:30:21 -------- d-----w- c:\programdata\Malwarebytes
2011-06-10 13:30:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-10 13:30:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-10 13:26:32 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-10 13:25:55 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-06-10 13:25:54 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{258ee7ca-35a5-4c29-b155-42e6d154182a}\gapaengine.dll
2011-06-10 13:25:08 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dbf8de3f-7ae2-4210-bba7-1c7ea198d00f}\mpengine.dll
2011-06-10 13:19:07 -------- d-----w- c:\program files\Microsoft Security Client
2011-06-10 13:18:40 902024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-10 13:18:39 98184 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-10 13:18:39 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2011-06-10 13:18:39 220040 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-10 13:18:38 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2011-06-10 13:18:38 328704 ----a-w- c:\windows\system32\BFE.DLL
2011-06-10 12:41:06 -------- d-----w- c:\users\user account\appdata\roaming\Auslogics
2011-06-10 12:24:50 -------- d-----w- c:\program files\Auslogics
2011-06-10 12:12:08 -------- d-----w- c:\users\user account\appdata\roaming\SUPERAntiSpyware.com
2011-06-10 12:12:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-10 12:12:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 12:09:18 -------- d-----w- c:\programdata\IObit
2011-06-10 12:08:43 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2011-06-10 12:08:43 16184 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2011-06-10 12:08:27 -------- d-----w- c:\users\user account\appdata\roaming\IObit
2011-06-10 12:08:24 -------- d-----w- c:\program files\IObit
2011-06-10 11:56:24 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-06-10 11:56:23 98304 ----a-w- c:\windows\system32\cabview.dll
2011-06-10 11:47:23 -------- d-----w- c:\users\user account\appdata\local\Deployment
2011-06-10 11:47:23 -------- d-----w- c:\users\user account\appdata\local\Apps
2011-06-10 11:46:18 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-06-10 11:45:20 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-06-10 11:45:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-06-10 11:45:05 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-06-10 11:34:35 -------- d-----w- c:\users\user account\appdata\local\Google
2011-06-10 11:34:34 -------- d-----w- c:\users\user account\appdata\local\Toshiba
2011-06-10 11:34:00 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-10 11:33:23 20384 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2011-06-10 11:33:18 -------- d-----w- c:\program files\Jumpstart
2011-06-10 11:33:09 -------- d-----w- c:\users\user account\appdata\local\VirtualStore
2011-06-10 11:31:25 17960 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS
2011-06-10 11:17:17 53248 ----a-w- c:\windows\system32\athihvui.dll
2011-06-10 11:17:17 393216 ----a-w- c:\windows\system32\athihvs.dll
2011-06-10 11:17:17 376832 ----a-w- c:\windows\system32\S64CPA.exe
2011-06-10 11:17:17 -------- d-----w- c:\windows\system32\nn-NO
2011-06-10 11:17:05 -------- d-----w- c:\program files\Atheros
2011-06-10 11:17:04 -------- d-----w- c:\program files\Cisco
2011-06-10 11:16:51 -------- d-----w- c:\programdata\Atheros
2011-06-10 11:16:16 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-06-10 11:16:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-06-10 11:15:32 491520 ----a-w- c:\windows\system32\cselect.exe
2011-06-10 11:15:32 45056 ----a-w- c:\windows\system32\csellang.dll
2011-06-10 11:15:32 106496 ----a-w- c:\windows\system32\tosmreg.exe
2011-06-10 11:09:34 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-06-10 11:09:26 -------- d-----w- c:\windows\system32\ENU
2011-06-10 11:09:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-06-10 11:09:25 1034776 ----a-w- c:\windows\system32\imsmudlg.exe
2011-06-10 11:09:25 -------- d-----w- c:\windows\system32\Lang
2011-06-10 11:09:18 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
.
==================== Find3M ====================
.
2011-06-10 11:55:39 1214976 ----a-w- c:\windows\system32\drivers\athr.sys
2011-06-10 11:10:12 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-06-10 11:10:09 315392 ----a-w- c:\windows\HideWin.exe
.
============= FINISH: 17:27:04.26 ===============

EDIT: Topics merged ~Budapest

Attached Files


Edited by Budapest, 11 June 2011 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 16 June 2011 - 04:17 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 17 June 2011 - 10:19 AM

OTL logfile created on: 17/06/2011 15:40:30 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\user account\Desktop\other\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.27% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.22 Gb Total Space | 35.05 Gb Free Space | 47.23% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 0.49 Gb Free Space | 12.73% Space Free | Partition Type: FAT32
Drive E: | 73.36 Gb Total Space | 68.09 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: user account | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 15:39:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user account\Desktop\other\Downloads\OTL.exe
PRC - [2011/06/11 09:57:48 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/05/31 11:06:24 | 000,444,632 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\DiskDefrag.exe
PRC - [2011/05/31 11:06:22 | 001,212,120 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2011/05/28 14:46:56 | 003,380,624 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
PRC - [2011/05/28 14:46:56 | 000,412,560 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/21 03:24:36 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 15:39:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\user account\Desktop\other\Downloads\OTL.exe
MOD - [2011/06/10 17:36:24 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (XAudioService)
SRV - File not found [Disabled | Stopped] -- -- (ekrn)
SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/06/17 15:24:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4187D9EC-9F78-4AFC-B0E7-1A0AEAA76202}\MpKsl6632c527.sys -- (MpKsl6632c527)
DRV - [2011/06/16 21:36:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4187D9EC-9F78-4AFC-B0E7-1A0AEAA76202}\MpKsl70f44882.sys -- (MpKsl70f44882)
DRV - [2011/06/10 12:55:39 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/27 19:18:10 | 000,018,768 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2011/03/23 00:59:18 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2011/03/23 00:59:16 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Advanced SystemCare 4 - hkey= - key= - C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (IObit)
MsConfig - StartUpReg: cfFncEnabler.exe - hkey= - key= - File not found
MsConfig - StartUpReg: egui - hkey= - key= - File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - File not found
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\user account\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: IObit Malware Fighter - hkey= - key= - C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
MsConfig - StartUpReg: jswtrayutil - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= - File not found
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: TPwrMain - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 0

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/16 18:15:58 | 000,147,456 | ---- | C] (VBGold Software) -- C:\Windows\System32\AResizeLite.ocx
[2011/06/15 16:56:31 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\PCF-VLC
[2011/06/15 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\gtk-2.0
[2011/06/15 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\GetMiro Toolbar
[2011/06/15 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Mozilla
[2011/06/15 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Participatory Culture Foundation
[2011/06/15 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miro
[2011/06/15 16:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2011/06/15 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\Window v2
[2011/06/14 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/06/13 20:45:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/06/13 20:05:38 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\other
[2011/06/13 15:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/12 11:21:10 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/06/12 11:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bin
[2011/06/12 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.1
[2011/06/11 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011/06/11 16:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/06/11 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2011/06/11 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/06/11 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/11 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/06/11 14:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/11 14:20:07 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\Visual Studio 2008
[2011/06/11 14:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/06/11 14:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/06/10 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/06/10 21:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/06/10 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Notepad++
[2011/06/10 21:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2011/06/10 21:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/10 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Xenocode
[2011/06/10 20:41:11 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/06/10 20:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/06/10 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\Smart PC Utilities
[2011/06/10 20:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Utilities
[2011/06/10 20:09:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/06/10 19:30:20 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Microsoft Help
[2011/06/10 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/10 18:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/10 18:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/10 18:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/10 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\WinRAR
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/10 16:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/10 15:52:29 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Adobe
[2011/06/10 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Seven Zip
[2011/06/10 15:20:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/06/10 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Malwarebytes
[2011/06/10 14:30:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/10 14:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/10 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/10 14:30:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/10 14:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/10 14:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/10 13:41:06 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Auslogics
[2011/06/10 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/10 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/06/10 13:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/06/10 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/10 13:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/10 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/10 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Random Password Generator
[2011/06/10 13:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/06/10 13:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2011/06/10 13:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/06/10 13:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/06/10 13:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 4
[2011/06/10 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\IObit
[2011/06/10 13:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/06/10 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Macromedia
[2011/06/10 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Adobe
[2011/06/10 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/10 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Deployment
[2011/06/10 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Apps
[2011/06/10 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Google
[2011/06/10 12:34:37 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\My Google Gadgets
[2011/06/10 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Google
[2011/06/10 12:34:34 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Toshiba
[2011/06/10 12:34:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/10 12:33:39 | 000,000,000 | R--D | C] -- C:\Users\user account\Searches
[2011/06/10 12:33:39 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/10 12:33:26 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Identities
[2011/06/10 12:33:23 | 000,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2011/06/10 12:33:19 | 000,000,000 | R--D | C] -- C:\Users\user account\Contacts
[2011/06/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Jumpstart
[2011/06/10 12:33:09 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\VirtualStore
[2011/06/10 12:31:25 | 000,017,960 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[2011/06/10 12:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\Temporary Internet Files
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Templates
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Start Menu
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\SendTo
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Recent
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\PrintHood
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\NetHood
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Videos
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Pictures
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Music
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\My Documents
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Local Settings
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\History
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Cookies
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Application Data
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\Application Data
[2011/06/10 12:28:37 | 000,000,000 | --SD | C] -- C:\Users\user account\AppData\Roaming\Microsoft
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Videos
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Saved Games
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Pictures
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Music
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Links
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Favorites
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Downloads
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Documents
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Desktop
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/10 12:28:37 | 000,000,000 | -H-D | C] -- C:\Users\user account\AppData
[2011/06/10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Temp
[2011/06/10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Microsoft
[2011/06/10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Media Center Programs
[2011/06/10 12:17:17 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2011/06/10 12:17:17 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2011/06/10 12:17:17 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2011/06/10 12:17:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2011/06/10 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/06/10 12:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/06/10 12:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/06/10 12:10:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/06/10 12:10:10 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/06/10 12:10:10 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/06/10 12:10:10 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/06/10 12:10:10 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/06/10 12:10:09 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/06/10 12:10:09 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/06/10 12:10:09 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2011/06/10 12:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/06/10 12:09:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2011/06/10 12:09:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/06/10 12:08:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/10 12:04:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 15:31:30 | 001,126,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/17 15:31:30 | 000,365,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/17 15:28:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 15:24:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 15:24:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 15:23:59 | 3080,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 22:41:51 | 000,000,218 | ---- | M] () -- C:\Users\user account\.recently-used.xbel
[2011/06/16 22:00:36 | 001,239,773 | ---- | M] () -- C:\Users\user account\Desktop\227.swf
[2011/06/16 21:52:47 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000UA.job
[2011/06/16 17:46:12 | 000,044,742 | ---- | M] () -- C:\Users\user account\Desktop\StickRPG v2.0.rar
[2011/06/15 16:54:33 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Miro.lnk
[2011/06/15 16:41:34 | 000,000,943 | ---- | M] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/14 19:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/06/13 22:06:46 | 000,321,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/13 16:35:14 | 000,205,043 | ---- | M] () -- C:\Users\user account\AppData\Local\debuggee.mdmp
[2011/06/12 12:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000Core.job
[2011/06/10 17:51:44 | 000,201,184 | ---- | M] () -- C:\Windows\System32\winrm.vbs
[2011/06/10 17:51:44 | 000,004,675 | ---- | M] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/06/10 17:51:44 | 000,002,426 | ---- | M] () -- C:\Windows\System32\WsmTxt.xsl
[2011/06/10 17:00:13 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/06/10 14:20:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/10 13:44:40 | 000,010,240 | ---- | M] () -- C:\Users\user account\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 12:55:39 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/06/10 12:48:22 | 000,002,044 | ---- | M] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 12:19:21 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/06/10 12:16:49 | 000,016,058 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/06/10 12:14:15 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_09115-EN_PSLB8E-16000.MRK
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/16 22:41:51 | 000,000,218 | ---- | C] () -- C:\Users\user account\.recently-used.xbel
[2011/06/16 22:00:39 | 001,239,773 | ---- | C] () -- C:\Users\user account\Desktop\227.swf
[2011/06/16 17:46:02 | 000,044,742 | ---- | C] () -- C:\Users\user account\Desktop\StickRPG v2.0.rar
[2011/06/15 16:54:33 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Miro.lnk
[2011/06/15 16:41:34 | 000,000,943 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/14 19:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/06/12 21:20:07 | 000,205,043 | ---- | C] () -- C:\Users\user account\AppData\Local\debuggee.mdmp
[2011/06/12 11:18:28 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/06/12 11:18:25 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/06/12 11:18:12 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/06/12 11:18:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/12 11:18:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 11:18:04 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/06/12 11:17:58 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/06/12 11:17:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/06/12 11:17:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/06/12 11:16:28 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/06/11 14:20:00 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/06/11 09:47:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/11 09:47:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/06/10 17:51:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/06/10 17:51:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/06/10 17:51:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/06/10 17:00:13 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/06/10 15:25:42 | 3080,716,288 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/10 14:20:56 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/10 14:19:21 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/10 13:44:05 | 000,010,240 | ---- | C] () -- C:\Users\user account\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 13:08:43 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/06/10 13:08:43 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/06/10 12:48:21 | 000,002,044 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 12:47:38 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000UA.job
[2011/06/10 12:47:38 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000Core.job
[2011/06/10 12:33:42 | 000,000,954 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/10 12:33:38 | 000,000,949 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/10 12:33:18 | 000,000,920 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/06/10 12:28:38 | 000,000,258 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/10 12:28:37 | 000,000,240 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/10 12:16:49 | 000,016,058 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/06/10 12:15:32 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/06/10 12:15:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/06/10 12:15:32 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/06/10 12:15:32 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/06/10 12:14:15 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_09115-EN_PSLB8E-16000.MRK
[2011/06/10 12:10:30 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 17:15:10 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 17:15:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 17:15:07 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,321,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 001,126,806 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,365,554 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/06/10 16:38:38 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\Auslogics
[2011/06/16 22:41:22 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\gtk-2.0
[2011/06/10 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\IObit
[2011/06/10 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\Notepad++
[2011/06/15 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\Participatory Culture Foundation
[2011/06/16 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\user account\AppData\Roaming\PCF-VLC
[2011/06/16 20:30:43 | 000,019,070 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2011/06/10 17:43:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/07 15:16:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/06/17 15:23:59 | 3080,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 15:23:56 | 3396,399,104 | -HS- | M] () -- C:\pagefile.sys
[2011/06/10 12:10:30 | 000,000,651 | ---- | M] () -- C:\RHDSetup.log
[2009/02/05 10:46:27 | 000,000,229 | -H-- | M] () -- C:\SWSTAMP.TXT

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >









OTL Extras logfile created on: 17/06/2011 15:40:30 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\user account\Desktop\other\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 44.27% Memory free
5.94 Gb Paging File | 4.48 Gb Available in Paging File | 75.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.22 Gb Total Space | 35.05 Gb Free Space | 47.23% Space Free | Partition Type: NTFS
Drive D: | 3.81 Gb Total Space | 0.49 Gb Free Space | 12.73% Space Free | Partition Type: FAT32
Drive E: | 73.36 Gb Total Space | 68.09 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: user account | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3BA6AD5F-B5C4-4A70-9B1E-DA764E2474B9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43597A08-21ED-471C-AE18-6998A0F6D651}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{14735B76-8B33-4DB9-A548-9918B7A2C41E}" = Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367)
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19AFC1C2-B11B-3FFF-9C9F-05761BC244D9}" = Windows SDK Intellidocs
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3A50302D-3AAC-4B5B-918A-5FDA9ABB0F44}" = Microsoft Windows SDK for Windows Server 2008 .NET Documentation (6001.18000.367)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{44D9A2CB-0692-3180-B5E2-26F4E807D067}" = Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C518CC0-5CF1-481B-AB35-9BE5024DC106}" = Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
"{6ED32BB5-56B6-4317-A2D1-98A8313C3BAF}" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5B3FDE-62E1-4391-BBA0-0E4242AD9577}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (6001.18000.367)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BAED673-5D51-481E-B1E0-FB2E5039260B}" = Microsoft Windows SDK Intellisense and Reference Assemblies (6001.18000.367)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A431744A-553F-4FC0-AF91-BCA47C7E0949}" = Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46C272F-8B7A-402A-9915-8B0463F035DC}" = Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7EC89B3-2B8C-44A9-815C-135F391068B0}" = Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
"{BBCBA2A0-F0E5-4EA8-AAC0-CF1DC592221E}" = Microsoft VC Redist 2008 (6001.18000.367)
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BF61D7A1-E894-4E3D-9129-B8D44B51FF94}" = Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CD590618-36BD-0710-AC86-F3B3C4AF201E}" = Microsoft Windows SDK .NET Framework Tools
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FF4D08B0-5098-4C4A-B801-42F3B1F9FE07}" = Microsoft Document Explorer 2008 (6001.18000.367)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Game Booster 3_is1" = Game Booster
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Miro" = Miro
"Notepad++" = Notepad++
"Random Password Generator_is1" = Random Password Generator
"SDKSetup_6.0.6001.18000" = Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
"Smart Defrag 2_is1" = Smart Defrag 2
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1066838518-2351977147-4070543323-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/06/2011 08:55:56 | Computer Name = private | Source = LoadPerf | ID = 3011
Description =

Error - 12/06/2011 16:20:08 | Computer Name = private | Source = .NET Runtime | ID = 1023
Description =

Error - 13/06/2011 10:23:34 | Computer Name = private | Source = WinMgmt | ID = 10
Description =

Error - 13/06/2011 10:29:37 | Computer Name = private | Source = LoadPerf | ID = 3012
Description =

Error - 13/06/2011 10:29:37 | Computer Name = private | Source = LoadPerf | ID = 3011
Description =

Error - 13/06/2011 11:07:10 | Computer Name = private | Source = VBExpress | ID = 0
Description =

Error - 13/06/2011 11:35:14 | Computer Name = private | Source = .NET Runtime | ID = 1023
Description =

Error - 13/06/2011 13:34:33 | Computer Name = private | Source = Application Error | ID = 1000
Description = Faulting application VBExpress.exe, version 9.0.30729.1, time stamp
0x488f171b, faulting module System.Design.ni.dll, version 2.0.50727.3053, time
stamp 0x4889df30, exception code 0xc0000005, fault offset 0x006d0611, process id
0x4c0, application start time 0x01cc29edcf2fd463.

Error - 13/06/2011 13:34:34 | Computer Name = private | Source = .NET Runtime | ID = 1023
Description =

Error - 13/06/2011 15:09:17 | Computer Name = private | Source = .NET Runtime | ID = 1023
Description =

[ System Events ]
Error - 11/06/2011 07:58:12 | Computer Name = private | Source = HTTP | ID = 15016
Description =

Error - 11/06/2011 08:43:24 | Computer Name = private | Source = Service Control Manager | ID = 7000
Description =

Error - 11/06/2011 08:43:52 | Computer Name = private | Source = HTTP | ID = 15016
Description =

Error - 12/06/2011 05:26:11 | Computer Name = private | Source = Service Control Manager | ID = 7000
Description =

Error - 12/06/2011 05:26:26 | Computer Name = private | Source = HTTP | ID = 15016
Description =

Error - 12/06/2011 05:46:52 | Computer Name = private | Source = DCOM | ID = 10010
Description =

Error - 12/06/2011 08:50:44 | Computer Name = private | Source = Service Control Manager | ID = 7000
Description =

Error - 12/06/2011 08:50:45 | Computer Name = private | Source = HTTP | ID = 15016
Description =

Error - 13/06/2011 10:23:34 | Computer Name = private | Source = Service Control Manager | ID = 7000
Description =

Error - 13/06/2011 10:23:37 | Computer Name = private | Source = HTTP | ID = 15016
Description =


< End of report >

I couldn't create a GMER log for some reason? I tried twice. I also noticed something strange. When I opened task manager, I noticed that I had 2 winlogon processes?

Edited by theherotom2, 17 June 2011 - 10:21 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 18 June 2011 - 10:34 AM

Hi,


Step 1

Also, new malware keeps being found on my computer, every time I boot


How do you know? Is it being picked up by your antivirus? What file and malware does it tell you?



Step 2

I see you have IOBit installed on your computer. This is a known rogue antivirus that steals definitions from legitimate antiviruses. Please read about it here. Before I can help you, please uninstall IOBit Malware Fighter and Advanced SystemCare 4 via Add/Remove Programs.

It is also unnecessary in your case since you have Microsoft Security Essentials installed and running. Having more than one each of firewall, anti-spyware and anti-spyware programs is bad as they fight for access to files as part of their real-time protection. This results in false positive and poor system performance. I see you have SuperAntiSpyware installed, so having that plus Microsoft Security Essentials is good. for that matter, you should uninstall either SuperAntiSpyware OR Spybot S+D as they are both anti-spyware. Or, at least disable one's real time protection and scan manually once a week or so.

Also, did you have ESET installed at one time? It looks like you did as there are leftovers. Antiviruses never completely uninstall themselves. We can clear out those remnants once we ensure the machine is clear of malware.



Step 3

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 18 June 2011 - 11:13 AM

I removed one of the programs that you told me to, and disabled real-time protection on the spyware programs. I am also having trouble uninstalling advanced system care.. I uninstalled it and removed from program files, but the program is still fully functional in my taskbar?


aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-18 16:55:22
-----------------------------
16:55:22.384 OS Version: Windows 6.0.6002 Service Pack 2
16:55:22.384 Number of processors: 2 586 0x170A
16:55:22.385 ComputerName: PRIVATE UserName:
16:55:23.511 Initialize success
17:11:25.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:11:25.271 Disk 0 Vendor: Hitachi_ SB4A Size: 152627MB BusType: 3
17:11:25.279 Disk 0 MBR read successfully
17:11:25.280 Disk 0 MBR scan
17:11:25.282 Disk 0 unknown MBR code
17:11:25.285 Disk 0 scanning sectors +312578048
17:11:25.325 Disk 0 scanning C:\Windows\system32\drivers
17:11:30.096 Service scanning
17:11:31.305 Disk 0 trace - called modules:
17:11:31.334 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:11:31.336 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85acb2f8]
17:11:31.339 3 CLASSPNP.SYS[89f168b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x850d7028]
17:11:31.341 Scan finished successfully
17:12:38.609 Disk 0 MBR has been saved successfully to "C:\Users\user account\Desktop\MBR.dat"
17:12:38.615 The log file has been saved successfully to "C:\Users\user account\Desktop\aswMBR.txt"

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 18 June 2011 - 11:34 AM

Hello, theherotom2.

Ok we will remove it manually in a bit.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 18 June 2011 - 01:51 PM

ComboFix 11-06-17.04 - user account 18/06/2011 19:40:37.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.2097 [GMT 1:00]
Running from: c:\users\user account\Desktop\etavaresCF.exe.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\etavaresCF.exe
c:\etavarescf.exe\023.dat
c:\etavarescf.exe\023v.dat
c:\etavarescf.exe\023w7.dat
c:\etavarescf.exe\AppDataFile.cfx
c:\etavarescf.exe\AppDataFolder.cfx
c:\etavarescf.exe\appinit.bad
c:\etavarescf.exe\asp.str
c:\etavarescf.exe\Assoc.cmd
c:\etavarescf.exe\ATTRIB.cfxxe
c:\etavarescf.exe\Auto-RC.cmd
c:\etavarescf.exe\av.cmd
c:\etavarescf.exe\av.vbs
c:\etavarescf.exe\AWF.cmd
c:\etavarescf.exe\badclsid.c
c:\etavarescf.exe\Boot-Rk.cmd
c:\etavarescf.exe\Boot.bat
c:\etavarescf.exe\BootDrv.vbs
c:\etavarescf.exe\c.bat
c:\etavarescf.exe\c.mrk
c:\etavarescf.exe\Catch-sub.cmd
c:\etavarescf.exe\catchme.cfxxe
c:\etavarescf.exe\CCS.bat
c:\etavarescf.exe\CF-Script.cmd
c:\etavarescf.exe\CF6086.cfxxe
c:\etavarescf.exe\CHCP.bat
c:\etavarescf.exe\clsid.c
c:\etavarescf.exe\cmd.cfxxe
c:\etavarescf.exe\Combobatch.bat
c:\etavarescf.exe\ComboFix-Download.cfxxe
c:\etavarescf.exe\Create.cmd
c:\etavarescf.exe\Creg.dat
c:\etavarescf.exe\CregC.cmd
c:\etavarescf.exe\CregC.dat
c:\etavarescf.exe\CSCRIPT.cfxxe
c:\etavarescf.exe\CSet.cmd
c:\etavarescf.exe\dd.cfxxe
c:\etavarescf.exe\ddsDo.sed
c:\etavarescf.exe\DelClsid.bat
c:\etavarescf.exe\DelClsid64.bat
c:\etavarescf.exe\desktop.ini
c:\etavarescf.exe\DesktopFile.cfx
c:\etavarescf.exe\DisclaimED.dat
c:\etavarescf.exe\DPF.str
c:\etavarescf.exe\DrvRun.vbs
c:\etavarescf.exe\dumphive.cfxxe
c:\etavarescf.exe\embedded.sed
c:\etavarescf.exe\en-GB\ATTRIB.cfxxe.mui
c:\etavarescf.exe\en-GB\CF6086.cfxxe.mui
c:\etavarescf.exe\en-GB\CMD.cfxxe.mui
c:\etavarescf.exe\en-GB\CSCRIPT.cfxxe.mui
c:\etavarescf.exe\en-GB\PING.cfxxe.mui
c:\etavarescf.exe\en-GB\REGT.cfxxe.mui
c:\etavarescf.exe\en-GB\ROUTE.cfxxe.mui
c:\etavarescf.exe\en-US\ATTRIB.cfxxe.mui
c:\etavarescf.exe\en-US\CF6086.cfxxe.mui
c:\etavarescf.exe\en-US\cmd.cfxxe.mui
c:\etavarescf.exe\en-US\CSCRIPT.cfxxe.mui
c:\etavarescf.exe\en-US\PING.cfxxe.mui
c:\etavarescf.exe\en-US\REGT.cfxxe.mui
c:\etavarescf.exe\en-US\ROUTE.cfxxe.mui
c:\etavarescf.exe\ERDNT.e_e
c:\etavarescf.exe\ERDNTDOS.LOC
c:\etavarescf.exe\ERDNTWIN.LOC
c:\etavarescf.exe\ERUNT.cfxxe
c:\etavarescf.exe\erunt.dat
c:\etavarescf.exe\ERUNT.LOC
c:\etavarescf.exe\Exe.reg
c:\etavarescf.exe\extract.cfxxe
c:\etavarescf.exe\FavoriteFolder.cfx
c:\etavarescf.exe\FavoritesFile.cfx
c:\etavarescf.exe\FD-SV.cmd
c:\etavarescf.exe\ffdefstr.dll
c:\etavarescf.exe\FileKill.cfxxe
c:\etavarescf.exe\files.pif
c:\etavarescf.exe\Fin.dat
c:\etavarescf.exe\FIND3M.bat
c:\etavarescf.exe\FIXLSP.bat
c:\etavarescf.exe\FKMGen.cmd
c:\etavarescf.exe\GetHive.cmd
c:\etavarescf.exe\grep.cfxxe
c:\etavarescf.exe\gsar.cfxxe
c:\etavarescf.exe\handle.cfxxe
c:\etavarescf.exe\HDPEInfo.cfxxe
c:\etavarescf.exe\hidec.cfxxe
c:\etavarescf.exe\history.bat
c:\etavarescf.exe\hwid.pif
c:\etavarescf.exe\iexplore.exe
c:\etavarescf.exe\image001.gif
c:\etavarescf.exe\Imefile.dat
c:\etavarescf.exe\Install-RC.cmd
c:\etavarescf.exe\katch.cmd
c:\etavarescf.exe\Kill-All.cmd
c:\etavarescf.exe\kmd.dat
c:\etavarescf.exe\Lang.bat
c:\etavarescf.exe\List-B.bat
c:\etavarescf.exe\List-C.bat
c:\etavarescf.exe\List-D.bat
c:\etavarescf.exe\List.bat
c:\etavarescf.exe\lnkread.vbs
c:\etavarescf.exe\LocalAppDataFile.cfx
c:\etavarescf.exe\LocalAppDataFolder.cfx
c:\etavarescf.exe\LocalService.dat
c:\etavarescf.exe\LocalServiceNetworkRestricted.dat
c:\etavarescf.exe\LocalSettingsFile.cfx
c:\etavarescf.exe\LocalSystemNetworkRestricted.dat
c:\etavarescf.exe\mbr.cfxxe
c:\etavarescf.exe\mbr.chk
c:\etavarescf.exe\md5sum.pif
c:\etavarescf.exe\MoveIt.bat
c:\etavarescf.exe\mtee.cfxxe
c:\etavarescf.exe\MtPt00
c:\etavarescf.exe\MUI
c:\etavarescf.exe\mynul.dat
c:\etavarescf.exe\N_\10942
c:\etavarescf.exe\N_\12697
c:\etavarescf.exe\N_\14930
c:\etavarescf.exe\N_\18109
c:\etavarescf.exe\N_\25349
c:\etavarescf.exe\N_\29064
c:\etavarescf.exe\N_\6591
c:\etavarescf.exe\N_\9031
c:\etavarescf.exe\ncmd.com
c:\etavarescf.exe\ND_.bat
c:\etavarescf.exe\ND_64.bat
c:\etavarescf.exe\ndis_combofix.dat
c:\etavarescf.exe\netsvc.bad.dat
c:\etavarescf.exe\netsvc.dat
c:\etavarescf.exe\netsvc.vista.dat
c:\etavarescf.exe\netsvc.xp.dat
c:\etavarescf.exe\NetworkService.dat
c:\etavarescf.exe\NirCmd.cfxxe
c:\etavarescf.exe\NircmdB.exe
c:\etavarescf.exe\NirCmdC.cfxxe
c:\etavarescf.exe\NIRKMD.cfxxe
c:\etavarescf.exe\NlsLanguageDefault
c:\etavarescf.exe\NT-OS.cmd
c:\etavarescf.exe\NULL
c:\etavarescf.exe\OSid.vbs
c:\etavarescf.exe\OsVer
c:\etavarescf.exe\pausep.cfxxe
c:\etavarescf.exe\PersonalFile.cfx
c:\etavarescf.exe\PersonalFolder.cfx
c:\etavarescf.exe\pev.cfxxe
c:\etavarescf.exe\pevb.cfxxe
c:\etavarescf.exe\PING.cfxxe
c:\etavarescf.exe\Policies.dat
c:\etavarescf.exe\powp.dat
c:\etavarescf.exe\Prep.inf
c:\etavarescf.exe\ProfilesFile.cfx
c:\etavarescf.exe\ProfilesFolder.cfx
c:\etavarescf.exe\ProgramsFile.cfx
c:\etavarescf.exe\ProgramsFolder.cfx
c:\etavarescf.exe\Purity.dat
c:\etavarescf.exe\PV.cfxxe
c:\etavarescf.exe\pv.com
c:\etavarescf.exe\rar_sfx.cmd
c:\etavarescf.exe\RCLink.dat
c:\etavarescf.exe\REGDACL.sed
c:\etavarescf.exe\RegDo.sed
c:\etavarescf.exe\region.dat
c:\etavarescf.exe\RegScan.cmd
c:\etavarescf.exe\RegScan64.cmd
c:\etavarescf.exe\Resident.txt
c:\etavarescf.exe\restore_pt.vbs
c:\etavarescf.exe\Rkey.cmd
c:\etavarescf.exe\rmbr.cfxxe
c:\etavarescf.exe\rogues.dat
c:\etavarescf.exe\ROUTE.cfxxe
c:\etavarescf.exe\run2.sed
c:\etavarescf.exe\Rust.str
c:\etavarescf.exe\s0rt.cfxxe
c:\etavarescf.exe\safeboot.dat
c:\etavarescf.exe\safeboot.def.dat
c:\etavarescf.exe\safeboot.def.vista.dat
c:\etavarescf.exe\Safeboot.def.w7.dat
c:\etavarescf.exe\sed.cfxxe
c:\etavarescf.exe\SetEnvmt.bat
c:\etavarescf.exe\setpath.cfxxe
c:\etavarescf.exe\setpath_N.cmd
c:\etavarescf.exe\SF.exe
c:\etavarescf.exe\sfx.cmd
c:\etavarescf.exe\SnapShot.cmd
c:\etavarescf.exe\SRestore.cmd
c:\etavarescf.exe\srizbi.md5
c:\etavarescf.exe\Start_dat
c:\etavarescf.exe\StartMenuFile.cfx
c:\etavarescf.exe\StartMenuFolder.cfx
c:\etavarescf.exe\StartUpFile.cfx
c:\etavarescf.exe\SuppScan.cmd
c:\etavarescf.exe\svc_wht.dat
c:\etavarescf.exe\SvcDrv.vbs
c:\etavarescf.exe\svchost.dat
c:\etavarescf.exe\svchost.vista.dat
c:\etavarescf.exe\svchost.vista.x64.dat
c:\etavarescf.exe\svchost.w7.dat
c:\etavarescf.exe\svchost.w7.x64.dat
c:\etavarescf.exe\swreg.cfxxe
c:\etavarescf.exe\swsc.cfxxe
c:\etavarescf.exe\swxcacls.cfxxe
c:\etavarescf.exe\system_ini.dat
c:\etavarescf.exe\tail.cfxxe
c:\etavarescf.exe\TemplatesFile.cfx
c:\etavarescf.exe\TemplatesFolder.cfx
c:\etavarescf.exe\toolbar.sed
c:\etavarescf.exe\Update-CF.cmd
c:\etavarescf.exe\VerCF.bat
c:\etavarescf.exe\VInfo
c:\etavarescf.exe\VInfo2
c:\etavarescf.exe\Vipev.dat
c:\etavarescf.exe\Vista.krl
c:\etavarescf.exe\Vista.mac
c:\etavarescf.exe\vistaMcode.dat
c:\etavarescf.exe\vistareg.dat
c:\etavarescf.exe\vun.dat
c:\etavarescf.exe\VwinTemp.dacl
c:\etavarescf.exe\w_sock.dll
c:\etavarescf.exe\w2k_sock.dll
c:\etavarescf.exe\w2kreg.dat
c:\etavarescf.exe\w7Mcode.dat
c:\etavarescf.exe\w7reg.dat
c:\etavarescf.exe\Wmi_rem.vbs
c:\etavarescf.exe\xpmcode.dat
c:\etavarescf.exe\xpreg.dat
c:\etavarescf.exe\XPSBoot.reg
c:\etavarescf.exe\zDomain.dat
c:\etavarescf.exe\zhsvc.dat
c:\etavarescf.exe\zip.cfxxe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 18:47 . 2011-06-18 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-18 18:29 . 2002-12-23 17:45 49152 ----a-w- c:\windows\system32\ResizerXTLite.ocx
2011-06-18 16:15 . 2011-06-18 16:15 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E92009-A02E-496A-8BB0-7EA08A0D64DC}\MpKsl61e167d2.sys
2011-06-18 05:44 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E92009-A02E-496A-8BB0-7EA08A0D64DC}\mpengine.dll
2011-06-17 16:06 . 2011-06-17 16:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 17:15 . 2005-04-17 02:08 147456 ----a-w- c:\windows\system32\AResizeLite.ocx
2011-06-16 17:15 . 2000-10-10 11:01 198656 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-06-16 14:26 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-15 15:55 . 2011-06-15 15:55 -------- d-----w- c:\program files\GetMiro Toolbar
2011-06-15 15:53 . 2011-06-15 15:53 -------- d-----w- c:\program files\Participatory Culture Foundation
2011-06-14 18:53 . 2011-06-14 18:53 -------- d-----w- c:\program files\Windows Portable Devices
2011-06-14 18:44 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-06-14 18:44 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-06-14 18:44 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-06-14 18:43 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-06-14 18:43 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-06-14 18:43 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-06-14 18:43 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-06-14 18:43 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-06-14 18:43 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-06-14 18:43 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-06-14 18:43 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2011-06-14 18:43 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2011-06-14 18:43 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2011-06-14 18:43 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2011-06-14 18:42 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2011-06-14 18:42 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2011-06-14 18:42 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2011-06-14 18:42 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2011-06-14 18:42 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2011-06-14 18:42 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2011-06-14 18:42 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2011-06-14 18:42 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2011-06-14 18:42 . 2009-10-01 01:01 227840 ----a-w- c:\windows\system32\drivers\UMDF\WpdFs.dll
2011-06-14 18:42 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-06-14 18:42 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-06-14 18:42 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-06-14 18:25 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-14 18:25 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-14 18:25 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-14 18:25 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-14 18:25 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-14 18:25 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-14 18:25 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-14 18:25 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-14 14:50 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-06-14 14:49 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-06-13 21:02 . 2011-06-13 21:03 -------- d-----w- c:\windows\system32\ca-ES
2011-06-13 21:02 . 2011-06-13 21:02 -------- d-----w- c:\windows\system32\eu-ES
2011-06-13 21:02 . 2011-06-13 21:02 -------- d-----w- c:\windows\system32\vi-VN
2011-06-13 19:45 . 2011-06-13 19:45 -------- d-----w- c:\windows\system32\EventProviders
2011-06-12 10:21 . 2011-06-12 10:21 -------- d-----w- c:\windows\symbols
2011-06-12 10:20 . 2011-06-12 10:20 -------- d-----w- c:\program files\Bin
2011-06-12 10:18 . 2009-04-11 06:28 677376 ----a-w- c:\windows\system32\imapi2fs.dll
2011-06-12 10:17 . 2009-04-11 06:28 302592 ----a-w- c:\windows\system32\QAGENTRT.DLL
2011-06-12 10:16 . 2009-04-11 06:28 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-06-12 10:15 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-06-12 09:44 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-11 15:43 . 2011-06-11 15:43 -------- d-----w- c:\program files\Common Files\SourceTec
2011-06-11 15:43 . 2011-06-11 15:43 -------- d-----w- c:\program files\SourceTec
2011-06-11 13:20 . 2011-06-11 13:20 -------- d-----w- c:\program files\Microsoft SQL Server
2011-06-11 13:20 . 2011-06-14 19:03 -------- d-----w- c:\program files\Microsoft Silverlight
2011-06-11 13:20 . 2011-06-11 13:20 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-06-11 13:20 . 2011-06-11 13:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-06-11 13:20 . 2011-06-14 18:49 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2011-06-11 13:20 . 2011-06-14 18:48 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2011-06-11 13:17 . 2011-06-11 13:20 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2011-06-11 13:17 . 2011-06-11 13:17 -------- d-----w- c:\program files\Microsoft SDKs
2011-06-11 11:50 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-06-11 11:50 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-06-11 11:50 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-06-11 08:47 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-06-10 20:40 . 2011-06-10 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-10 20:17 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-06-10 20:17 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-06-10 20:17 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-06-10 20:17 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-06-10 20:17 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-06-10 20:12 . 2011-06-10 20:12 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-06-10 19:39 . 2011-06-10 19:39 -------- d-----w- c:\program files\Conduit
2011-06-10 19:37 . 2011-06-10 19:38 -------- d-----w- c:\program files\Smart PC Utilities
2011-06-10 19:29 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-06-10 19:29 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-06-10 17:25 . 2011-06-10 17:25 -------- d-----w- c:\program files\Trend Micro
2011-06-10 17:23 . 2011-06-18 05:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-06-10 17:23 . 2011-06-10 17:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-10 16:49 . 2011-06-10 16:49 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-06-10 16:48 . 2011-06-10 16:48 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-06-10 16:48 . 2011-06-10 16:48 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-06-10 16:47 . 2011-06-10 16:47 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-06-10 16:46 . 2011-06-10 16:46 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-06-10 16:46 . 2011-06-10 16:46 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-06-10 16:46 . 2011-06-10 16:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2011-06-10 16:46 . 2011-06-10 16:46 23552 ----a-w- c:\windows\system32\lpk.dll
2011-06-10 16:46 . 2011-06-10 16:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-06-10 16:45 . 2011-06-10 16:45 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-10 16:43 . 2011-06-10 16:43 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-06-10 16:43 . 2011-06-10 16:43 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-06-10 16:42 . 2011-06-10 16:42 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-06-10 16:42 . 2011-06-10 16:42 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-06-10 16:42 . 2011-06-10 16:42 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-10 16:41 . 2011-06-10 16:41 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-06-10 16:41 . 2011-06-10 16:41 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-06-10 16:41 . 2011-06-10 16:41 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-06-10 16:41 . 2011-06-10 16:41 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-06-10 16:41 . 2011-06-10 16:41 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-06-10 16:41 . 2011-06-10 16:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-06-10 16:41 . 2011-06-10 16:41 322560 ----a-w- c:\windows\system32\sbe.dll
2011-06-10 16:41 . 2011-06-10 16:41 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-06-10 16:41 . 2011-06-10 16:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-06-10 16:40 . 2011-06-10 16:40 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-10 16:40 . 2011-06-10 16:40 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-10 16:40 . 2011-06-10 16:40 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-06-10 16:39 . 2011-06-10 16:39 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-06-10 16:38 . 2011-06-10 16:38 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-06-10 16:38 . 2011-06-10 16:38 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-06-10 16:38 . 2011-06-10 16:38 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-06-10 16:38 . 2011-06-10 16:38 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-06-10 16:38 . 2011-06-10 16:38 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-06-10 16:38 . 2011-06-10 16:38 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-06-10 16:38 . 2011-06-10 16:38 2048 ----a-w- c:\windows\system32\tzres.dll
2011-06-10 16:37 . 2011-06-10 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-06-10 16:37 . 2011-06-10 16:37 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-06-10 16:37 . 2011-06-10 16:37 1316864 ----a-w- c:\windows\system32\ole32.dll
2011-06-10 16:36 . 2011-06-10 16:36 954752 ----a-w- c:\windows\system32\mfc40.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-10 11:55 . 2010-04-27 14:19 1214976 ----a-w- c:\windows\system32\drivers\athr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2008-08-07 16:54 157168 ----a-w- c:\programdata\Partner\partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^user account^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.lnk]
path=c:\users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
backup=c:\windows\pss\DesktopVideoPlayer.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jswtrayutil
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-10 11:47 136176 ----atw- c:\users\user account\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-06-25 13:05 170520 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 13:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-05-29 08:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 13:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 13:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 16:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 14:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-03-25 03:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-06-11 08:57 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [x]
R4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R4 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2008-08-07 110576]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 MpKsl61e167d2;MpKsl61e167d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15E92009-A02E-496A-8BB0-7EA08A0D64DC}\MpKsl61e167d2.sys [2011-06-18 28752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL61E167D2
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000Core.job
- c:\users\user account\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 11:47]
.
2011-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000UA.job
- c:\users\user account\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10 11:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-IObit Malware Fighter - c:\program files\IObit\IObit Malware Fighter\IMF.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-NDSTray - NDSTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-18 19:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-18 19:49:04
ComboFix-quarantined-files.txt 2011-06-18 18:49
.
Pre-Run: 21,382,266,880 bytes free
Post-Run: 21,331,984,384 bytes free
.
- - End Of File - - F60E0BDC14E540825350DCA3FC62A636

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 19 June 2011 - 09:18 AM

Hello, theherotom2.


Step 1

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  • Please download OTL from one of the following mirrors if you do not still have it.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Paste the following code under the Custom Scans/Fixes box at the bottom.
    :files
    C:\Program Files\IObit\
    C:\Program Files\Conduit
    :OTL
    SRV - [2011/06/01 14:10:00 | 000,821,080 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - [2011/05/28 14:46:56 | 000,353,168 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
    DRV - [2011/03/23 00:59:18 | 000,019,280 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
    DRV - [2011/03/23 00:59:16 | 000,030,600 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
    DRV - [2011/04/27 19:18:10 | 000,018,768 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
    SRV - File not found [Auto | Stopped] -- -- (XAudioService)
    SRV - File not found [Disabled | Stopped] -- -- (ekrn)
    O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
    O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:408F95E5
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1066838518-2351977147-4070543323-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "FirewallOverride"=0
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableStatusMessages"=0
    :Commands
    [EmptyTemp]
    
  • Click the Run Fix button at the top.
  • let the program run unhindered and reboot when it is done.
  • You will get a log when it is done, please post that in your reply.
  • Please then create a new OTL report....
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it in a reply here.



Step 2

Download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

If you have a 64-bit system, please download the 64 bit version from here:
SystemLook (64-bit)

  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy and Paste the content of the following codebox into the main textfield under "File":
    :filefind
    winlogon.*
    
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt
2nd Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 19 June 2011 - 10:19 AM

All processes killed
========== FILES ==========
C:\Program Files\IObit\Smart Defrag 2\Skins\White folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Skins\Black folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Skins folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Log folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Language folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Help\Images folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Help folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\Freeware folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wxp_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wnet_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\wlh_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x86 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers\win7_x64 folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2\drivers folder moved successfully.
C:\Program Files\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files\IObit\Random Password Generator folder moved successfully.
C:\Program Files\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files\IObit\Advanced SystemCare 4 folder moved successfully.
C:\Program Files\IObit folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== OTL ==========
Error: No service named IMFservice was found to stop!
Service\Driver key IMFservice not found.
File C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe not found.
Service AdvancedSystemCareService stopped successfully!
Service AdvancedSystemCareService deleted successfully!
File C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe not found.
Error: No service named UrlFilter was found to stop!
Service\Driver key UrlFilter not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys not found.
Error: No service named RegFilter was found to stop!
Service\Driver key RegFilter not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys not found.
Error: No service named FileMonitor was found to stop!
Service\Driver key FileMonitor not found.
File C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys not found.
Service XAudioService stopped successfully!
Service XAudioService deleted successfully!
Service ekrn stopped successfully!
Service ekrn deleted successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
ADS C:\ProgramData\TEMP:408F95E5 deleted successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-1066838518-2351977147-4070543323-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"FirewallOverride"|0 /E!
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\"DisableStatusMessages"|0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user account
->Temp folder emptied: 9032191 bytes
->Temporary Internet Files folder emptied: 1028122 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 227601856 bytes
->Flash cache emptied: 7689 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 581120 bytes

Total Files Cleaned = 227.00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06192011_161652

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


I sorted out the 2 winlogon processes myself.. but here is the log:

SystemLook 04.09.10 by jpshortstuff
Log created at 16:20 on 19/06/2011 by user account
Administrator - Elevation successful

========== filefind ==========

Searching for "winlogon.*"
C:\Windows\ERDNT\cache\winlogon.exe --a---- 314368 bytes [18:48 18/06/2011] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\System32\winlogon.exe --a---- 314368 bytes [10:17 12/06/2011] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\System32\en-US\winlogon.exe.mui --a---- 28672 bytes [02:25 21/01/2008] [02:25 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0
C:\Windows\System32\wbem\winlogon.mof --a---- 2794 bytes [07:20 02/11/2006] [21:41 18/09/2006] 545C578F290B9CDD280966939935B9EA
C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof --a---- 2794 bytes [07:20 02/11/2006] [21:41 18/09/2006] 545C578F290B9CDD280966939935B9EA
C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui --a---- 28672 bytes [12:40 02/11/2006] [12:40 02/11/2006] A1D2856F3EC3C86EBBF1442B0245A8B3
C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui --a---- 28672 bytes [02:25 21/01/2008] [02:25 21/01/2008] 26AC28BF50DC112BAA794A83E08588F0
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a---- 314880 bytes [02:24 21/01/2008] [02:24 21/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a---- 314368 bytes [10:17 12/06/2011] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

-= EOF =-

Edited by theherotom2, 19 June 2011 - 10:23 AM.


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 19 June 2011 - 01:50 PM

Hello, theherotom2.

What did you do regarding winlogon.exe?

Let's cleanup some of your leftover antiviruses and run an online check for a second opinion.



Step 1


First, we'll uninstall ESET.

Download ESET Uninstaller and save to your desktop.

Boot into safe mode by repeatedly tapping F8 during startup until you can select Safe Mode. The Uninstaller will not run in normal mode.

Double-click the uninstaller. A command prompt window will open. Type "y" at the prompt and press Enter continue.

Select the installation to remove. Usually it will only find one instance, so type 1 and press Enter.

Type 'y' and confirm at the third prompt.

It will take < 1 minute typically, then prompt you to press any key to end, so just hit Enter and boot into normal mode.



Step 2


Next, McAfee had some leftovers.

Download MCPR (the McAfee removal tool) and save to your desktop. Double-click to run it (normal mode is fine for this one). When done, it should say Successful. Reboot at that point.



Step 3

Next, we need to remove old Java versions.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    J2SE Runtime Environment 5.0 Update 22
    J2SE Development Kit 5.0 Update 22
    Java™ 6 Update 6
  • Reboot your computer once all Java components are removed.




Step 4

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 19 June 2011 - 04:11 PM

1. The fake winlogon process was located in my appdata folder, I deleted it then rebooted. The process stopped starting after that.

2.Did you need this?

>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[06/19/11 22:02:36] C:\Users\user account\Desktop\ESETUninstaller.exe 4.0.15.5
[06/19/11 22:02:36] Input arguments:
[06/19/11 22:02:37] Online (PC booted from fixed disk) mode detected.

[06/19/11 22:02:37] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[06/19/11 22:02:57] Scanning available operating systems ...

[06/19/11 22:02:57] Available operating systems, which AV product can be removed from:

[06/19/11 22:02:57] [1]
[06/19/11 22:02:57] Product Name: Windows Vista ™ Home Premium
[06/19/11 22:02:57] Current Version: 6.0.2.6002.WinNT.x86
[06/19/11 22:02:57] Volume: C:\
[06/19/11 22:02:57] System Root: C:\Windows
[06/19/11 22:02:57] Program Files: C:\Program Files
[06/19/11 22:02:57] Program Files (x86):
[06/19/11 22:02:57] Common files: C:\Program Files\Common Files
[06/19/11 22:02:57] Common files (x86):
[06/19/11 22:02:57] Common application data folder: C:\ProgramData
[06/19/11 22:02:57] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[06/19/11 22:02:57] Device path folder: C:\Windows\inf
[06/19/11 22:02:57] Drives mapping:
[06/19/11 22:02:57] Current Letter: C Native Letter: C
[06/19/11 22:02:57] Current Letter: E Native Letter: E

[06/19/11 22:02:57] Building cache: COM: AppID -> DllName ...
[06/19/11 22:02:57] Building cache: COM: Category -> ReferenceCounter ...
[06/19/11 22:02:57] Scanning installed AV products ...

[06/19/11 22:03:00] Installed AV products:
[06/19/11 22:03:00] 1. ESS/EAV/EMSX

[06/19/11 22:03:00] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[06/19/11 22:03:15] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[06/19/11 22:03:18] Product uninstallation: ESS/EAV/EMSX

[06/19/11 22:03:18] Uninstallation in progress, please wait ...

[06/19/11 22:03:18] Current control set ... ControlSet001

[06/19/11 22:03:18] Services: deleted: ControlSet001\Services\eamon
[06/19/11 22:03:18] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWWFPR
[06/19/11 22:03:18] Services: deleted service: 'ehdrv' item: 0x00000015 in GroupOrderList: 'Base'
[06/19/11 22:03:18] Services: deleted: ControlSet001\Services\ehdrv
[06/19/11 22:03:18] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV
[06/19/11 22:03:18] Services: Driver's .sys file deleted: ehdrv.sys

[06/19/11 22:03:18] WSC: ESS/EAV unregistered of Windows Security Center

[06/19/11 22:03:18] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[06/19/11 22:03:18] Product code of ESET product: {A66242A1-9101-425D-9BE5-D19A50E1D0D8}
[06/19/11 22:03:18] Name of ESET product: ESET NOD32 Antivirus
[06/19/11 22:03:18] Reverse product code: 1A24266A1019D524B95E1DA9051E0D8D
[06/19/11 22:03:18] Install location:
[06/19/11 22:03:18] Local MSI package:
[06/19/11 22:03:18] Product icon:

[06/19/11 22:03:18] ESET Product: deleted: ESET\ESET Security
[06/19/11 22:03:18] ESET Product: deleted: ESET\Setup
[06/19/11 22:03:18] ESET Product: deleted: ESET


[06/19/11 22:03:18] Email plugins: deleted value in: Microsoft\Exchange\Client\Extensions ...
[06/19/11 22:03:18] deleted: ESET Outlook Plugin

[06/19/11 22:03:18] Uninstallation ESS/EAV/EMSX finished successfully.


[06/19/11 22:03:19] Log file location: "C:\Users\user account\Desktop\~ESETUninstaller.log"

[06/19/11 22:03:19] Uninstallation finished successfully, please restart your PC now.

[06/19/11 22:03:19] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>






The McAfee uninstaller ran successfully. Also, where can I download the newest JDK (I needed it).
I never use internet explorer, google crome wasn't compatible with the online scanner?

Edited by theherotom2, 19 June 2011 - 04:40 PM.


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 20 June 2011 - 05:39 PM

See Steps 3.1 and 3.2 in my instructions to have it work with Chrome. Please post the scan log after doing the manual workaround.

In regards to the JDK, you can download the latest version (26) here:
http://www.oracle.com/technetwork/java/javase/downloads/index.html


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 21 June 2011 - 11:06 AM

C:\Users\user account\Desktop\Downloads\visualbasiccodes.exe probably a variant of Win32/Agent.LTWZODE trojan cleaned by deleting - quarantined
C:\Users\user account\Desktop\Downloads\visualbasiccode.exe probably a variant of Win32/Agent.LTWZODE trojan cleaned by deleting - quarantined
C:\Users\user account\Desktop\Downloads\VB8test.zip probably a variant of Win32/VB.NQZQDXO trojan deleted - quarantined
C:\Users\user account\Desktop\Downloads\Miro_Installer.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\user account\Desktop\Downloads\SkipScreen-Setup(1).exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\user account\Desktop\Downloads\SkipScreen-Setup(2).exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\user account\Desktop\Downloads\SkipScreen-Setup.exe Win32/Toolbar.Zugo application deleted - quarantined

Edited by theherotom2, 21 June 2011 - 11:08 AM.


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 21 June 2011 - 06:19 PM

Ok, nothing major there. Before we clean up, how is your computer running? Please also post one final OTL quick scan for me to look over before I call this clean.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 theherotom2

theherotom2
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:37 AM

Posted 22 June 2011 - 09:33 AM

My laptop is running fine, however, when I open visual basics 2008 it crashes and comes up with the end program message.



OTL logfile created on: 22/06/2011 15:30:38 - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\user account\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 63.99% Memory free
5.94 Gb Paging File | 5.05 Gb Available in Paging File | 85.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.22 Gb Total Space | 19.88 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
Drive E: | 73.36 Gb Total Space | 68.09 Gb Free Space | 92.81% Space Free | Partition Type: NTFS

Computer Name: PRIVATE | User Name: user account | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/22 15:30:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\user account\Desktop\Downloads\OTL (2).exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/06/22 15:30:25 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\user account\Desktop\Downloads\OTL (2).exe
MOD - [2011/06/10 17:36:24 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 17:54:29 | 000,110,576 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\ProgramData\Partner\partner.exe -- (Partner Service)
SRV - [2008/04/16 15:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/06/22 15:27:14 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{165D59A3-0407-4429-8FB4-4643F959CA06}\MpKsl63d3df7e.sys -- (MpKsl63d3df7e)
DRV - [2011/06/10 12:55:39 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/02/23 16:52:34 | 000,016,184 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/07/18 18:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/07/15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008/04/28 16:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/15 09:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/06/18 19:47:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableThumbnailsOnNetworkFolders = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/22 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Line Rider
[2011/06/22 08:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line Rider
[2011/06/21 19:13:50 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\OneNote Notebooks
[2011/06/21 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\SWiSH Max4
[2011/06/21 16:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWiSHzone.com
[2011/06/21 16:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\SWiSH Max4
[2011/06/21 15:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2011/06/19 22:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/19 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\fizzy
[2011/06/19 10:58:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/18 19:49:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/18 19:49:06 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\temp
[2011/06/18 19:39:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/18 19:39:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/18 19:39:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/18 19:38:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/18 19:38:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/18 19:29:41 | 000,049,152 | ---- | C] (FELFLY EI) -- C:\Windows\System32\ResizerXTLite.ocx
[2011/06/18 12:48:08 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\New Folder (2)
[2011/06/18 07:14:46 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\WindowsApplication1
[2011/06/17 17:06:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/17 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Mozilla
[2011/06/17 16:57:18 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\GetRightToGo
[2011/06/17 16:57:18 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\Downloads
[2011/06/17 15:50:38 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\New Folder
[2011/06/16 18:15:58 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011/06/16 18:15:58 | 000,147,456 | ---- | C] (VBGold Software) -- C:\Windows\System32\AResizeLite.ocx
[2011/06/16 15:26:03 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/06/15 16:56:31 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\PCF-VLC
[2011/06/15 16:56:29 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\gtk-2.0
[2011/06/15 16:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\GetMiro Toolbar
[2011/06/15 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Mozilla
[2011/06/15 16:55:07 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Participatory Culture Foundation
[2011/06/15 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miro
[2011/06/15 16:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2011/06/15 16:52:20 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\Window v2
[2011/06/14 19:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/06/14 19:44:12 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/06/14 19:44:11 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/06/14 19:44:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/06/14 19:43:37 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/06/14 19:43:34 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/06/14 19:43:34 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/06/14 19:43:34 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/06/14 19:43:34 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/06/14 19:43:33 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/06/14 19:43:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/06/14 19:43:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/06/14 19:43:01 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/06/14 19:42:57 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/06/14 19:42:57 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/06/14 19:42:57 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/06/14 19:42:56 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/06/14 19:42:56 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/06/14 19:42:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/06/14 19:42:03 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/06/14 19:42:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/06/14 19:26:10 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/14 19:26:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/14 19:26:09 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/14 19:26:09 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/14 19:26:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/06/14 19:26:08 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/14 15:51:36 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/06/14 15:51:36 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/06/14 15:51:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/06/14 15:51:35 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/06/14 15:51:34 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/06/14 15:51:34 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/06/14 15:51:33 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/06/14 15:51:33 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/06/14 15:51:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/06/14 15:51:32 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/06/14 15:51:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/06/14 15:51:30 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/06/14 15:51:01 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/06/14 15:51:01 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/06/14 15:51:01 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/06/14 15:51:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/14 15:51:00 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/06/14 15:51:00 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/06/14 15:51:00 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/06/14 15:51:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/06/14 15:51:00 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/06/14 15:51:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/06/14 15:50:59 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/06/14 15:49:59 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/06/13 22:02:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/06/13 20:45:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/06/13 20:05:38 | 000,000,000 | ---D | C] -- C:\Users\user account\Desktop\other
[2011/06/13 15:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/12 11:21:10 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2011/06/12 11:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bin
[2011/06/12 11:19:21 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/06/12 11:19:17 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/06/12 11:19:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/06/12 11:19:13 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011/06/12 11:19:12 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/06/12 11:19:08 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/06/12 11:19:05 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/06/12 11:19:05 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/06/12 11:19:03 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/06/12 11:19:02 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011/06/12 11:18:59 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/06/12 11:18:58 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011/06/12 11:18:58 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011/06/12 11:18:54 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/06/12 11:18:52 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/06/12 11:18:50 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/06/12 11:18:50 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/06/12 11:18:49 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/06/12 11:18:48 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/06/12 11:18:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/06/12 11:18:44 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/06/12 11:18:43 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011/06/12 11:18:43 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/06/12 11:18:43 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/06/12 11:18:43 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/06/12 11:18:42 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/06/12 11:18:41 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/06/12 11:18:41 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/06/12 11:18:41 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011/06/12 11:18:39 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011/06/12 11:18:39 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/06/12 11:18:38 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011/06/12 11:18:36 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/06/12 11:18:34 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/06/12 11:18:33 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/06/12 11:18:33 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011/06/12 11:18:32 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/06/12 11:18:32 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/06/12 11:18:30 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/06/12 11:18:30 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/06/12 11:18:30 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/06/12 11:18:29 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/06/12 11:18:29 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/06/12 11:18:28 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/06/12 11:18:28 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/06/12 11:18:28 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011/06/12 11:18:27 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/06/12 11:18:26 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/06/12 11:18:25 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/06/12 11:18:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011/06/12 11:18:25 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/06/12 11:18:24 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/06/12 11:18:24 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011/06/12 11:18:23 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/06/12 11:18:23 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/06/12 11:18:23 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/06/12 11:18:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/06/12 11:18:21 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/06/12 11:18:21 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/06/12 11:18:21 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/06/12 11:18:20 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/06/12 11:18:17 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011/06/12 11:18:17 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/06/12 11:18:17 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/06/12 11:18:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/06/12 11:18:16 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/06/12 11:18:16 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/06/12 11:18:15 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/06/12 11:18:14 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011/06/12 11:18:14 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/06/12 11:18:13 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/06/12 11:18:13 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/06/12 11:18:12 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/06/12 11:18:12 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/06/12 11:18:12 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/06/12 11:18:11 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/06/12 11:18:11 | 000,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/12 11:18:10 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/06/12 11:18:10 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/06/12 11:18:09 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/06/12 11:18:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/06/12 11:18:08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/06/12 11:18:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011/06/12 11:18:07 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/06/12 11:18:07 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/06/12 11:18:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/06/12 11:18:05 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/06/12 11:18:05 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/06/12 11:18:04 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/06/12 11:18:04 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/06/12 11:18:04 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011/06/12 11:18:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011/06/12 11:18:01 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/06/12 11:18:01 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011/06/12 11:18:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/06/12 11:17:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/06/12 11:17:58 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/06/12 11:17:57 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/06/12 11:17:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011/06/12 11:17:56 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/06/12 11:17:56 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/06/12 11:17:54 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/06/12 11:17:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/06/12 11:17:53 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/06/12 11:17:50 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/06/12 11:17:48 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/06/12 11:17:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/06/12 11:17:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011/06/12 11:17:47 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/06/12 11:17:47 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011/06/12 11:17:47 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011/06/12 11:17:47 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/06/12 11:17:46 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/06/12 11:17:45 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/06/12 11:17:44 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/06/12 11:17:43 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/06/12 11:17:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/06/12 11:17:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/06/12 11:17:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/06/12 11:17:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/06/12 11:17:43 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/06/12 11:17:42 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/06/12 11:17:42 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/06/12 11:17:41 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011/06/12 11:17:41 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/06/12 11:17:41 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/06/12 11:17:41 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/06/12 11:17:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011/06/12 11:17:40 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/06/12 11:17:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/06/12 11:17:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/06/12 11:17:40 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/06/12 11:17:39 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/06/12 11:17:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/06/12 11:17:39 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/06/12 11:17:38 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/06/12 11:17:38 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/06/12 11:17:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/06/12 11:17:37 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/06/12 11:17:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/06/12 11:17:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/06/12 11:17:37 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/06/12 11:17:35 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/06/12 11:17:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/06/12 11:17:35 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/06/12 11:17:35 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/06/12 11:17:35 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/06/12 11:17:33 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/06/12 11:17:33 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/06/12 11:17:33 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/06/12 11:17:33 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/06/12 11:17:32 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/06/12 11:17:32 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/06/12 11:17:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/06/12 11:17:31 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/06/12 11:17:31 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/06/12 11:17:31 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/06/12 11:17:31 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/06/12 11:17:30 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/06/12 11:17:30 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/06/12 11:17:30 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/06/12 11:17:30 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/06/12 11:17:30 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/06/12 11:17:29 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/06/12 11:17:29 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/06/12 11:17:29 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/06/12 11:17:27 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/06/12 11:17:27 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/06/12 11:17:27 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/06/12 11:17:27 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/06/12 11:17:27 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/06/12 11:17:26 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/06/12 11:17:26 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/06/12 11:17:26 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/06/12 11:17:25 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/06/12 11:17:25 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/06/12 11:17:24 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/06/12 11:17:24 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/06/12 11:17:24 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/06/12 11:17:23 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/06/12 11:17:23 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/06/12 11:17:23 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/06/12 11:17:23 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/06/12 11:17:23 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/06/12 11:17:23 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/06/12 11:17:23 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/06/12 11:17:22 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/06/12 11:17:21 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/06/12 11:17:21 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/06/12 11:17:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011/06/12 11:17:19 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/06/12 11:17:19 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/06/12 11:17:19 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/06/12 11:17:19 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/06/12 11:17:19 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/06/12 11:17:18 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/12 11:17:18 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/06/12 11:17:18 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/06/12 11:17:17 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/06/12 11:17:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/06/12 11:17:16 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/06/12 11:17:16 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/06/12 11:17:16 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/06/12 11:17:16 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/06/12 11:17:16 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/06/12 11:17:16 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/06/12 11:17:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/06/12 11:17:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/06/12 11:17:15 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/06/12 11:17:15 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/06/12 11:17:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/06/12 11:17:15 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/06/12 11:17:14 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/06/12 11:17:14 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/06/12 11:17:14 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/06/12 11:17:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011/06/12 11:17:13 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/06/12 11:17:12 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/06/12 11:17:12 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/06/12 11:17:12 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/06/12 11:17:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/06/12 11:17:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/06/12 11:17:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/06/12 11:17:12 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/06/12 11:17:11 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/06/12 11:17:11 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011/06/12 11:17:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/06/12 11:17:11 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/06/12 11:17:11 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/06/12 11:17:11 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/06/12 11:17:10 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/06/12 11:17:10 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/06/12 11:17:10 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/06/12 11:17:09 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/06/12 11:17:09 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/06/12 11:17:09 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011/06/12 11:17:09 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/06/12 11:17:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/06/12 11:17:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/06/12 11:17:07 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/06/12 11:17:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/06/12 11:17:07 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/06/12 11:17:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/06/12 11:17:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011/06/12 11:17:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/06/12 11:17:06 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/06/12 11:17:06 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011/06/12 11:17:06 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/06/12 11:17:05 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/06/12 11:17:05 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/06/12 11:17:05 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/06/12 11:17:04 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/06/12 11:17:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/06/12 11:17:03 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/06/12 11:17:03 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/06/12 11:17:02 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/06/12 11:17:01 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/06/12 11:17:01 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011/06/12 11:17:00 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/06/12 11:17:00 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/06/12 11:16:59 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/06/12 11:16:59 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/06/12 11:16:59 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/12 11:16:59 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/06/12 11:16:59 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/06/12 11:16:58 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/06/12 11:16:58 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/06/12 11:16:58 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/06/12 11:16:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/06/12 11:16:57 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/06/12 11:16:57 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/06/12 11:16:57 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/06/12 11:16:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/06/12 11:16:56 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/06/12 11:16:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/06/12 11:16:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/06/12 11:16:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/06/12 11:16:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/06/12 11:16:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/06/12 11:16:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/06/12 11:16:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/06/12 11:16:54 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/06/12 11:16:54 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/06/12 11:16:54 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/06/12 11:16:54 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/06/12 11:16:53 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/06/12 11:16:53 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/06/12 11:16:53 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/06/12 11:16:53 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/06/12 11:16:53 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/06/12 11:16:53 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011/06/12 11:16:52 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/06/12 11:16:52 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/06/12 11:16:52 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/06/12 11:16:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/06/12 11:16:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011/06/12 11:16:50 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/06/12 11:16:50 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/06/12 11:16:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/06/12 11:16:50 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/06/12 11:16:50 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/06/12 11:16:49 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/06/12 11:16:49 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/06/12 11:16:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011/06/12 11:16:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/06/12 11:16:49 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/06/12 11:16:49 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/06/12 11:16:48 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/06/12 11:16:48 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/06/12 11:16:48 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/06/12 11:16:48 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/06/12 11:16:47 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/06/12 11:16:47 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/06/12 11:16:47 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/06/12 11:16:47 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/06/12 11:16:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/06/12 11:16:47 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/06/12 11:16:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/06/12 11:16:46 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/06/12 11:16:46 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/06/12 11:16:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011/06/12 11:16:45 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/06/12 11:16:45 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/06/12 11:16:45 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/06/12 11:16:44 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/06/12 11:16:44 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/06/12 11:16:44 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/06/12 11:16:43 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/06/12 11:16:43 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/06/12 11:16:43 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/06/12 11:16:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/06/12 11:16:43 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/06/12 11:16:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/06/12 11:16:42 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/06/12 11:16:42 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/06/12 11:16:42 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/06/12 11:16:42 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/06/12 11:16:42 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/06/12 11:16:41 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/06/12 11:16:41 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/06/12 11:16:41 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/06/12 11:16:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/06/12 11:16:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/06/12 11:16:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/06/12 11:16:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/06/12 11:16:40 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/06/12 11:16:40 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/06/12 11:16:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/06/12 11:16:39 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/06/12 11:16:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/06/12 11:16:38 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/06/12 11:16:38 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/06/12 11:16:38 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/06/12 11:16:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/06/12 11:16:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/06/12 11:16:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/06/12 11:16:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/06/12 11:16:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/06/12 11:16:36 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/06/12 11:16:36 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/06/12 11:16:36 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/06/12 11:16:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/06/12 11:16:35 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/06/12 11:16:35 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/06/12 11:16:35 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/06/12 11:16:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011/06/12 11:16:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/06/12 11:16:34 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/06/12 11:16:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/06/12 11:16:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/06/12 11:16:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/06/12 11:16:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/06/12 11:16:34 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/06/12 11:16:34 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/06/12 11:16:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/06/12 11:16:33 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011/06/12 11:16:33 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/06/12 11:16:33 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/12 11:16:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/06/12 11:16:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/06/12 11:16:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/06/12 11:16:33 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011/06/12 11:16:32 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/06/12 11:16:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/06/12 11:16:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/06/12 11:16:32 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/06/12 11:16:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/06/12 11:16:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011/06/12 11:16:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/06/12 11:16:31 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/06/12 11:16:30 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/06/12 11:16:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/06/12 11:16:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/06/12 11:16:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/06/12 11:16:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/06/12 11:16:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/06/12 11:16:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/06/12 11:16:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/06/12 11:16:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/06/12 11:16:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/06/12 11:16:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/06/12 11:16:27 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/06/12 11:16:26 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/06/12 11:16:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/06/12 11:16:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/06/12 11:16:24 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/06/12 11:16:09 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/06/12 11:16:06 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/06/12 11:16:06 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/06/12 11:15:56 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/06/12 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.1
[2011/06/11 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec
[2011/06/11 16:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2011/06/11 16:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2011/06/11 14:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2011/06/11 14:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/11 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/06/11 14:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/06/11 14:20:07 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\Visual Studio 2008
[2011/06/11 14:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011/06/11 14:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2011/06/11 12:50:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/06/10 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Notepad++
[2011/06/10 21:50:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/10 21:50:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/10 21:50:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/10 21:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/10 21:40:55 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/10 21:17:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/06/10 21:17:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/06/10 21:17:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/06/10 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Xenocode
[2011/06/10 20:41:11 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Smart_PC_Utilities,_Ltd
[2011/06/10 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\Smart PC Utilities
[2011/06/10 20:37:59 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Utilities
[2011/06/10 20:29:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/06/10 20:29:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/06/10 20:09:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/06/10 19:30:20 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Microsoft Help
[2011/06/10 18:25:21 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/10 18:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/10 18:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/10 18:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/10 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/10 17:51:45 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/06/10 17:51:45 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/06/10 17:51:44 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/06/10 17:51:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/06/10 17:51:44 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/06/10 17:51:44 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/06/10 17:51:44 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/06/10 17:51:44 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/06/10 17:51:44 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/06/10 17:51:44 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/06/10 17:51:44 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/06/10 17:51:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/06/10 17:51:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/06/10 17:51:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/06/10 17:51:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/06/10 17:51:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/06/10 17:49:11 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/06/10 17:48:26 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/06/10 17:47:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/10 17:47:07 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/10 17:46:27 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/06/10 17:46:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/06/10 17:46:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/06/10 17:46:26 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/06/10 17:45:20 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/10 17:45:19 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/10 17:45:19 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/10 17:45:18 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/10 17:43:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/06/10 17:42:44 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/06/10 17:42:44 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/06/10 17:41:51 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/06/10 17:41:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/06/10 17:41:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/06/10 17:41:23 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/06/10 17:41:23 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/06/10 17:41:23 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/06/10 17:41:23 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/06/10 17:40:10 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/06/10 17:40:10 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/06/10 17:39:01 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/06/10 17:38:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/06/10 17:38:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/06/10 17:37:35 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/06/10 17:36:47 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/06/10 17:36:47 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/06/10 17:36:01 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/06/10 17:34:54 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/06/10 17:34:08 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/06/10 17:34:08 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/06/10 17:34:07 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/06/10 17:32:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/06/10 17:31:04 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/06/10 17:28:39 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/06/10 17:28:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/06/10 17:15:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/06/10 17:12:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/06/10 17:12:09 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/06/10 17:12:09 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/06/10 17:11:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/06/10 17:11:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/06/10 17:10:18 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/06/10 17:10:18 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/06/10 17:10:18 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/06/10 17:10:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/06/10 17:10:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/06/10 17:10:17 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/06/10 17:10:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/06/10 17:10:17 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/06/10 17:10:17 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/06/10 17:09:02 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/06/10 17:09:02 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/06/10 17:09:01 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/06/10 17:09:01 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/06/10 17:06:53 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/06/10 17:06:01 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/06/10 17:04:52 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/06/10 17:04:21 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/06/10 17:04:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/06/10 17:04:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/06/10 17:04:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/06/10 17:01:46 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/06/10 17:00:53 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/06/10 17:00:53 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/06/10 17:00:53 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/06/10 17:00:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/06/10 17:00:14 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/06/10 17:00:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/06/10 17:00:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/06/10 17:00:13 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/06/10 17:00:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/06/10 16:59:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/06/10 16:59:35 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/06/10 16:59:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/06/10 16:59:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/06/10 16:59:35 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/06/10 16:59:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/06/10 16:59:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/06/10 16:57:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/06/10 16:57:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/06/10 16:56:40 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/06/10 16:55:52 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\WinRAR
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/10 16:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/10 16:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/06/10 15:52:29 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Adobe
[2011/06/10 15:23:28 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Seven Zip
[2011/06/10 15:20:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/06/10 14:30:41 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Malwarebytes
[2011/06/10 14:30:24 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/10 14:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/10 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/10 14:30:16 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/10 14:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/10 14:26:32 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/06/10 14:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/10 14:18:39 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/06/10 13:41:06 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Auslogics
[2011/06/10 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/10 13:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/06/10 13:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/06/10 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/10 13:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/10 13:12:06 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/10 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 13:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Random Password Generator
[2011/06/10 13:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/06/10 13:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2011/06/10 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\IObit
[2011/06/10 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Macromedia
[2011/06/10 12:48:52 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Adobe
[2011/06/10 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/10 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Deployment
[2011/06/10 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Apps
[2011/06/10 12:46:18 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/06/10 12:46:18 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/06/10 12:45:20 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/06/10 12:45:20 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/06/10 12:45:20 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/06/10 12:45:05 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/06/10 12:45:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/06/10 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Google
[2011/06/10 12:34:37 | 000,000,000 | ---D | C] -- C:\Users\user account\Documents\My Google Gadgets
[2011/06/10 12:34:35 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Google
[2011/06/10 12:34:34 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Toshiba
[2011/06/10 12:33:39 | 000,000,000 | R--D | C] -- C:\Users\user account\Searches
[2011/06/10 12:33:39 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/10 12:33:26 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Identities
[2011/06/10 12:33:23 | 000,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2011/06/10 12:33:19 | 000,000,000 | R--D | C] -- C:\Users\user account\Contacts
[2011/06/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\Jumpstart
[2011/06/10 12:33:09 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\VirtualStore
[2011/06/10 12:31:25 | 000,017,960 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[2011/06/10 12:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\Temporary Internet Files
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Templates
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Start Menu
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\SendTo
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Recent
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\PrintHood
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\NetHood
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Videos
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Pictures
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Documents\My Music
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\My Documents
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Local Settings
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\History
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Cookies
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\Application Data
[2011/06/10 12:28:40 | 000,000,000 | -HSD | C] -- C:\Users\user account\AppData\Local\Application Data
[2011/06/10 12:28:37 | 000,000,000 | --SD | C] -- C:\Users\user account\AppData\Roaming\Microsoft
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Videos
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Saved Games
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Pictures
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Music
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Links
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Favorites
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Downloads
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Desktop\Downloads
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Documents
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\Desktop
[2011/06/10 12:28:37 | 000,000,000 | R--D | C] -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/10 12:28:37 | 000,000,000 | -H-D | C] -- C:\Users\user account\AppData
[2011/06/10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Local\Microsoft
[2011/06/10 12:28:37 | 000,000,000 | ---D | C] -- C:\Users\user account\AppData\Roaming\Media Center Programs
[2011/06/10 12:17:17 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2011/06/10 12:17:17 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2011/06/10 12:17:17 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2011/06/10 12:17:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2011/06/10 12:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/06/10 12:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2011/06/10 12:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/06/10 12:16:16 | 000,279,376 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tos_sps32.sys
[2011/06/10 12:16:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/06/10 12:15:32 | 000,491,520 | ---- | C] (Toshiba Corporation) -- C:\Windows\System32\cselect.exe
[2011/06/10 12:15:32 | 000,106,496 | ---- | C] (Toshiba) -- C:\Windows\System32\tosmreg.exe
[2011/06/10 12:10:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011/06/10 12:10:11 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/06/10 12:10:10 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2011/06/10 12:10:10 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011/06/10 12:10:10 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011/06/10 12:10:10 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011/06/10 12:10:10 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011/06/10 12:10:09 | 006,037,504 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2011/06/10 12:10:09 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2011/06/10 12:10:09 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2011/06/10 12:10:09 | 000,694,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2011/06/10 12:10:09 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2011/06/10 12:10:09 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/06/10 12:10:09 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2011/06/10 12:10:09 | 000,140,288 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2011/06/10 12:10:09 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2011/06/10 12:10:09 | 000,031,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2011/06/10 12:09:34 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/06/10 12:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager
[2011/06/10 12:09:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\ENU
[2011/06/10 12:09:25 | 001,034,776 | ---- | C] (Intel Corporation) -- C:\Windows\System32\imsmudlg.exe
[2011/06/10 12:09:25 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/06/10 12:09:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/06/10 12:08:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/10 12:04:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/06/22 15:32:31 | 001,364,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/22 15:32:31 | 000,489,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/22 15:27:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 15:27:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 15:27:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/22 15:27:05 | 3082,805,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/21 21:52:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000UA.job
[2011/06/21 19:13:50 | 000,001,116 | ---- | M] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/19 12:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000Core.job
[2011/06/18 19:47:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/18 19:26:10 | 000,144,216 | ---- | M] () -- C:\Users\user account\Desktop\Champion Archer v1.0.rar
[2011/06/18 11:49:14 | 000,033,280 | ---- | M] () -- C:\Users\user account\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/18 08:25:06 | 000,014,746 | ---- | M] () -- C:\Users\user account\Documents\Key_button.jpeg
[2011/06/17 20:48:17 | 000,000,218 | ---- | M] () -- C:\Users\user account\.recently-used.xbel
[2011/06/17 17:06:19 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/16 17:46:12 | 000,044,742 | ---- | M] () -- C:\Users\user account\Desktop\StickRPG v2.0.rar
[2011/06/15 16:41:34 | 000,000,943 | ---- | M] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/14 19:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/06/13 22:06:46 | 000,321,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/13 16:35:14 | 000,205,043 | ---- | M] () -- C:\Users\user account\AppData\Local\debuggee.mdmp
[2011/06/10 21:40:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/10 21:40:44 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/10 21:40:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/10 21:40:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/10 17:51:45 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/06/10 17:51:45 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/06/10 17:51:44 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/06/10 17:51:44 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/06/10 17:51:44 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/06/10 17:51:44 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/06/10 17:51:44 | 000,201,184 | ---- | M] () -- C:\Windows\System32\winrm.vbs
[2011/06/10 17:51:44 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/06/10 17:51:44 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/06/10 17:51:44 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/06/10 17:51:44 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/06/10 17:51:44 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/06/10 17:51:44 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/06/10 17:51:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/06/10 17:51:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/06/10 17:51:44 | 000,004,675 | ---- | M] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/06/10 17:51:44 | 000,002,426 | ---- | M] () -- C:\Windows\System32\WsmTxt.xsl
[2011/06/10 17:51:44 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/06/10 17:51:43 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/06/10 17:49:11 | 001,696,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/06/10 17:48:26 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/06/10 17:47:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/10 17:47:07 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/06/10 17:46:27 | 000,292,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/06/10 17:46:27 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/06/10 17:46:26 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/06/10 17:46:26 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/06/10 17:45:20 | 000,180,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/10 17:45:19 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/10 17:45:19 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/10 17:45:18 | 002,452,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/06/10 17:43:11 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/06/10 17:42:44 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/06/10 17:42:44 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/06/10 17:41:51 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/06/10 17:41:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/06/10 17:41:51 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/06/10 17:41:23 | 000,177,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/06/10 17:41:23 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/06/10 17:40:10 | 003,602,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/06/10 17:40:10 | 003,550,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/06/10 17:39:01 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/06/10 17:38:37 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/06/10 17:38:10 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/06/10 17:37:35 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/06/10 17:36:48 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/06/10 17:36:47 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/06/10 17:36:01 | 000,867,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/06/10 17:34:54 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/06/10 17:34:08 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/06/10 17:34:08 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/06/10 17:34:07 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/06/10 17:32:34 | 008,147,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/06/10 17:31:04 | 000,317,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/06/10 17:28:39 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/06/10 17:28:15 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/06/10 17:15:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/06/10 17:12:37 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/06/10 17:12:09 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/06/10 17:12:09 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/06/10 17:11:39 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/06/10 17:11:39 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/06/10 17:10:18 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/06/10 17:10:18 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/06/10 17:10:18 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/06/10 17:10:18 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/06/10 17:10:18 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/06/10 17:10:17 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/06/10 17:10:17 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/06/10 17:10:17 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/06/10 17:10:17 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/06/10 17:09:02 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/06/10 17:09:02 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/06/10 17:09:02 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/06/10 17:06:53 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/06/10 17:06:01 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/06/10 17:04:53 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/06/10 17:04:21 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/06/10 17:04:20 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/06/10 17:04:20 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/06/10 17:01:46 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/06/10 17:00:54 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/06/10 17:00:53 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/06/10 17:00:53 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/06/10 17:00:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/06/10 17:00:14 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/06/10 17:00:13 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/06/10 17:00:13 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/06/10 17:00:13 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/06/10 17:00:13 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/06/10 17:00:13 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/06/10 16:59:35 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/06/10 16:59:35 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/06/10 16:59:35 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/06/10 16:59:35 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/06/10 16:59:35 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/06/10 16:59:35 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/06/10 16:59:35 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/06/10 16:57:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/06/10 16:57:13 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/06/10 16:56:40 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/06/10 16:55:52 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/06/10 14:20:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/10 12:55:39 | 001,214,976 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/06/10 12:48:22 | 000,002,044 | ---- | M] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 12:19:21 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/06/10 12:16:49 | 000,016,058 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/06/10 12:14:15 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_09115-EN_PSLB8E-16000.MRK
[2011/06/10 12:10:12 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/06/10 12:10:09 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/21 19:13:50 | 000,001,116 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/19 22:04:54 | 3082,805,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/18 19:39:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/18 19:39:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/18 19:39:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/18 19:39:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/18 19:39:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/18 12:54:20 | 000,144,216 | ---- | C] () -- C:\Users\user account\Desktop\Champion Archer v1.0.rar
[2011/06/18 08:25:08 | 000,014,746 | ---- | C] () -- C:\Users\user account\Documents\Key_button.jpeg
[2011/06/17 20:48:17 | 000,000,218 | ---- | C] () -- C:\Users\user account\.recently-used.xbel
[2011/06/16 17:46:02 | 000,044,742 | ---- | C] () -- C:\Users\user account\Desktop\StickRPG v2.0.rar
[2011/06/15 16:41:34 | 000,000,943 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/06/14 19:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/06/12 21:20:07 | 000,205,043 | ---- | C] () -- C:\Users\user account\AppData\Local\debuggee.mdmp
[2011/06/12 11:18:28 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/06/12 11:18:25 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/06/12 11:18:12 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/06/12 11:18:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/12 11:18:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/06/12 11:18:04 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/06/12 11:17:58 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/06/12 11:17:33 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/06/12 11:17:30 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/06/12 11:16:28 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/06/11 14:20:00 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
[2011/06/11 09:47:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/06/11 09:47:23 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/06/10 17:51:44 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/06/10 17:51:44 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/06/10 17:51:44 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/06/10 17:00:13 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/06/10 14:20:56 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/10 14:19:21 | 000,001,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/10 13:44:05 | 000,033,280 | ---- | C] () -- C:\Users\user account\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 13:08:43 | 000,029,520 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/06/10 13:08:43 | 000,016,184 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2011/06/10 12:48:21 | 000,002,044 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/10 12:47:38 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000UA.job
[2011/06/10 12:47:38 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1066838518-2351977147-4070543323-1000Core.job
[2011/06/10 12:33:42 | 000,000,954 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/06/10 12:33:38 | 000,000,949 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/06/10 12:33:18 | 000,000,920 | ---- | C] () -- C:\Users\user account\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/06/10 12:28:38 | 000,000,258 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/10 12:28:37 | 000,000,240 | ---- | C] () -- C:\Users\user account\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/10 12:16:49 | 000,016,058 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/06/10 12:15:32 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2011/06/10 12:15:32 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2011/06/10 12:15:32 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2011/06/10 12:15:32 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2011/06/10 12:14:15 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L300_09115-EN_PSLB8E-16000.MRK
[2011/06/10 12:10:30 | 000,000,553 | ---- | C] () -- C:\Windows\USetup.iss
[2008/08/07 17:29:47 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/07 17:15:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2008/08/07 17:15:10 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/08/07 17:15:08 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/08/07 17:15:07 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,321,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 001,346,238 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,479,506 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users