View Full Version : Win32/Rootkit.Agent.ODG trojan
quiestbml
2009-07-23, 20:49
If I click a search result in google, it redirects me to a spam/ads/questionablecontent page.
For instance, clicking a link to wikipedia (en.wikipedia.org) in google, redirects me to:
http://watertowerplaza.com/result.php?Keywords=wikipedia&r=1646af709b6cb6f0c7546cb37a850c806e3dcb4e6d486440e24e4cfb39e5b4139eb24b0ee7425a8cc939333c57c5ab1d&Submit=Go
Which then redirects me to:
http://scanriteweb.com/hitin.php?land=20&affid=07200
I assume this is being caused by the (I assume) trojan.
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:50 PM, on 7/23/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 4797 bytes
Hi,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
quiestbml
2009-07-24, 21:06
DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 13:48:13.06 on Fri 07/24/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Server® 2008 Standard 6.0.6002.2.1252.1.1033.18.2046.965 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k TabletInputServiceGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WlansvcGroup
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k WebClientGroup
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\svchost.exe -k tapisrv
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.bbc.co.uk/
uDefault_Page_URL = res://iesetup.dll/SoftAdmin.htm
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: disablecad = 1 (0x1)
DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
LSA: Notification Packages = scecli RASSFM
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\61dujzln.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\61dujzln.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-15 64160]
R0 storflt;Disk VMBUS Acceleration Filter Driver;c:\windows\system32\drivers\storflt.sys [2008-1-19 42440]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-4-9 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-4-9 93312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2009-7-17 27776]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys [2009-7-15 337216]
S0 sacdrv;sacdrv;c:\windows\system32\drivers\sacdrv.sys [2008-1-19 88632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-23 1153368]
S3 FCRegSvc;Microsoft Fibre Channel Platform Registration Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-19 21504]
S3 RSoPProv;Resultant Set of Policy Provider;c:\windows\system32\rsopprov.exe [2009-7-15 78336]
S3 sacsvr;Special Administration Console Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-19 21504]
S4 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2008-1-19 396288]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\qd26032.sys [2008-1-19 31232]
S4 s3cap;Microsoft Emulated S3 Device Cap Driver;c:\windows\system32\drivers\s3cap.sys [2008-1-19 15816]
S4 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2008-1-19 37320]
S4 vmbus;VMBus;c:\windows\system32\drivers\vmbus.sys [2008-1-19 185032]
=============== Created Last 30 ================
2009-07-23 15:06 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-07-23 12:58 318,976 a------- c:\windows\system32\cmd.execf
2009-07-23 12:52 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-23 12:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-23 12:52 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-23 12:51 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 06:17 <DIR> --d----- c:\users\admini~1\appdata\roaming\Malwarebytes
2009-07-23 06:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 06:16 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-23 06:16 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-23 06:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-23 06:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 23:20 <DIR> --d----- c:\programdata\ESET
2009-07-22 23:20 <DIR> --d----- c:\program files\ESET
2009-07-22 23:19 <DIR> --d----- c:\programdata\FLEXnet
2009-07-22 20:44 <DIR> --d----- c:\programdata\Adobe
2009-07-22 20:40 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-22 18:55 <DIR> --d----- c:\program files\Frameworkx
2009-07-22 13:40 644,907 a----r-- C:\crosshairs.zip
2009-07-22 02:12 6,665,497 a------- C:\GMIF.mp3
2009-07-22 02:09 <DIR> --d----- c:\users\admini~1\appdata\roaming\Orangeline Interactive
2009-07-22 02:09 <DIR> --d----- c:\program files\Citrus Alarm Clock
2009-07-21 00:47 36 a------- c:\windows\Remote Shutdown 2 Professional.xml
2009-07-20 23:41 <DIR> --d----- c:\users\admini~1\appdata\roaming\Auslogics
2009-07-20 23:39 <DIR> a-d----- c:\programdata\TEMP
2009-07-20 23:39 <DIR> --d----- c:\program files\Auslogics
2009-07-20 10:48 <DIR> --d----- c:\program files\iPod
2009-07-20 10:48 <DIR> --d----- c:\program files\iTunes
2009-07-18 23:01 <DIR> --d----- c:\programdata\Media Center Programs
2009-07-18 23:01 <DIR> --d----- c:\progra~2\Media Center Programs
2009-07-17 21:15 <DIR> --d----- c:\program files\PowerISO
2009-07-17 20:42 <DIR> --d----- c:\windows\system32\Adobe
2009-07-17 17:24 14,592 a------- c:\windows\system32\drivers\USBICP.sys
2009-07-17 17:24 27,776 a------- c:\windows\system32\drivers\habu.sys
2009-07-17 17:23 73,728 a------- c:\windows\system32\habu.cpl
2009-07-15 19:40 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-15 17:31 <DIR> --d----- c:\program files\Sierra
2009-07-15 13:59 <DIR> --d----- c:\programdata\Azureus
2009-07-15 13:59 <DIR> --d----- c:\progra~2\Azureus
2009-07-15 13:59 <DIR> --d----- c:\users\admini~1\appdata\roaming\Azureus
2009-07-15 13:59 <DIR> --d----- c:\program files\Vuze
2009-07-15 13:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-15 12:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-15 12:22 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-15 12:22 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:22 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:22 <DIR> --d----- c:\program files\Bonjour
2009-07-15 12:22 <DIR> --d----- c:\programdata\Apple Computer
2009-07-15 12:21 <DIR> --d----- c:\programdata\Apple
2009-07-15 12:21 <DIR> --d----- c:\users\administrator\Tracing
2009-07-15 11:12 <DIR> --d----- c:\program files\THQ
2009-07-15 10:51 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:51 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:51 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:51 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 10:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-15 10:51 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-15 10:51 828,416 a------- c:\windows\system32\wininet.dll
2009-07-15 10:51 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-15 10:51 623,616 a------- c:\windows\system32\localspl.dll
2009-07-15 10:51 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-15 05:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-15 05:23 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 05:23 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 05:22 <DIR> --d----- c:\programdata\Lavasoft
2009-07-15 05:22 <DIR> --d----- c:\program files\Lavasoft
2009-07-15 05:21 <DIR> --d----- c:\program files\CCleaner
2009-07-15 05:15 1,226,083 a------- C:\smod_testmap.vmf
2009-07-15 05:15 499,482 a------- C:\traincar.vmf
2009-07-15 05:15 75,235 a------- C:\Untitled - Textured Shaded.vmf
2009-07-15 05:15 19,029 a------- C:\teleporttest.vmf
2009-07-15 05:15 <DIR> --d----- C:\Brian's Backups
2009-07-15 05:14 <DIR> --d----- C:\Terminal Velocity
2009-07-15 05:09 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-15 04:52 146,432 a------- c:\windows\system32\APOMngr.DLL
2009-07-15 04:52 72,704 a------- c:\windows\system32\CmdRtr.DLL
2009-07-15 04:52 87 a---hr-- c:\windows\ctfile.rfc
2009-07-15 04:51 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-15 04:50 <DIR> --d----- c:\program files\Realtek
2009-07-15 04:50 <DIR> --d-h--- c:\program files\Temp
2009-07-15 04:04 <DIR> --d----- c:\programdata\ATI
2009-07-15 03:43 0 a------- c:\windows\ativpsrm.bin
2009-07-15 03:42 <DIR> --d----- c:\windows\twain_32
2009-07-15 03:39 442,368 a------- c:\windows\system32\joy.cpl
2009-07-15 03:39 1,696,256 a------- c:\windows\system32\gameux.dll
2009-07-15 03:37 <DIR> --dsh--- c:\windows\Installer
2009-07-15 03:37 <DIR> --d----- c:\program files\ATI
2009-07-15 03:37 83,479 a------- c:\windows\system32\wbem\ServiceModel.mof
2009-07-15 03:37 896 a------- c:\windows\system32\wbem\ServiceModel.mof.uninstall
2009-07-15 03:37 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-15 03:37 <DIR> --d----- c:\program files\ATI Technologies
2009-07-15 03:36 <DIR> --d----- C:\ATI
2009-07-15 03:28 <DIR> --d----- c:\programdata\NOS
2009-07-15 03:28 <DIR> --d----- c:\program files\Microsoft
2009-07-15 03:28 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-15 03:27 <DIR> --d----- c:\windows\PCHEALTH
2009-07-15 03:23 <DIR> --d----- c:\program files\Steam
2009-07-15 03:23 <DIR> --d----- c:\program files\common files\Steam
2009-07-15 03:21 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-15 03:07 <DIR> --d----- c:\users\admini~1\appdata\roaming\.purple
2009-07-15 03:06 <DIR> --d----- c:\program files\Pidgin
2009-07-15 03:06 <DIR> --d----- c:\program files\common files\GTK
2009-07-15 03:05 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-15 03:05 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-15 03:05 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-15 03:05 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-15 02:58 <DIR> --d----- c:\windows\system32\SPReview
2009-07-15 02:37 928,768 a------- c:\windows\system32\scavenge.dll
2009-07-15 02:36 57,856 a------- c:\windows\system32\compcln.exe
2009-07-15 02:34 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2009-07-15 02:33 485,888 a------- c:\windows\system32\evr.dll
2009-07-15 02:32 20,992 a------- c:\windows\system32\chglogon.exe
2009-07-15 02:31 759,296 a------- c:\windows\system32\ipsecsnp.dll
2009-07-15 02:30 90,112 a------- c:\windows\system32\wshext.dll
2009-07-15 02:18 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-15 02:13 <DIR> --d----- c:\windows\system32\wbem\Performance
2009-07-15 01:54 <DIR> --d----- c:\users\Administrator
2009-07-15 00:31 337,216 a------- c:\windows\system32\drivers\wg121nd5.sys
==================== Find3M ====================
2009-07-23 15:07 86,016 a------- c:\windows\inf\infstor.dat
2009-07-23 15:07 51,200 a------- c:\windows\inf\infpub.dat
2009-07-23 15:07 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-15 02:59 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-06 20:47 1,169,440 a------- c:\windows\system32\RtkPgExt.dll
2009-07-06 20:47 51,744 a------- c:\windows\system32\RtkCoInst.dll
2009-07-06 20:47 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-06 20:47 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-06 20:12 2,657,120 a------- c:\windows\system32\drivers\SETB612.tmp
2009-07-06 20:12 2,657,120 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-06-29 15:16 160,256 a------- c:\windows\system32\FMAPO.dll
2009-06-24 13:43 831,488 a------- c:\windows\RtlExUpd.dll
2009-06-04 07:37 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-04 07:37 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-15 23:24 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 23:24 335,872 a------- c:\windows\system32\atieclxx.exe
2009-05-15 23:23 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-05-15 23:22 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-05-15 23:22 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 23:22 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 23:22 11,776 a------- c:\windows\system32\atimuixx.dll
2009-05-15 23:22 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 23:19 2,411,008 a------- c:\windows\system32\atidxx32.dll
2009-05-15 23:08 3,064,832 a------- c:\windows\system32\atiumdag.dll
2009-05-15 22:53 2,847,744 a------- c:\windows\system32\atiumdva.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\atimpc32.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 22:41 172,032 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 22:40 11,376,640 a------- c:\windows\system32\atioglxx.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalrt.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalcl.dll
2009-05-15 21:59 3,174,400 a------- c:\windows\system32\aticaldd.dll
2009-05-05 15:33 118,784 a------- c:\windows\system32\atibtmon.exe
2008-01-19 07:41 174 a--sh--- c:\program files\desktop.ini
2008-01-19 07:29 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2008-01-19 07:29 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2008-01-19 07:29 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2008-01-19 07:29 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-19 07:24 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:50:13.19 ===============
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-24 14:00:55
Windows 6.0.6002 Service Pack 2
---- System - GMER 1.0.15 ----
Code 842204A0 ZwEnumerateKey
Code 842328D8 ZwFlushInstructionCache
Code 8421140E ZwSaveKey
Code 842204D6 ZwSaveKeyEx
Code 8421CCFD IofCallDriver
Code 8421C7CE IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 81A4C912 5 Bytes JMP 8421CD02
.text ntkrnlpa.exe!IofCompleteRequest 81A4C97F 5 Bytes JMP 8421C7D3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81BB7EF5 5 Bytes JMP 842328DC
PAGE ntkrnlpa.exe!ZwEnumerateKey 81C050BA 5 Bytes JMP 842204A4
PAGE ntkrnlpa.exe!ZwSaveKey 81C5A969 5 Bytes JMP 84211412
PAGE ntkrnlpa.exe!ZwSaveKeyEx 81C5AB07 5 Bytes JMP 842204DA
---- User code sections - GMER 1.0.15 ----
.text C:\Users\Administrator\Desktop\qjtms2m3.exe[704] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 0027000A
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[716] kernel32.dll!SetUnhandledExceptionFilter 762AA84F 4 Bytes [C2, 04, 00, 00]
.text C:\Windows\system32\lsm.exe[820] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 005E000A
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 0014000A
.text C:\Windows\system32\atiesrxx.exe[1220] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 003E000A
.text C:\Windows\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 007E000A
.text C:\Windows\system32\SLsvc.exe[1340] ntdll.dll!LdrLoadDll 77879390 5 Bytes JMP 0042000A
.text ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:388] 841BF790
---- EOF - GMER 1.0.15 ----
Hi,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Vuze
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).
Empty Recycle Bin.
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
quiestbml
2009-07-25, 01:07
I have never used Vuze to download illegal content. I use it to download independent, free films, and movie trailers in HD. I do this because torrents are very, very fast.
I do not participate in illegal file sharing - I have *more* than enough money to purchase things legally.
Combofix will not run on my computer - it is not compatible with Vista or Server 2008. I run server 2008.
quiestbml
2009-07-25, 01:23
However, after uninstalling Vuze, here is the new DDS log.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 18:10:22.91 on Fri 07/24/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Server® 2008 Standard 6.0.6002.2.1252.1.1033.18.2046.1109 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k TabletInputServiceGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k WlansvcGroup
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k WebClientGroup
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\System32\msdtc.exe
C:\Windows\System32\svchost.exe -k tapisrv
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.bbc.co.uk/
uDefault_Page_URL = res://iesetup.dll/SoftAdmin.htm
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Habu] c:\program files\razer\habu\razerhid.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mPolicies-explorer: ShowSuperHidden = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: disablecad = 1 (0x1)
DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} - hxxp://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
LSA: Notification Packages = scecli RASSFM
================= FIREFOX ===================
FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\61dujzln.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\61dujzln.default\extensions\glasser@sixxgate.com\components\dwmxpcom.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-15 64160]
R0 storflt;Disk VMBUS Acceleration Filter Driver;c:\windows\system32\drivers\storflt.sys [2008-1-19 42440]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-4-9 107256]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-5-15 176128]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-4-9 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-4-9 93312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2009-7-17 27776]
R3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;c:\windows\system32\drivers\wg121nd5.sys [2009-7-15 337216]
S0 sacdrv;sacdrv;c:\windows\system32\drivers\sacdrv.sys [2008-1-19 88632]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-23 1153368]
S3 FCRegSvc;Microsoft Fibre Channel Platform Registration Service;c:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted [2008-1-19 21504]
S3 RSoPProv;Resultant Set of Policy Provider;c:\windows\system32\rsopprov.exe [2009-7-15 78336]
S3 sacsvr;Special Administration Console Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-19 21504]
S4 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [2008-1-19 396288]
S4 ioatdma;Intel(R) QuickData Technology Device;c:\windows\system32\drivers\qd26032.sys [2008-1-19 31232]
S4 s3cap;Microsoft Emulated S3 Device Cap Driver;c:\windows\system32\drivers\s3cap.sys [2008-1-19 15816]
S4 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [2008-1-19 37320]
S4 vmbus;VMBus;c:\windows\system32\drivers\vmbus.sys [2008-1-19 185032]
=============== Created Last 30 ================
2009-07-23 15:06 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-07-23 12:58 318,976 a------- c:\windows\system32\cmd.execf
2009-07-23 12:52 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-07-23 12:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-23 12:52 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-23 12:51 <DIR> --d----- c:\program files\Trend Micro
2009-07-23 06:17 <DIR> --d----- c:\users\admini~1\appdata\roaming\Malwarebytes
2009-07-23 06:16 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 06:16 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-23 06:16 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-23 06:16 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-23 06:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 23:20 <DIR> --d----- c:\programdata\ESET
2009-07-22 23:20 <DIR> --d----- c:\program files\ESET
2009-07-22 23:19 <DIR> --d----- c:\programdata\FLEXnet
2009-07-22 20:44 <DIR> --d----- c:\programdata\Adobe
2009-07-22 20:40 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-22 18:55 <DIR> --d----- c:\program files\Frameworkx
2009-07-22 13:40 644,907 a----r-- C:\crosshairs.zip
2009-07-22 02:12 6,665,497 a------- C:\GMIF.mp3
2009-07-22 02:09 <DIR> --d----- c:\users\admini~1\appdata\roaming\Orangeline Interactive
2009-07-22 02:09 <DIR> --d----- c:\program files\Citrus Alarm Clock
2009-07-21 00:47 36 a------- c:\windows\Remote Shutdown 2 Professional.xml
2009-07-20 23:41 <DIR> --d----- c:\users\admini~1\appdata\roaming\Auslogics
2009-07-20 23:39 <DIR> a-d----- c:\programdata\TEMP
2009-07-20 23:39 <DIR> --d----- c:\program files\Auslogics
2009-07-20 10:48 <DIR> --d----- c:\program files\iPod
2009-07-20 10:48 <DIR> --d----- c:\program files\iTunes
2009-07-18 23:01 <DIR> --d----- c:\programdata\Media Center Programs
2009-07-18 23:01 <DIR> --d----- c:\progra~2\Media Center Programs
2009-07-17 21:15 <DIR> --d----- c:\program files\PowerISO
2009-07-17 20:42 <DIR> --d----- c:\windows\system32\Adobe
2009-07-17 17:24 14,592 a------- c:\windows\system32\drivers\USBICP.sys
2009-07-17 17:24 27,776 a------- c:\windows\system32\drivers\habu.sys
2009-07-17 17:23 73,728 a------- c:\windows\system32\habu.cpl
2009-07-15 19:40 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-07-15 17:31 <DIR> --d----- c:\program files\Sierra
2009-07-15 13:59 <DIR> --d----- c:\programdata\Azureus
2009-07-15 13:59 <DIR> --d----- c:\progra~2\Azureus
2009-07-15 13:59 <DIR> --d----- c:\users\admini~1\appdata\roaming\Azureus
2009-07-15 13:59 <DIR> --d----- c:\program files\Vuze
2009-07-15 13:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-15 12:22 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-15 12:22 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-15 12:22 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:22 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-15 12:22 <DIR> --d----- c:\program files\Bonjour
2009-07-15 12:22 <DIR> --d----- c:\programdata\Apple Computer
2009-07-15 12:21 <DIR> --d----- c:\programdata\Apple
2009-07-15 12:21 <DIR> --d----- c:\users\administrator\Tracing
2009-07-15 11:12 <DIR> --d----- c:\program files\THQ
2009-07-15 10:51 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 10:51 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 10:51 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 10:51 23,552 a------- c:\windows\system32\lpk.dll
2009-07-15 10:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-15 10:51 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-07-15 10:51 828,416 a------- c:\windows\system32\wininet.dll
2009-07-15 10:51 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-15 10:51 623,616 a------- c:\windows\system32\localspl.dll
2009-07-15 10:51 2,034,688 a------- c:\windows\system32\win32k.sys
2009-07-15 05:24 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-15 05:23 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 05:23 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 05:22 <DIR> --d----- c:\programdata\Lavasoft
2009-07-15 05:22 <DIR> --d----- c:\program files\Lavasoft
2009-07-15 05:21 <DIR> --d----- c:\program files\CCleaner
2009-07-15 05:15 1,226,083 a------- C:\smod_testmap.vmf
2009-07-15 05:15 499,482 a------- C:\traincar.vmf
2009-07-15 05:15 75,235 a------- C:\Untitled - Textured Shaded.vmf
2009-07-15 05:15 19,029 a------- C:\teleporttest.vmf
2009-07-15 05:15 <DIR> --d----- C:\Brian's Backups
2009-07-15 05:14 <DIR> --d----- C:\Terminal Velocity
2009-07-15 05:09 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-15 04:52 146,432 a------- c:\windows\system32\APOMngr.DLL
2009-07-15 04:52 72,704 a------- c:\windows\system32\CmdRtr.DLL
2009-07-15 04:52 87 a---hr-- c:\windows\ctfile.rfc
2009-07-15 04:51 319,456 a------- c:\windows\DIFxAPI.dll
2009-07-15 04:50 <DIR> --d----- c:\program files\Realtek
2009-07-15 04:50 <DIR> --d-h--- c:\program files\Temp
2009-07-15 04:04 <DIR> --d----- c:\programdata\ATI
2009-07-15 03:43 0 a------- c:\windows\ativpsrm.bin
2009-07-15 03:42 <DIR> --d----- c:\windows\twain_32
2009-07-15 03:39 442,368 a------- c:\windows\system32\joy.cpl
2009-07-15 03:39 1,696,256 a------- c:\windows\system32\gameux.dll
2009-07-15 03:37 <DIR> --dsh--- c:\windows\Installer
2009-07-15 03:37 <DIR> --d----- c:\program files\ATI
2009-07-15 03:37 83,479 a------- c:\windows\system32\wbem\ServiceModel.mof
2009-07-15 03:37 896 a------- c:\windows\system32\wbem\ServiceModel.mof.uninstall
2009-07-15 03:37 <DIR> --d----- c:\windows\system32\XPSViewer
2009-07-15 03:37 <DIR> --d----- c:\program files\ATI Technologies
2009-07-15 03:36 <DIR> --d----- C:\ATI
2009-07-15 03:28 <DIR> --d----- c:\programdata\NOS
2009-07-15 03:28 <DIR> --d----- c:\program files\Microsoft
2009-07-15 03:28 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-15 03:27 <DIR> --d----- c:\windows\PCHEALTH
2009-07-15 03:23 <DIR> --d----- c:\program files\Steam
2009-07-15 03:23 <DIR> --d----- c:\program files\common files\Steam
2009-07-15 03:21 <DIR> --d----- c:\program files\common files\Windows Live
2009-07-15 03:07 <DIR> --d----- c:\users\admini~1\appdata\roaming\.purple
2009-07-15 03:06 <DIR> --d----- c:\program files\Pidgin
2009-07-15 03:06 <DIR> --d----- c:\program files\common files\GTK
2009-07-15 03:05 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-07-15 03:05 83,456 a------- c:\windows\system32\wudriver.dll
2009-07-15 03:05 162,064 a------- c:\windows\system32\wuwebv.dll
2009-07-15 03:05 31,232 a------- c:\windows\system32\wuapp.exe
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-15 02:59 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-15 02:58 <DIR> --d----- c:\windows\system32\SPReview
2009-07-15 02:37 928,768 a------- c:\windows\system32\scavenge.dll
2009-07-15 02:36 57,856 a------- c:\windows\system32\compcln.exe
2009-07-15 02:34 526,336 a------- c:\windows\system32\RMActivate_isv.exe
2009-07-15 02:33 485,888 a------- c:\windows\system32\evr.dll
2009-07-15 02:32 20,992 a------- c:\windows\system32\chglogon.exe
2009-07-15 02:31 759,296 a------- c:\windows\system32\ipsecsnp.dll
2009-07-15 02:30 90,112 a------- c:\windows\system32\wshext.dll
2009-07-15 02:18 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-15 02:13 <DIR> --d----- c:\windows\system32\wbem\Performance
2009-07-15 01:54 <DIR> --d----- c:\users\Administrator
2009-07-15 00:31 337,216 a------- c:\windows\system32\drivers\wg121nd5.sys
==================== Find3M ====================
2009-07-23 15:07 86,016 a------- c:\windows\inf\infstor.dat
2009-07-23 15:07 51,200 a------- c:\windows\inf\infpub.dat
2009-07-23 15:07 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-15 02:59 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-06 20:47 1,169,440 a------- c:\windows\system32\RtkPgExt.dll
2009-07-06 20:47 51,744 a------- c:\windows\system32\RtkCoInst.dll
2009-07-06 20:47 326,176 a------- c:\windows\system32\RtkApoApi.dll
2009-07-06 20:47 2,898,464 a------- c:\windows\system32\RtkAPO.dll
2009-07-06 20:12 2,657,120 a------- c:\windows\system32\drivers\SETB612.tmp
2009-07-06 20:12 2,657,120 a------- c:\windows\system32\drivers\RTKVHDA.sys
2009-06-29 15:16 160,256 a------- c:\windows\system32\FMAPO.dll
2009-06-24 13:43 831,488 a------- c:\windows\RtlExUpd.dll
2009-06-04 07:37 348,160 a------- c:\windows\system32\msvcr71.dll
2009-06-04 07:37 499,712 a------- c:\windows\system32\msvcp71.dll
2009-05-15 23:24 442,368 a------- c:\windows\system32\ATIDEMGX.dll
2009-05-15 23:24 335,872 a------- c:\windows\system32\atieclxx.exe
2009-05-15 23:23 176,128 a------- c:\windows\system32\atiesrxx.exe
2009-05-15 23:22 159,744 a------- c:\windows\system32\atitmmxx.dll
2009-05-15 23:22 356,352 a------- c:\windows\system32\atipdlxx.dll
2009-05-15 23:22 278,528 a------- c:\windows\system32\Oemdspif.dll
2009-05-15 23:22 11,776 a------- c:\windows\system32\atimuixx.dll
2009-05-15 23:22 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-05-15 23:19 2,411,008 a------- c:\windows\system32\atidxx32.dll
2009-05-15 23:08 3,064,832 a------- c:\windows\system32\atiumdag.dll
2009-05-15 22:53 2,847,744 a------- c:\windows\system32\atiumdva.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\atimpc32.dll
2009-05-15 22:42 51,712 a------- c:\windows\system32\amdpcom32.dll
2009-05-15 22:41 172,032 a------- c:\windows\system32\atiadlxx.dll
2009-05-15 22:40 11,376,640 a------- c:\windows\system32\atioglxx.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalrt.dll
2009-05-15 22:00 53,248 a------- c:\windows\system32\aticalcl.dll
2009-05-15 21:59 3,174,400 a------- c:\windows\system32\aticaldd.dll
2009-05-05 15:33 118,784 a------- c:\windows\system32\atibtmon.exe
2008-01-19 07:41 174 a--sh--- c:\program files\desktop.ini
2008-01-19 07:29 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2008-01-19 07:29 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2008-01-19 07:29 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2008-01-19 07:29 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-01-19 07:24 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 18:13:14.92 ===============
Hi,
Let's use other tool then.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
quiestbml
2009-07-25, 16:12
OTL logfile created on: 7/25/2009 9:07:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.16% Memory free
4.00 Gb Paging File | 3.28 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 104.20 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.84 Gb Total Space | 1.46 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-7M4XLFMC8TB
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Razer\Habu\razerhid.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Razer\Habu\razertra.exe ()
PRC - C:\Program Files\Razer\Habu\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AMD External Events Utility [Auto | Running]) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EventLog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FCRegSvc [On_Demand | Stopped]) -- C:\Windows\System32\FCRegSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\Windows\System32\RSoPProv.exe (Microsoft Corporation)
SRV - (sacsvr [On_Demand | Stopped]) -- C:\Windows\System32\sacsvr.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Stopped]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (b06bdrv [Disabled | Stopped]) -- C:\Windows\system32\drivers\bxvbdx.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HabuFltr [On_Demand | Running]) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ioatdma [Disabled | Stopped]) -- C:\Windows\system32\drivers\qd26032.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (s3cap [Disabled | Stopped]) -- C:\Windows\system32\drivers\s3cap.sys (Microsoft Corporation)
DRV - (sacdrv [Boot | Stopped]) -- C:\Windows\system32\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\drivers\storflt.sys (Microsoft Corporation)
DRV - (storvsc [Disabled | Stopped]) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [Disabled | Stopped]) -- C:\Windows\system32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [Disabled | Stopped]) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wg121 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wg121nd5.sys (NETGEAR, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.5.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/24 18:11:52 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/15 03:09:30 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009/07/15 03:10:42 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\glasser@sixxgate.com
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\locationbar2@design-noir.de
[2009/07/15 03:08:48 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\rein@notiz.jp
[2009/07/24 18:11:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/19 11:35:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/23 12:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/19 11:35:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/19 11:35:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/19 11:35:50 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (1243 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell - "" = AutoRun
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRunCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/25 09:05:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/24 22:10:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009/07/24 21:14:54 | 00,020,968 | ---- | C] () -- C:\Users\Administrator\Desktop\E6300.jpg
[2009/07/24 18:13:47 | 00,044,365 | ---- | C] () -- C:\Users\Administrator\Desktop\166i3pe.jpg
[2009/07/24 14:05:58 | 00,002,907 | ---- | C] () -- C:\Users\Administrator\Desktop\Attach.zip
[2009/07/23 15:22:09 | 00,004,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 15:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/07/23 13:23:08 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/07/23 13:10:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\antimalware
[2009/07/23 12:58:24 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/23 12:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/23 12:33:26 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/23 12:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/23 06:40:17 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET
[2009/07/23 06:17:08 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/23 06:16:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/23 06:16:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/23 06:16:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/23 06:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/22 23:19:22 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/07/22 20:44:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/22 20:44:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/07/22 20:42:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2009/07/22 20:40:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/07/22 20:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/07/22 19:01:42 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Download Manager
[2009/07/22 19:01:33 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/07/22 18:56:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Frameworkx.com
[2009/07/22 18:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2009/07/22 13:40:42 | 00,644,907 | R--- | C] () -- C:\crosshairs.zip
[2009/07/22 02:12:10 | 06,665,497 | ---- | C] () -- C:\GMIF.mp3
[2009/07/22 02:09:51 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Orangeline Interactive
[2009/07/22 02:09:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Orangeline_Interactive
[2009/07/22 02:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Citrus Alarm Clock
[2009/07/21 00:47:34 | 00,000,036 | ---- | C] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:41:09 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2009/07/20 23:39:23 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/07/20 23:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/20 23:28:13 | 00,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/20 10:48:40 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 10:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 10:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/19 16:49:26 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/07/18 23:55:50 | 00,001,051 | ---- | C] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/18 23:05:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Received Files
[2009/07/18 23:01:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/07/18 22:38:52 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/07/17 22:32:36 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\My Games
[2009/07/17 22:08:00 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2009/07/17 22:06:42 | 00,000,000 | RH-D | C] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/07/17 21:37:59 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/07/17 21:37:59 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/07/17 21:37:59 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/07/17 21:37:59 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/07/17 21:37:59 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/07/17 21:37:59 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/07/17 21:37:59 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/07/17 21:37:58 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/07/17 21:37:58 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/07/17 21:37:58 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/07/17 21:37:58 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/07/17 21:37:58 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/07/17 21:37:58 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/07/17 21:37:57 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/07/17 21:37:57 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/07/17 21:37:57 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/07/17 21:37:57 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/07/17 21:37:57 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/07/17 21:37:57 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/07/17 21:37:56 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/07/17 21:37:56 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/07/17 21:37:56 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/07/17 21:37:56 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/07/17 21:37:56 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/07/17 21:37:56 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/07/17 21:37:56 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/07/17 21:37:55 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/07/17 21:37:55 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/07/17 21:37:54 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/07/17 21:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009/07/17 21:11:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2009/07/17 21:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/17 20:42:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009/07/17 17:24:03 | 00,014,592 | ---- | C] (Motorola) -- C:\Windows\System32\drivers\USBICP.sys
[2009/07/17 17:24:00 | 00,027,776 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\System32\drivers\habu.sys
[2009/07/17 17:23:59 | 00,073,728 | ---- | C] (Razer Inc.) -- C:\Windows\System32\habu.cpl
[2009/07/17 17:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Razer
[2009/07/17 17:23:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2009/07/16 22:39:54 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/15 19:40:29 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 17:36:44 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2009/07/15 17:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra
[2009/07/15 13:59:43 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Azureus Downloads
[2009/07/15 13:59:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2009/07/15 13:59:37 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2009/07/15 13:59:15 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/07/15 13:43:35 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2009/07/15 12:22:46 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/15 12:22:46 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/15 12:22:37 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/15 12:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/15 12:21:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2009/07/15 12:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/07/15 11:24:14 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/07/15 11:24:14 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/07/15 11:24:14 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/07/15 11:24:13 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/07/15 11:24:13 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/07/15 11:24:13 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/07/15 11:24:13 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/07/15 11:24:13 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/07/15 11:24:13 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/07/15 11:24:13 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/07/15 11:24:09 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/07/15 11:24:09 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/07/15 11:24:09 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/07/15 11:24:09 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/07/15 11:24:09 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/07/15 11:24:09 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/07/15 11:24:09 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/07/15 11:24:09 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/07/15 11:24:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/07/15 11:24:01 | 00,002,092 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/07/15 10:51:55 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 10:51:55 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 10:51:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 10:51:55 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/15 10:51:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/15 10:51:54 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/15 10:51:52 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/15 10:51:51 | 01,167,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/15 10:51:50 | 00,828,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/15 10:51:50 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/15 10:51:49 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/15 10:51:48 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/15 05:31:20 | 02,892,089 | ---- | C] () -- C:\Users\Administrator\Documents\DSC00031.JPG
[2009/07/15 05:30:33 | 00,032,256 | ---- | C] () -- C:\Users\Administrator\Documents\annotatedbib - International Courts.doc
[2009/07/15 05:30:31 | 00,015,983 | ---- | C] () -- C:\Users\Administrator\Documents\A MANIFESTO OF DIRECTIONIST ARCHITECTURE.docx
[2009/07/15 05:24:39 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/15 05:24:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/15 05:24:20 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/07/15 05:23:02 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/15 05:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/15 05:17:22 | 00,173,657 | ---- | C] () -- C:\sfdeco.vmf
[2009/07/15 05:17:21 | 05,748,610 | ---- | C] () -- C:\sf_waterworks.vmf
[2009/07/15 05:17:21 | 05,655,566 | ---- | C] () -- C:\sf_romanbugfix.vmf
[2009/07/15 05:17:21 | 00,422,612 | ---- | C] () -- C:\sf_islamic.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo_b1.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo.vmf
[2009/07/15 05:17:20 | 01,343,638 | ---- | C] () -- C:\sf_bloxs_beta1.vmf
[2009/07/15 05:17:19 | 13,151,375 | ---- | C] () -- C:\secondaxisdark.psd
[2009/07/15 05:17:18 | 16,234,127 | ---- | C] () -- C:\secondaxiscards.psd
[2009/07/15 05:17:18 | 02,371,858 | ---- | C] () -- C:\secondaxis.psd
[2009/07/15 05:17:17 | 07,759,936 | ---- | C] () -- C:\romanice.vmf
[2009/07/15 05:17:17 | 02,280,036 | ---- | C] () -- C:\sample.mp3
[2009/07/15 05:17:17 | 00,403,256 | ---- | C] () -- C:\Sam_11_8_2008@13_55_33.wav
[2009/07/15 05:17:16 | 07,759,936 | ---- | C] () -- C:\roman.vmf
[2009/07/15 05:17:16 | 07,146,335 | ---- | C] () -- C:\naziarch.vmf
[2009/07/15 05:17:16 | 01,023,571 | ---- | C] () -- C:\gm_snowstruct_d.vmf
[2009/07/15 05:17:16 | 00,795,236 | ---- | C] () -- C:\mystsample.mp3
[2009/07/15 05:17:16 | 00,206,362 | ---- | C] () -- C:\resume.psd
[2009/07/15 05:17:16 | 00,039,659 | ---- | C] () -- C:\korean.vmf
[2009/07/15 05:17:16 | 00,038,123 | ---- | C] () -- C:\modernflagpedistal.vmf
[2009/07/15 05:17:16 | 00,005,099 | ---- | C] () -- C:\protector.vmf
[2009/07/15 05:17:15 | 01,369,361 | ---- | C] () -- C:\gm_snowstruct2_d.vmf
[2009/07/15 05:17:15 | 01,005,997 | ---- | C] () -- C:\city.vmf
[2009/07/15 05:17:15 | 00,195,187 | ---- | C] () -- C:\baths.vmf
[2009/07/15 05:17:15 | 00,103,396 | ---- | C] () -- C:\civildefense.vmf
[2009/07/15 05:17:15 | 00,018,984 | ---- | C] () -- C:\ClassicRomanCaps.ttf
[2009/07/15 05:17:15 | 00,000,000 | ---D | C] -- C:\Serbia Project
[2009/07/15 05:17:01 | 00,000,000 | ---D | C] -- C:\pastori
[2009/07/15 05:15:07 | 01,226,083 | ---- | C] () -- C:\smod_testmap.vmf
[2009/07/15 05:15:07 | 00,499,482 | ---- | C] () -- C:\traincar.vmf
[2009/07/15 05:15:07 | 00,075,235 | ---- | C] () -- C:\Untitled - Textured Shaded.vmf
[2009/07/15 05:15:07 | 00,019,029 | ---- | C] () -- C:\teleporttest.vmf
[2009/07/15 05:15:07 | 00,000,000 | ---D | C] -- C:\Brian's Backups
[2009/07/15 05:14:21 | 00,000,000 | ---D | C] -- C:\Terminal Velocity
[2009/07/15 05:09:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/07/15 04:52:02 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/07/15 04:52:02 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/07/15 04:52:01 | 00,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:50:59 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/07/15 04:50:59 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/07/15 04:50:58 | 00,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/15 04:50:58 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/07/15 04:50:58 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/07/15 04:50:58 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/07/15 04:50:57 | 02,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/15 04:50:57 | 02,657,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/15 04:50:57 | 01,169,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/15 04:50:57 | 00,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/15 04:50:57 | 00,051,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2009/07/15 04:50:55 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/07/15 04:50:55 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/07/15 04:50:55 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/07/15 04:50:54 | 00,160,256 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2009/07/15 04:50:54 | 00,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2009/07/15 04:50:54 | 00,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2009/07/15 04:50:54 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/07/15 04:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/07/15 04:50:49 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/07/15 04:50:49 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/07/15 04:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/07/15 03:46:41 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/07/15 03:43:53 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:43:37 | 21,459,68128 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Windows\twain_32
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Photo Gallery
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Calendar
[2009/07/15 03:39:35 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2009/07/15 03:39:32 | 01,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/07/15 03:37:59 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/07/15 03:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/15 03:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/07/15 03:36:54 | 00,000,000 | ---D | C] -- C:\ATI
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/07/15 03:28:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/07/15 03:28:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/15 03:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/15 03:28:17 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/07/15 03:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/15 03:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/15 03:27:34 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/07/15 03:23:09 | 00,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/07/15 03:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/15 03:08:22 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2009/07/15 03:07:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\.purple
[2009/07/15 03:06:56 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/07/15 03:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/07/15 03:06:22 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/15 03:05:48 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/07/15 03:05:48 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/07/15 03:05:48 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/07/15 03:05:48 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/07/15 03:05:42 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/07/15 03:05:42 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/07/15 03:05:42 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/07/15 03:05:39 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/07/15 03:05:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/07/15 02:58:11 | 01,759,945 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/15 02:58:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/07/15 02:37:05 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/07/15 02:36:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/07/15 02:35:02 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/07/15 02:35:02 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/07/15 02:35:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/15 02:35:01 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/07/15 02:35:01 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/15 02:35:01 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwServiceExt.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwSceExt.dll
[2009/07/15 02:35:01 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwRegistryExt.dll
[2009/07/15 02:35:01 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCWViewer.exe
[2009/07/15 02:35:00 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/07/15 02:35:00 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsopprov.exe
[2009/07/15 02:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/07/15 02:34:59 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/07/15 02:34:59 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/07/15 02:34:59 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/07/15 02:34:59 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/07/15 02:34:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/07/15 02:34:59 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
quiestbml
2009-07-25, 16:14
[2009/07/15 02:34:59 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/07/15 02:34:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2009/07/15 02:34:58 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/15 02:34:58 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/07/15 02:34:58 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/07/15 02:34:58 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/07/15 02:34:58 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/07/15 02:34:57 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCW.exe
[2009/07/15 02:34:57 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengf.dll
[2009/07/15 02:34:57 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwFirewallExt.dll
[2009/07/15 02:34:57 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/07/15 02:34:57 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengb.dll
[2009/07/15 02:34:57 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/07/15 02:34:57 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwcmd.exe
[2009/07/15 02:34:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwAuditExt.dll
[2009/07/15 02:34:57 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwhlp.dll
[2009/07/15 02:34:57 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scss.exe
[2009/07/15 02:34:57 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scshost.exe
[2009/07/15 02:34:56 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/07/15 02:34:56 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/07/15 02:34:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/15 02:34:54 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/07/15 02:34:54 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/07/15 02:34:54 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/07/15 02:34:53 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/07/15 02:34:53 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/15 02:34:53 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/07/15 02:34:51 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/07/15 02:34:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/07/15 02:34:50 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/15 02:34:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/07/15 02:34:49 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/07/15 02:34:49 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/07/15 02:34:49 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/15 02:34:49 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/07/15 02:34:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/07/15 02:34:49 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/07/15 02:34:49 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/07/15 02:34:49 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/15 02:34:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/07/15 02:34:49 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/07/15 02:34:48 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/07/15 02:34:48 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/07/15 02:34:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/07/15 02:34:48 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/07/15 02:34:48 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/15 02:34:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/15 02:34:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/07/15 02:34:46 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/07/15 02:34:45 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/15 02:34:45 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/15 02:34:45 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/07/15 02:34:44 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/07/15 02:34:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/07/15 02:34:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/07/15 02:34:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/07/15 02:34:43 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/15 02:34:43 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/15 02:34:41 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/15 02:34:41 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2009/07/15 02:34:38 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/15 02:34:38 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/07/15 02:34:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/07/15 02:34:37 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/07/15 02:34:37 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/15 02:34:36 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/07/15 02:34:36 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/07/15 02:34:36 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/15 02:34:36 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/07/15 02:34:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/07/15 02:34:36 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/07/15 02:34:35 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/07/15 02:34:35 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/07/15 02:34:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/15 02:34:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/15 02:34:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/07/15 02:34:32 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/15 02:34:32 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/15 02:34:32 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/07/15 02:34:31 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/07/15 02:34:31 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/07/15 02:34:31 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/07/15 02:34:31 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/07/15 02:34:31 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/07/15 02:34:31 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/07/15 02:34:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/15 02:34:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/07/15 02:34:30 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/07/15 02:34:30 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/07/15 02:34:30 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/07/15 02:34:30 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/07/15 02:34:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasuser.dll
[2009/07/15 02:34:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/07/15 02:34:30 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/07/15 02:34:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/07/15 02:34:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/07/15 02:34:29 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/15 02:34:29 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/07/15 02:34:29 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/15 02:34:29 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/07/15 02:34:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/07/15 02:34:29 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/15 02:34:29 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/15 02:34:28 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/07/15 02:34:28 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2009/07/15 02:34:28 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/07/15 02:34:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2009/07/15 02:34:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/07/15 02:34:28 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/07/15 02:34:28 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/07/15 02:34:28 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/07/15 02:34:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/07/15 02:34:27 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/15 02:34:27 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/07/15 02:34:27 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2009/07/15 02:34:27 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/07/15 02:34:27 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/07/15 02:34:27 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2009/07/15 02:34:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/07/15 02:34:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/07/15 02:34:27 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/15 02:34:26 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/07/15 02:34:26 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/15 02:34:26 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/07/15 02:34:26 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/15 02:34:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/15 02:34:25 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/15 02:34:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/07/15 02:34:22 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/07/15 02:34:21 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/07/15 02:34:21 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/07/15 02:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/07/15 02:34:20 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/07/15 02:34:20 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/07/15 02:34:19 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/07/15 02:34:16 | 00,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerUnifiedOptin.dll
[2009/07/15 02:34:16 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerWerOptinGui.dll
[2009/07/15 02:34:16 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/15 02:34:16 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerCeipOptinGui.dll
[2009/07/15 02:34:13 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/15 02:34:13 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/07/15 02:34:12 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/07/15 02:34:12 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/07/15 02:34:11 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/15 02:34:11 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/07/15 02:34:11 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SeVA.dll
[2009/07/15 02:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/07/15 02:34:04 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/07/15 02:34:04 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/07/15 02:34:02 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/15 02:34:02 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/07/15 02:34:02 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapahost.dll
[2009/07/15 02:34:02 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/07/15 02:34:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/07/15 02:34:00 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/15 02:34:00 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/07/15 02:34:00 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapa3hst.dll
[2009/07/15 02:34:00 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/07/15 02:34:00 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapacfg.dll
[2009/07/15 02:34:00 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/07/15 02:34:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/15 02:33:59 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/07/15 02:33:59 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/07/15 02:33:59 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/07/15 02:33:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/07/15 02:33:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/07/15 02:33:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/07/15 02:33:58 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/15 02:33:58 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/07/15 02:33:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\escUnattend.exe
[2009/07/15 02:33:57 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2009/07/15 02:33:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/15 02:33:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/07/15 02:33:55 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/15 02:33:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 02:33:55 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/07/15 02:33:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/07/15 02:33:55 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EscMigPlugin.dll
[2009/07/15 02:33:54 | 00,355,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskshadow.exe
[2009/07/15 02:33:54 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/07/15 02:33:54 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/15 02:33:54 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/07/15 02:33:54 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/07/15 02:33:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/07/15 02:33:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/07/15 02:33:53 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/15 02:33:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/07/15 02:33:52 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/15 02:33:51 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/15 02:33:51 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/07/15 02:33:51 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/07/15 02:33:51 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/07/15 02:33:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/07/15 02:33:51 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/07/15 02:33:50 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/07/15 02:33:50 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/07/15 02:33:50 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/15 02:33:49 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/15 02:33:49 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/15 02:33:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/07/15 02:33:48 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/15 02:33:48 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/07/15 02:33:48 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/07/15 02:33:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/07/15 02:33:48 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/07/15 02:33:46 | 00,637,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2009/07/15 02:33:46 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/07/15 02:33:46 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/07/15 02:33:46 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/07/15 02:33:46 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/15 02:33:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/07/15 02:33:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/07/15 02:33:46 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/07/15 02:33:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/15 02:33:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/15 02:33:46 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/07/15 02:33:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/07/15 02:33:45 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/07/15 02:33:45 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/07/15 02:33:45 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/07/15 02:33:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/07/15 02:33:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/07/15 02:33:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/07/15 02:33:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/07/15 02:33:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/07/15 02:33:44 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/15 02:33:44 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FCMgrDLL.dll
[2009/07/15 02:33:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/07/15 02:33:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/07/15 02:33:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/07/15 02:33:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/07/15 02:33:43 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/07/15 02:33:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/07/15 02:33:43 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/07/15 02:33:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/07/15 02:33:43 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/07/15 02:33:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/07/15 02:33:42 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/15 02:33:35 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/07/15 02:33:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/07/15 02:33:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/07/15 02:33:33 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/07/15 02:33:33 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/07/15 02:33:33 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/07/15 02:33:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/15 02:33:32 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/15 02:33:32 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/07/15 02:33:32 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/07/15 02:33:31 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/07/15 02:33:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/07/15 02:33:31 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/15 02:33:31 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/07/15 02:33:31 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/07/15 02:33:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/07/15 02:33:31 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 02:33:30 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/07/15 02:33:30 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/07/15 02:33:30 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/07/15 02:33:30 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/07/15 02:33:30 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avolprop.dll
[2009/07/15 02:33:27 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/15 02:33:24 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll.old
[2009/07/15 02:33:24 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/07/15 02:33:24 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/07/15 02:33:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/07/15 02:33:23 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/07/15 02:33:23 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/07/15 02:33:23 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/07/15 02:33:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/07/15 02:33:23 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/15 02:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/07/15 02:33:22 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/07/15 02:33:21 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveSockets.dll
[2009/07/15 02:33:21 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/07/15 02:33:18 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/07/15 02:33:17 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/07/15 02:33:17 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/07/15 02:33:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/15 02:33:16 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/07/15 02:33:16 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/07/15 02:33:16 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll
[2009/07/15 02:33:16 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/07/15 02:33:15 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/07/15 02:33:14 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/07/15 02:33:14 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/07/15 02:33:14 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/07/15 02:33:14 | 00,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComplianceExtensions.dll
[2009/07/15 02:33:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/07/15 02:33:14 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/07/15 02:33:13 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/15 02:33:13 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/15 02:33:13 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/07/15 02:33:12 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/07/15 02:33:11 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/07/15 02:33:10 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/07/15 02:33:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/07/15 02:33:10 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/07/15 02:33:09 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/07/15 02:33:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcpromo.exe
[2009/07/15 02:33:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/07/15 02:33:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcgpofix.exe
[2009/07/15 02:33:08 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/07/15 02:33:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/07/15 02:33:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/07/15 02:33:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/07/15 02:33:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/07/15 02:33:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/07/15 02:33:07 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/07/15 02:33:07 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/07/15 02:33:07 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/07/15 02:33:07 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/07/15 02:33:07 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/07/15 02:33:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/07/15 02:33:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/07/15 02:33:06 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
[2009/07/15 02:33:06 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscsvc.dll
[2009/07/15 02:33:06 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certadm.dll
[2009/07/15 02:33:06 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceipdata.exe
[2009/07/15 02:33:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.dll
[2009/07/15 02:33:06 | 00,075,066 | -H-- | C] () -- C:\Windows\System32\ceipdata.xml
[2009/07/15 02:33:06 | 00,071,626 | -H-- | C] () -- C:\Windows\System32\ceiprole.xml
[2009/07/15 02:33:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/15 02:33:06 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.exe
[2009/07/15 02:33:05 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/07/15 02:33:05 | 00,489,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certocm.dll
[2009/07/15 02:33:05 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/07/15 02:33:05 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/15 02:33:04 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/07/15 02:33:04 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/07/15 02:33:04 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/07/15 02:33:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/07/15 02:33:04 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/07/15 02:33:03 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/07/15 02:33:02 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/07/15 02:33:02 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/15 02:33:02 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/07/15 02:33:02 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/07/15 02:33:02 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/07/15 02:33:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/07/15 02:33:01 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/07/15 02:33:01 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/15 02:33:00 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/07/15 02:33:00 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/07/15 02:32:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/07/15 02:32:58 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/07/15 02:32:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/07/15 02:32:57 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/07/15 02:32:56 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/15 02:32:56 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/07/15 02:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/15 02:32:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/07/15 02:32:55 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/07/15 02:32:55 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/15 02:32:55 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/07/15 02:32:55 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/07/15 02:32:55 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/07/15 02:32:55 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/07/15 02:32:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/15 02:32:54 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/15 02:32:53 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/07/15 02:32:53 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/15 02:32:49 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/07/15 02:32:49 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/15 02:32:49 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/07/15 02:32:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/07/15 02:32:49 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/07/15 02:32:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/07/15 02:32:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/07/15 02:32:47 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/15 02:32:47 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/07/15 02:32:46 | 00,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprsnap.dll
[2009/07/15 02:32:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/07/15 02:32:45 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/07/15 02:32:45 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/07/15 02:32:44 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/07/15 02:32:41 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/07/15 02:32:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/07/15 02:32:40 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/15 02:32:40 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/15 02:32:40 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/15 02:32:40 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/15 02:32:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/15 02:32:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/15 02:32:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/15 02:32:39 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/07/15 02:32:38 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/15 02:32:37 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/07/15 02:32:37 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/07/15 02:32:37 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/07/15 02:32:37 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/07/15 02:32:37 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/07/15 02:32:37 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/07/15 02:32:37 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/07/15 02:32:35 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/07/15 02:32:35 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/07/15 02:32:35 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/15 02:32:35 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/07/15 02:32:34 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/07/15 02:32:26 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/15 02:32:24 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/15 02:32:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/07/15 02:32:22 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/15 02:32:16 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/07/15 02:32:16 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/07/15 02:32:16 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/07/15 02:32:15 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/07/15 02:32:15 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/07/15 02:32:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/07/15 02:32:13 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/07/15 02:32:13 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/07/15 02:32:13 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/07/15 02:32:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/07/15 02:32:13 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/15 02:32:13 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/07/15 02:32:13 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/07/15 02:32:12 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/07/15 02:32:12 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/07/15 02:32:12 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/07/15 02:32:12 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/07/15 02:32:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/07/15 02:32:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/07/15 02:32:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/07/15 02:32:11 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/07/15 02:32:11 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/07/15 02:32:11 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/07/15 02:32:11 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/07/15 02:32:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/07/15 02:32:10 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/07/15 02:32:10 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/07/15 02:32:10 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/07/15 02:32:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/07/15 02:32:10 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/07/15 02:32:10 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmmc.dll
[2009/07/15 02:32:10 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/07/15 02:32:10 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmhst.dll
[2009/07/15 02:32:08 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/15 02:32:08 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/07/15 02:32:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/15 02:32:08 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/15 02:32:08 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/07/15 02:32:08 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/07/15 02:32:08 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/07/15 02:32:07 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/15 02:32:06 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/07/15 02:32:05 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/15 02:32:05 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/15 02:32:04 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/07/15 02:32:02 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/07/15 02:32:01 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/15 02:32:01 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/07/15 02:32:01 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/15 02:32:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSNSMgrDLL.dll
[2009/07/15 02:32:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSCSIMgrDLL.dll
[2009/07/15 02:32:01 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/15 02:32:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/07/15 02:32:00 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/07/15 02:31:59 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/07/15 02:31:59 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/15 02:31:59 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/15 02:31:59 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/07/15 02:31:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/07/15 02:31:58 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/15 02:31:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/15 02:31:57 | 00,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/15 02:31:57 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/07/15 02:31:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/15 02:31:57 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/07/15 02:31:57 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/07/15 02:31:57 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/15 02:31:57 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/07/15 02:31:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/07/15 02:31:57 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/07/15 02:31:57 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/15 02:31:56 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/15 02:31:54 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/15 02:31:53 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/07/15 02:31:52 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/07/15 02:31:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/07/15 02:31:52 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/07/15 02:31:51 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/07/15 02:31:51 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/07/15 02:31:48 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/07/15 02:31:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/15 02:31:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/15 02:31:47 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/07/15 02:31:47 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/15 02:31:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/15 02:31:46 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/07/15 02:31:44 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/07/15 02:31:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/07/15 02:31:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/07/15 02:31:41 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/07/15 02:31:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/07/15 02:31:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/07/15 02:31:40 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/07/15 02:31:40 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/07/15 02:31:38 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/07/15 02:31:38 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/07/15 02:31:38 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktpass.exe
[2009/07/15 02:31:38 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/07/15 02:31:37 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/07/15 02:31:35 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/15 02:31:35 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/07/15 02:31:34 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/07/15 02:31:34 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/15 02:31:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/15 02:31:33 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/15 02:31:33 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/15 02:31:33 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/07/15 02:31:33 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/07/15 02:31:31 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/15 02:31:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/15 02:31:30 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/07/15 02:31:27 | 03,667,200 | ---- | C] () -- C:\Windows\System32\loc2008.nls
[2009/07/15 02:31:26 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/15 02:31:26 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/07/15 02:31:25 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/15 02:31:25 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/07/15 02:31:25 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/07/15 02:31:24 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/07/15 02:31:24 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/15 02:31:24 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/15 02:31:24 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/07/15 02:31:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/07/15 02:31:23 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/07/15 02:31:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/07/15 02:31:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/07/15 02:31:21 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/15 02:31:21 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/15 02:31:21 | 00,333,257 | RHS- | C] () -- C:\bootmgr
[2009/07/15 02:31:20 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/07/15 02:31:19 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/15 02:31:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/07/15 02:31:16 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/07/15 02:31:16 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
quiestbml
2009-07-25, 16:15
[2009/07/15 02:31:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/07/15 02:31:15 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/07/15 02:31:15 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/07/15 02:31:15 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/07/15 02:31:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/07/15 02:31:14 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/15 02:31:13 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/07/15 02:31:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/07/15 02:31:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/07/15 02:31:12 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/15 02:31:12 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/07/15 02:31:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/07/15 02:31:11 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/15 02:31:11 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/07/15 02:31:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/15 02:31:11 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/07/15 02:31:11 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/15 02:31:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/07/15 02:31:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/07/15 02:31:10 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/07/15 02:31:10 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/07/15 02:31:10 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/07/15 02:31:09 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/07/15 02:31:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/07/15 02:31:08 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/07/15 02:31:08 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Volshext.dll
[2009/07/15 02:31:07 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/07/15 02:31:07 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/07/15 02:31:07 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/07/15 02:31:07 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/15 02:31:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUI.dll
[2009/07/15 02:31:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUIRUN.exe
[2009/07/15 02:31:05 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/07/15 02:31:05 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/07/15 02:31:05 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/07/15 02:31:05 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/07/15 02:31:04 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/07/15 02:31:04 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/07/15 02:31:03 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/07/15 02:31:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/07/15 02:31:02 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/15 02:31:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/07/15 02:31:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/07/15 02:30:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/07/15 02:30:58 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/07/15 02:30:57 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/07/15 02:30:57 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/07/15 02:30:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/15 02:30:57 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/07/15 02:30:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/15 02:30:57 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/07/15 02:30:56 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/15 02:30:56 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/07/15 02:30:56 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/07/15 02:30:56 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/07/15 02:30:56 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/07/15 02:30:56 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/07/15 02:30:56 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/07/15 02:30:55 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/07/15 02:30:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/07/15 02:30:55 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/07/15 02:30:54 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/07/15 02:30:54 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/07/15 02:30:54 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/07/15 02:30:53 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/07/15 02:30:53 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/07/15 02:30:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/07/15 02:30:52 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/07/15 02:30:52 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/07/15 02:30:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/15 02:30:48 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/15 02:30:47 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/07/15 02:30:46 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/07/15 02:30:45 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/07/15 02:30:45 | 00,568,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StorExpl.dll
[2009/07/15 02:30:45 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/07/15 02:30:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/07/15 02:30:45 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/07/15 02:30:42 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/07/15 02:30:42 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\svrmgrnc.dll
[2009/07/15 02:30:41 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/15 02:30:41 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmtrace.dll
[2009/07/15 02:30:41 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/15 02:30:40 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/07/15 02:30:40 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/07/15 02:30:40 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srm.dll
[2009/07/15 02:30:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/07/15 02:30:40 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/07/15 02:30:40 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/07/15 02:30:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmclient.dll
[2009/07/15 02:30:36 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/07/15 02:30:36 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/07/15 02:30:35 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/07/15 02:30:35 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/07/15 02:30:34 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/07/15 02:30:34 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SMEF.dll
[2009/07/15 02:30:33 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/07/15 02:30:33 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/07/15 02:30:33 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/07/15 02:30:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/07/15 02:30:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/07/15 02:30:33 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/07/15 02:30:32 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/07/15 02:30:32 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll.backup
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/07/15 02:30:32 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/07/15 02:30:31 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/07/15 02:30:31 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/07/15 02:30:31 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/15 02:30:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/07/15 02:30:31 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/07/15 02:30:31 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/07/15 02:30:30 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/07/15 02:30:30 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/07/15 02:30:30 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/07/15 02:30:30 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/07/15 02:30:30 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/07/15 02:30:30 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/07/15 02:30:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/07/15 02:30:28 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/07/15 02:30:27 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/07/15 02:30:27 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/07/15 02:30:27 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/07/15 02:30:27 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/07/15 02:30:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/07/15 02:30:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/15 02:30:26 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/07/15 02:30:26 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/07/15 02:30:26 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/07/15 02:30:25 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2009/07/15 02:30:25 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsuserex.dll
[2009/07/15 02:30:25 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/07/15 02:30:25 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/07/15 02:30:24 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/07/15 02:30:24 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/07/15 02:30:24 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2009/07/15 02:30:24 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009/07/15 02:30:24 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/07/15 02:30:24 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/07/15 02:30:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/07/15 02:30:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2009/07/15 02:30:24 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2009/07/15 02:30:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/07/15 02:30:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSErrRedir.dll
[2009/07/15 02:30:23 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/07/15 02:30:23 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/15 02:30:23 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/07/15 02:30:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/07/15 02:30:20 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/07/15 02:30:19 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/07/15 02:30:19 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/07/15 02:30:19 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umrdp.dll
[2009/07/15 02:30:19 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/07/15 02:30:18 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/07/15 02:30:18 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/15 02:30:06 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/07/15 02:30:06 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2009/07/15 02:30:06 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/07/15 02:30:06 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2009/07/15 02:30:06 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/07/15 02:30:05 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/15 02:30:05 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisnap.dll
[2009/07/15 02:30:05 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/07/15 02:30:05 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/07/15 02:30:05 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/07/15 02:30:05 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/07/15 02:30:04 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll.backup
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/07/15 02:30:04 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/07/15 02:30:04 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/07/15 02:30:04 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/07/15 02:30:04 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/07/15 02:30:04 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/07/15 02:30:04 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/07/15 02:18:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/15 01:56:35 | 00,048,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/15 01:55:04 | 00,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2009/07/15 01:54:45 | 00,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2009/07/15 01:52:29 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/07/15 01:39:03 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/07/15 01:32:34 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/07/15 00:31:07 | 00,337,216 | ---- | C] (NETGEAR, Inc.) -- C:\Windows\System32\drivers\wg121nd5.sys
[2009/07/01 21:39:09 | 00,095,232 | ---- | C] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/05/15 23:22:51 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/19 07:24:26 | 00,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008/01/19 04:45:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2008/01/19 04:45:57 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2008/01/19 00:34:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\System32\drivers\*.tmp files]
[2009/07/25 09:05:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/25 09:04:07 | 00,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/25 07:39:04 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 07:39:04 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/24 21:14:55 | 00,020,968 | ---- | M] () -- C:\Users\Administrator\Desktop\E6300.jpg
[2009/07/24 18:13:48 | 00,044,365 | ---- | M] () -- C:\Users\Administrator\Desktop\166i3pe.jpg
[2009/07/24 17:46:05 | 00,657,102 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/24 17:46:05 | 00,571,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/24 17:46:05 | 00,092,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/24 17:41:38 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/24 17:39:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/24 17:38:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/24 17:38:40 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/24 14:05:58 | 00,002,907 | ---- | M] () -- C:\Users\Administrator\Desktop\Attach.zip
[2009/07/23 15:23:50 | 00,004,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 13:23:20 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:39:27 | 02,169,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/23 12:33:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/22 23:19:24 | 00,048,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/22 18:57:02 | 01,759,945 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/22 13:40:42 | 00,644,907 | R--- | M] () -- C:\crosshairs.zip
[2009/07/22 02:24:16 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/21 00:47:35 | 00,000,036 | ---- | M] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:28:13 | 00,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/18 23:55:50 | 00,001,051 | ---- | M] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/17 22:06:39 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 11:24:01 | 00,002,092 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 04:52:02 | 00,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:02:46 | 00,000,144 | ---- | M] () -- C:\Windows\win.ini
[2009/07/15 03:43:53 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:41:54 | 00,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 03:08:22 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/15 03:06:22 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 02:31:26 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/07/15 01:46:34 | 00,046,815 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/06 20:47:56 | 00,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/06 20:47:46 | 01,169,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/06 20:47:46 | 00,051,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/07/06 20:47:36 | 00,326,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/06 20:47:30 | 02,898,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/06 20:12:50 | 02,657,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/04 03:05:24 | 01,005,997 | ---- | M] () -- C:\city.vmf
[2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/03 06:18:58 | 13,151,375 | ---- | M] () -- C:\secondaxisdark.psd
[2009/07/01 21:39:12 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/07/01 21:11:30 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress.doc
[2009/06/29 15:16:48 | 00,160,256 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Windows\Remote Shutdown 2 Professional.xml:Remote_Shutdown
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:679ABA25
< End of report >
quiestbml
2009-07-25, 16:15
OTL Extras logfile created on: 7/25/2009 9:07:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.16% Memory free
4.00 Gb Paging File | 3.28 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 104.20 Gb Free Space | 69.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.84 Gb Total Space | 1.46 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-7M4XLFMC8TB
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AE3009-BE25-423D-911F-C1C576EEAB02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1250DD07-12D8-4619-88E4-55D843143FFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1286C986-9B4F-4604-94C8-01E6606B8519}" = lport=5357 | protocol=6 | dir=in | app=system |
"{13B2382E-91EC-417B-9F5C-2A5912E95838}" = lport=2869 | protocol=6 | dir=in | app=system |
"{140289E0-7BA7-4428-88CF-CC194E28FFC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{159659E2-08A8-4889-B32B-51AD05D73938}" = rport=445 | protocol=6 | dir=out | app=system |
"{1BC7238B-7588-40F2-8CCA-69AB92803F2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{21E25F26-0431-4FF4-A240-2B9B2FD2C265}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{276288FA-EDA8-405E-8FE1-812047B02347}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3B98BE2F-5CFD-4241-A95F-95ACF9FBBCB0}" = rport=5358 | protocol=6 | dir=out | app=system |
"{49CD2635-B22B-405E-A27D-20E355F9285F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{546C0D56-E6D2-4847-B6D7-6E100497D57C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5694F83D-F2C3-4C90-9340-9E1C99F979FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D4E4D8-D05C-4B0E-8628-68234AB248D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6159F208-D1A8-45FF-9ED8-FBBC716381FC}" = lport=445 | protocol=6 | dir=in | app=system |
"{65C28154-EEB6-4109-A3C3-07173B5E9E9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{81F0F86C-F81C-41B7-9ECB-12A7CC8522E5}" = rport=137 | protocol=17 | dir=out | app=system |
"{8B55AAB3-C041-446D-80BF-208AF6744AE8}" = lport=137 | protocol=17 | dir=in | app=system |
"{8CCCF55F-E3BD-4FE8-BBD8-99649448C9EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DBFF3AF-5190-4B2A-882C-959A0A9D9763}" = lport=138 | protocol=17 | dir=in | app=system |
"{A8FACEB2-863C-4DAE-8828-7315C900CAC0}" = lport=137 | protocol=17 | dir=in | app=system |
"{A9A0860F-1701-422D-92A8-82A82BF9EA24}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B10515DB-40CE-41A2-B1E6-71CFA893013A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D03A7046-772E-4045-A48D-E1EF6B888D3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1725BBD-AEC3-409A-B5ED-F06F11537350}" = rport=138 | protocol=17 | dir=out | app=system |
"{D2B3E2B8-8961-4616-B789-11C030C908B0}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E15C96AF-EC45-49BD-8379-6B58262136A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{EA825390-D619-42A9-98F8-97D4CFAE3F58}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F1127E5E-AAF1-4122-96C0-5EEAAB227AC8}" = lport=5358 | protocol=6 | dir=in | app=system |
"{FEE7C6CA-4CD9-46BD-BA07-61A9EC35A911}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C51746C-2129-4583-83A2-049E29ED24BA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20FE09D8-5FD7-4933-A57A-56E3160FEEFB}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{26DA1319-9B96-4793-87E9-A221E39CAFDF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A089774-0A6B-42BD-85E0-21161182B63F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3194E256-AC4F-4542-BD0B-3B3DD915DD01}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{34A18BFF-BA3B-4136-91E5-85601C88D800}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{557E41F3-2A06-418B-BCF4-0DE88C719C6F}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{58352251-2458-4F56-A19D-A0B932D31640}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5862BD90-B7B0-4BFC-A77B-B0BD087ADEF9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{6122E874-9945-48E0-B374-EBE27316AB15}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{6A2EFDD9-5112-4DF3-A985-F29A2816F388}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{74638645-B10D-444B-B8A7-60DCB2EEE5CE}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fearmp.exe |
"{77179515-805E-4705-A67E-F846D235FB2D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7AC767B1-C4F9-41A7-A5EF-995C12C9B749}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{95449A56-B5C5-4388-8E34-D07D3D0F77C5}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9A53249A-E7F2-49F6-95D3-767973C9B9C3}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{9A6A7D04-D37F-46AA-B380-6891BEE86C0C}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{9EA57684-FD5B-49F9-A9AE-A57BD445498F}" = protocol=6 | dir=out | app=system |
"{9F2E8E35-9328-4043-A75D-0A1329F30D83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B047A975-D13F-4E4A-96DC-7E0ED203DB2F}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{B2F2F7A2-2BCC-4FDB-A7D4-4B0110D4F9AF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C714DBC8-4DA7-442F-8670-E7F2438ABD6C}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D00F588C-7B7B-4F67-A188-FCC724FD1814}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{D3652801-5A48-4065-9543-787E9BB28BE9}" = protocol=17 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{D684C14F-72A6-456E-AB59-10150CB8BFDB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DAF55004-EE76-4AED-AE5C-CD2E81E74CBA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{DE7CC99C-70E5-4856-A922-5E662FD816A9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0805330-394C-454B-8208-03B290113F20}" = protocol=6 | dir=in | app=c:\program files\sierra\fear\fear.exe |
"{E4E3F74B-476C-4941-A531-8E7042D95EDE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EE60AB92-0FEE-4161-8C51-6724E0E385F1}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{F28B4E27-710F-433D-A747-4603DF9304A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F5883B78-12EA-4E75-9831-1DDD31780040}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF3B2B10-5168-4292-9AA8-5D6462B7E2DF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{FFBDD817-C8A4-4CCA-B9DB-59AB2E7A248C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03E2A0D1-D43A-CB88-A35B-05D753DD43C5}" = Catalyst Control Center HydraVision Full
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C4A2CBF-CB45-5804-833B-24E1D279B0A2}" = CCC Help English
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E274067-4A84-66B2-1674-42D82D2ABD06}" = ccc-core-static
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28F0FD94-CC2E-38DE-6080-0F688881DF32}" = Catalyst Control Center Core Implementation
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}" = Razer Habu Config
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47609E69-4C5E-48B1-A889-24C6B82B5C04}" = Vista Shortcut Manager
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5DA49E6A-74A7-B5A8-172A-3CFFBD984EC6}" = ccc-utility
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AAFA39D-8247-29FF-B0AC-9D6F21BA4A1C}" = Catalyst Control Center Graphics Previews Vista
"{7113847B-EC8E-C244-66B0-C8C98A855525}" = Catalyst Control Center InstallProxy
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76756402-BF1E-4A0F-AFCC-0EE6CF58F58C}" = ESET NOD32 Antivirus
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98A01836-BC4F-BA02-8ECA-F2F22FA9754A}" = Catalyst Control Center Graphics Light
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A2749C1C-CA17-6DD2-EAE0-D00518B39AB1}" = Catalyst Control Center Graphics Previews Common
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EEC4F30A-C514-6096-C27A-D0226394CD11}" = Catalyst Control Center Graphics Full New
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F163FBE3-7EC2-BE0C-374A-E6E4A2633075}" = Catalyst Control Center Graphics Full Existing
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"CCleaner" = CCleaner (remove only)
"Citrus Alarm Clock_is1" = Citrus Alarm Clock 2.1 BETA
"EMCO Remote Shutdown Professional_is1" = EMCO Remote Shutdown Professional
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0006]
"Steam App 211" = Source SDK
"Steam App 30" = Day of Defeat
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/15/2009 5:24:16 AM | Computer Name = WIN-7M4XLFMC8TB | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 7/15/2009 6:00:00 AM | Computer Name = WIN-7M4XLFMC8TB | Source = Customer Experience Improvement Program | ID = 1006
Description =
Error - 7/15/2009 4:04:11 AM | Computer Name = WIN-7M4XLFMC8TB | Source = Perflib | ID = 1005
Description =
Error - 7/15/2009 4:04:11 AM | Computer Name = WIN-7M4XLFMC8TB | Source = Perflib | ID = 1017
Description =
Error - 7/17/2009 11:32:57 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Application Error | ID = 1000
Description = Faulting application FarCry2.exe, version 0.1.0.1, time stamp 0x48e2993f,
faulting module Dunia.dll, version 0.1.0.1, time stamp 0x48e298db, exception code
0xc0000005, fault offset 0x0041d34e, process id 0x68c, application start time 0x01ca07586bc9d5ba.
Error - 7/21/2009 12:07:57 AM | Computer Name = WIN-7M4XLFMC8TB | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "G:\Tools\Registry Workshop\RegWorkshopX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 7/22/2009 7:59:11 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Application Error | ID = 1000
Description = Faulting application keygen x-force.exe, version 0.0.0.0, time stamp
0x4a5dd14f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x023c142d, process id 0x86c, application start time
0x01ca0b285af65bb9.
Error - 7/23/2009 12:24:17 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Application Error | ID = 1000
Description = Faulting application ssvagent.exe, version 6.0.140.8, time stamp 0x4a158f9f,
faulting module msvcrt.dll!??_V@YAXPAX@Z, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000139, fault offset 0x00009eed, process id 0x1124, application
start time 0x01ca0bb1fee3ecf1.
Error - 7/23/2009 12:33:31 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Application Error | ID = 1000
Description = Faulting application javaws.exe, version 6.0.140.8, time stamp 0x4a158db5,
faulting module msvcrt.dll!??_V@YAXPAX@Z, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000139, fault offset 0x00009eed, process id 0xd64, application
start time 0x01ca0bb35007d2db.
Error - 7/23/2009 3:06:00 PM | Computer Name = WIN-7M4XLFMC8TB | Source = WindowsMedia | ID = 921877
Description =
[ System Events ]
Error - 7/23/2009 12:39:58 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Service Control Manager | ID = 7000
Description =
Error - 7/23/2009 4:43:54 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00095BD2739C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/23/2009 11:40:01 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00095BD2739C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/23/2009 11:43:33 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00095BD2739C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/24/2009 5:38:58 PM | Computer Name = WIN-7M4XLFMC8TB | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:36:08 PM on 7/24/2009 was unexpected.
Error - 7/24/2009 5:39:40 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Service Control Manager | ID = 7000
Description =
Error - 7/24/2009 5:39:40 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Service Control Manager | ID = 7003
Description =
Error - 7/24/2009 9:56:06 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00095BD2739C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/24/2009 10:49:38 PM | Computer Name = WIN-7M4XLFMC8TB | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00095BD2739C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 7/25/2009 3:34:46 AM | Computer Name = WIN-7M4XLFMC8TB | Source = DCOM | ID = 10010
Description =
< End of report >
quiestbml
2009-07-25, 16:22
Also, the appdata roaming folder for Vuze and the Azureus Downloads folder weren't deleted when it uninstalled.
Hi,
Also, the appdata roaming folder for Vuze and the Azureus Downloads folder weren't deleted when it uninstalled.
Delete those manually.
You have illegal version of Adobe Creative Suite 4 installed there. We don't help with systems that have anything illegal onboard.
Uninstall that illegal software. Delete Extras.txt file. Then re-run OTL and post both logs.
quiestbml
2009-07-26, 01:32
While I had an illegal copy of CS4 (hence the hosts file) it was because I could not find my legitimate DVDs. I do not pirate software, I own a legitimate Creative Suite 4 DVD set. However, I had just moved, and due to the fact that I'm a graphics designer, I had to get it installed immediately, and otherwise would have had to unpack many boxes to find CS4. The illegal copy is uninstalled for several weeks now. The copy of Photoshop seen installed was perfectly legal, however, as per request, it is now uninstalled. A good thing I had my brushes backed up.
All vuze folders deleted.
quiestbml
2009-07-26, 01:35
OTL logfile created on: 7/25/2009 6:29:24 PM - Run 3
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.37% Memory free
4.00 Gb Paging File | 2.87 Gb Available in Paging File | 71.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 105.04 Gb Free Space | 70.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.84 Gb Total Space | 1.46 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-7M4XLFMC8TB
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Razer\Habu\razerhid.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Razer\Habu\razertra.exe ()
PRC - C:\Program Files\Razer\Habu\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AMD External Events Utility [Auto | Running]) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EventLog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FCRegSvc [On_Demand | Stopped]) -- C:\Windows\System32\FCRegSvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\Windows\System32\RSoPProv.exe (Microsoft Corporation)
SRV - (sacsvr [On_Demand | Stopped]) -- C:\Windows\System32\sacsvr.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Stopped]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service [On_Demand | Running]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (b06bdrv [Disabled | Stopped]) -- C:\Windows\system32\drivers\bxvbdx.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HabuFltr [On_Demand | Running]) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ioatdma [Disabled | Stopped]) -- C:\Windows\system32\drivers\qd26032.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (s3cap [Disabled | Stopped]) -- C:\Windows\system32\drivers\s3cap.sys (Microsoft Corporation)
DRV - (sacdrv [Boot | Stopped]) -- C:\Windows\system32\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\drivers\storflt.sys (Microsoft Corporation)
DRV - (storvsc [Disabled | Stopped]) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [Disabled | Stopped]) -- C:\Windows\system32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [Disabled | Stopped]) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wg121 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wg121nd5.sys (NETGEAR, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.5.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/24 18:11:52 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/15 03:09:30 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009/07/15 03:10:42 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\glasser@sixxgate.com
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\locationbar2@design-noir.de
[2009/07/15 03:08:48 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\rein@notiz.jp
[2009/07/24 18:11:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/19 11:35:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/23 12:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/19 11:35:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/19 11:35:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/19 11:35:50 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell - "" = AutoRun
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRunCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/25 09:05:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/24 22:10:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009/07/23 15:22:09 | 00,004,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 15:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/07/23 13:23:08 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/07/23 13:10:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\antimalware
[2009/07/23 12:58:24 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/23 12:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/23 12:33:26 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/23 12:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/23 06:40:17 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET
[2009/07/23 06:17:08 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/23 06:16:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/23 06:16:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/23 06:16:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/23 06:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/22 23:19:22 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/07/22 20:44:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/07/22 20:42:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2009/07/22 20:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/07/22 19:01:42 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Download Manager
[2009/07/22 19:01:33 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/07/22 18:56:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Frameworkx.com
[2009/07/22 18:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2009/07/22 13:40:42 | 00,644,907 | R--- | C] () -- C:\crosshairs.zip
[2009/07/22 02:12:10 | 06,665,497 | ---- | C] () -- C:\GMIF.mp3
[2009/07/22 02:09:51 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Orangeline Interactive
[2009/07/22 02:09:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Orangeline_Interactive
[2009/07/22 02:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Citrus Alarm Clock
[2009/07/21 00:47:34 | 00,000,036 | ---- | C] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:41:09 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2009/07/20 23:39:23 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/07/20 23:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/20 23:28:13 | 00,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/20 10:48:40 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 10:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 10:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/19 16:49:26 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/07/18 23:55:50 | 00,001,051 | ---- | C] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/18 23:05:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Received Files
[2009/07/18 23:01:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/07/18 22:38:52 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/07/17 22:32:36 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\My Games
[2009/07/17 22:08:00 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2009/07/17 22:06:42 | 00,000,000 | RH-D | C] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/07/17 21:37:59 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/07/17 21:37:59 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/07/17 21:37:59 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/07/17 21:37:59 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/07/17 21:37:59 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/07/17 21:37:59 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/07/17 21:37:59 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/07/17 21:37:58 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/07/17 21:37:58 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/07/17 21:37:58 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/07/17 21:37:58 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/07/17 21:37:58 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/07/17 21:37:58 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/07/17 21:37:57 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/07/17 21:37:57 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/07/17 21:37:57 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/07/17 21:37:57 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/07/17 21:37:57 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/07/17 21:37:57 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/07/17 21:37:56 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/07/17 21:37:56 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/07/17 21:37:56 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/07/17 21:37:56 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/07/17 21:37:56 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/07/17 21:37:56 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/07/17 21:37:56 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/07/17 21:37:55 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/07/17 21:37:55 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/07/17 21:37:54 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/07/17 21:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009/07/17 21:11:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2009/07/17 21:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/17 20:42:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009/07/17 17:24:03 | 00,014,592 | ---- | C] (Motorola) -- C:\Windows\System32\drivers\USBICP.sys
[2009/07/17 17:24:00 | 00,027,776 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\System32\drivers\habu.sys
[2009/07/17 17:23:59 | 00,073,728 | ---- | C] (Razer Inc.) -- C:\Windows\System32\habu.cpl
[2009/07/17 17:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Razer
[2009/07/17 17:23:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2009/07/16 22:39:54 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/15 19:40:29 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 17:36:44 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2009/07/15 17:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra
[2009/07/15 13:43:35 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2009/07/15 12:22:46 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/15 12:22:46 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/15 12:22:37 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/15 12:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/15 12:21:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2009/07/15 12:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/07/15 11:24:14 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/07/15 11:24:14 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/07/15 11:24:14 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/07/15 11:24:13 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/07/15 11:24:13 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/07/15 11:24:13 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/07/15 11:24:13 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/07/15 11:24:13 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/07/15 11:24:13 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/07/15 11:24:13 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/07/15 11:24:09 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/07/15 11:24:09 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/07/15 11:24:09 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/07/15 11:24:09 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/07/15 11:24:09 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/07/15 11:24:09 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/07/15 11:24:09 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/07/15 11:24:09 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/07/15 11:24:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/07/15 11:24:01 | 00,002,092 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/07/15 10:51:55 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 10:51:55 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 10:51:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 10:51:55 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/15 10:51:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/15 10:51:54 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/15 10:51:52 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/15 10:51:51 | 01,167,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/15 10:51:50 | 00,828,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/15 10:51:50 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/15 10:51:49 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/15 10:51:48 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/15 05:31:20 | 02,892,089 | ---- | C] () -- C:\Users\Administrator\Documents\DSC00031.JPG
[2009/07/15 05:30:33 | 00,032,256 | ---- | C] () -- C:\Users\Administrator\Documents\annotatedbib - International Courts.doc
[2009/07/15 05:30:31 | 00,015,983 | ---- | C] () -- C:\Users\Administrator\Documents\A MANIFESTO OF DIRECTIONIST ARCHITECTURE.docx
[2009/07/15 05:24:39 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/15 05:24:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/15 05:24:20 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/07/15 05:23:02 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/15 05:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/15 05:17:22 | 00,173,657 | ---- | C] () -- C:\sfdeco.vmf
[2009/07/15 05:17:21 | 05,748,610 | ---- | C] () -- C:\sf_waterworks.vmf
[2009/07/15 05:17:21 | 05,655,566 | ---- | C] () -- C:\sf_romanbugfix.vmf
[2009/07/15 05:17:21 | 00,422,612 | ---- | C] () -- C:\sf_islamic.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo_b1.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo.vmf
[2009/07/15 05:17:20 | 01,343,638 | ---- | C] () -- C:\sf_bloxs_beta1.vmf
[2009/07/15 05:17:19 | 13,151,375 | ---- | C] () -- C:\secondaxisdark.psd
[2009/07/15 05:17:18 | 16,234,127 | ---- | C] () -- C:\secondaxiscards.psd
[2009/07/15 05:17:18 | 02,371,858 | ---- | C] () -- C:\secondaxis.psd
[2009/07/15 05:17:17 | 07,759,936 | ---- | C] () -- C:\romanice.vmf
[2009/07/15 05:17:17 | 02,280,036 | ---- | C] () -- C:\sample.mp3
[2009/07/15 05:17:17 | 00,403,256 | ---- | C] () -- C:\Sam_11_8_2008@13_55_33.wav
[2009/07/15 05:17:16 | 07,759,936 | ---- | C] () -- C:\roman.vmf
[2009/07/15 05:17:16 | 07,146,335 | ---- | C] () -- C:\naziarch.vmf
[2009/07/15 05:17:16 | 01,023,571 | ---- | C] () -- C:\gm_snowstruct_d.vmf
[2009/07/15 05:17:16 | 00,795,236 | ---- | C] () -- C:\mystsample.mp3
[2009/07/15 05:17:16 | 00,206,362 | ---- | C] () -- C:\resume.psd
[2009/07/15 05:17:16 | 00,039,659 | ---- | C] () -- C:\korean.vmf
[2009/07/15 05:17:16 | 00,038,123 | ---- | C] () -- C:\modernflagpedistal.vmf
[2009/07/15 05:17:16 | 00,005,099 | ---- | C] () -- C:\protector.vmf
[2009/07/15 05:17:15 | 01,369,361 | ---- | C] () -- C:\gm_snowstruct2_d.vmf
[2009/07/15 05:17:15 | 01,005,997 | ---- | C] () -- C:\city.vmf
[2009/07/15 05:17:15 | 00,195,187 | ---- | C] () -- C:\baths.vmf
[2009/07/15 05:17:15 | 00,103,396 | ---- | C] () -- C:\civildefense.vmf
[2009/07/15 05:17:15 | 00,018,984 | ---- | C] () -- C:\ClassicRomanCaps.ttf
[2009/07/15 05:17:15 | 00,000,000 | ---D | C] -- C:\Serbia Project
[2009/07/15 05:17:01 | 00,000,000 | ---D | C] -- C:\pastori
[2009/07/15 05:15:07 | 01,226,083 | ---- | C] () -- C:\smod_testmap.vmf
[2009/07/15 05:15:07 | 00,499,482 | ---- | C] () -- C:\traincar.vmf
[2009/07/15 05:15:07 | 00,075,235 | ---- | C] () -- C:\Untitled - Textured Shaded.vmf
[2009/07/15 05:15:07 | 00,019,029 | ---- | C] () -- C:\teleporttest.vmf
[2009/07/15 05:15:07 | 00,000,000 | ---D | C] -- C:\Brian's Backups
[2009/07/15 05:14:21 | 00,000,000 | ---D | C] -- C:\Terminal Velocity
[2009/07/15 05:09:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/07/15 04:52:02 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/07/15 04:52:02 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/07/15 04:52:01 | 00,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:50:59 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/07/15 04:50:59 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/07/15 04:50:58 | 00,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/15 04:50:58 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/07/15 04:50:58 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/07/15 04:50:58 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/07/15 04:50:57 | 02,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/15 04:50:57 | 02,657,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/15 04:50:57 | 01,169,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/15 04:50:57 | 00,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/15 04:50:57 | 00,051,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
quiestbml
2009-07-26, 01:38
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2009/07/15 04:50:55 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/07/15 04:50:55 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/07/15 04:50:55 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/07/15 04:50:54 | 00,160,256 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2009/07/15 04:50:54 | 00,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2009/07/15 04:50:54 | 00,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2009/07/15 04:50:54 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/07/15 04:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/07/15 04:50:49 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/07/15 04:50:49 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/07/15 04:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/07/15 03:46:41 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/07/15 03:43:53 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:43:37 | 21,459,68128 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Windows\twain_32
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Photo Gallery
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Calendar
[2009/07/15 03:39:35 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2009/07/15 03:39:32 | 01,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/07/15 03:37:59 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/07/15 03:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/15 03:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/07/15 03:36:54 | 00,000,000 | ---D | C] -- C:\ATI
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/07/15 03:28:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/07/15 03:28:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/15 03:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/15 03:28:17 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/07/15 03:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/15 03:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/15 03:27:34 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/07/15 03:23:09 | 00,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/07/15 03:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/15 03:08:22 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2009/07/15 03:07:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\.purple
[2009/07/15 03:06:56 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/07/15 03:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/07/15 03:06:22 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/15 03:05:48 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/07/15 03:05:48 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/07/15 03:05:48 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/07/15 03:05:48 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/07/15 03:05:42 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/07/15 03:05:42 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/07/15 03:05:42 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/07/15 03:05:39 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/07/15 03:05:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/07/15 02:58:11 | 01,759,945 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/15 02:58:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/07/15 02:37:05 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/07/15 02:36:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/07/15 02:35:02 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/07/15 02:35:02 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/07/15 02:35:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/15 02:35:01 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/07/15 02:35:01 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/15 02:35:01 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwServiceExt.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwSceExt.dll
[2009/07/15 02:35:01 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwRegistryExt.dll
[2009/07/15 02:35:01 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCWViewer.exe
[2009/07/15 02:35:00 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/07/15 02:35:00 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsopprov.exe
[2009/07/15 02:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/07/15 02:34:59 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/07/15 02:34:59 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/07/15 02:34:59 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/07/15 02:34:59 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/07/15 02:34:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/07/15 02:34:59 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/07/15 02:34:59 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/07/15 02:34:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2009/07/15 02:34:58 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/15 02:34:58 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/07/15 02:34:58 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/07/15 02:34:58 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/07/15 02:34:58 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/07/15 02:34:57 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCW.exe
[2009/07/15 02:34:57 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengf.dll
[2009/07/15 02:34:57 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwFirewallExt.dll
[2009/07/15 02:34:57 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/07/15 02:34:57 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengb.dll
[2009/07/15 02:34:57 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/07/15 02:34:57 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwcmd.exe
[2009/07/15 02:34:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwAuditExt.dll
[2009/07/15 02:34:57 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwhlp.dll
[2009/07/15 02:34:57 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scss.exe
[2009/07/15 02:34:57 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scshost.exe
[2009/07/15 02:34:56 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/07/15 02:34:56 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/07/15 02:34:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/15 02:34:54 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/07/15 02:34:54 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/07/15 02:34:54 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/07/15 02:34:53 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/07/15 02:34:53 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/15 02:34:53 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/07/15 02:34:51 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/07/15 02:34:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/07/15 02:34:50 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/15 02:34:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/07/15 02:34:49 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/07/15 02:34:49 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/07/15 02:34:49 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/15 02:34:49 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/07/15 02:34:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/07/15 02:34:49 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/07/15 02:34:49 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/07/15 02:34:49 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/15 02:34:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/07/15 02:34:49 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/07/15 02:34:48 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/07/15 02:34:48 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/07/15 02:34:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/07/15 02:34:48 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/07/15 02:34:48 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/15 02:34:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/15 02:34:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/07/15 02:34:46 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/07/15 02:34:45 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/15 02:34:45 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/15 02:34:45 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/07/15 02:34:44 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/07/15 02:34:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/07/15 02:34:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/07/15 02:34:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/07/15 02:34:43 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/15 02:34:43 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/15 02:34:41 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/15 02:34:41 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2009/07/15 02:34:38 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/15 02:34:38 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/07/15 02:34:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/07/15 02:34:37 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/07/15 02:34:37 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/15 02:34:36 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/07/15 02:34:36 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/07/15 02:34:36 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/15 02:34:36 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/07/15 02:34:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/07/15 02:34:36 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/07/15 02:34:35 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/07/15 02:34:35 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/07/15 02:34:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/15 02:34:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/15 02:34:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/07/15 02:34:32 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/15 02:34:32 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/15 02:34:32 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/07/15 02:34:31 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/07/15 02:34:31 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/07/15 02:34:31 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/07/15 02:34:31 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/07/15 02:34:31 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/07/15 02:34:31 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/07/15 02:34:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/15 02:34:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/07/15 02:34:30 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/07/15 02:34:30 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/07/15 02:34:30 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/07/15 02:34:30 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/07/15 02:34:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasuser.dll
[2009/07/15 02:34:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/07/15 02:34:30 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/07/15 02:34:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/07/15 02:34:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/07/15 02:34:29 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/15 02:34:29 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/07/15 02:34:29 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/15 02:34:29 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/07/15 02:34:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/07/15 02:34:29 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/15 02:34:29 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/15 02:34:28 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/07/15 02:34:28 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2009/07/15 02:34:28 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/07/15 02:34:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2009/07/15 02:34:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/07/15 02:34:28 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/07/15 02:34:28 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/07/15 02:34:28 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/07/15 02:34:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/07/15 02:34:27 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/15 02:34:27 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/07/15 02:34:27 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2009/07/15 02:34:27 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/07/15 02:34:27 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/07/15 02:34:27 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2009/07/15 02:34:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/07/15 02:34:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/07/15 02:34:27 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/15 02:34:26 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/07/15 02:34:26 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/15 02:34:26 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/07/15 02:34:26 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/15 02:34:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/15 02:34:25 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/15 02:34:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/07/15 02:34:22 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/07/15 02:34:21 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/07/15 02:34:21 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/07/15 02:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/07/15 02:34:20 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/07/15 02:34:20 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/07/15 02:34:19 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/07/15 02:34:16 | 00,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerUnifiedOptin.dll
[2009/07/15 02:34:16 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerWerOptinGui.dll
[2009/07/15 02:34:16 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/15 02:34:16 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerCeipOptinGui.dll
[2009/07/15 02:34:13 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/15 02:34:13 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/07/15 02:34:12 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/07/15 02:34:12 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/07/15 02:34:11 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/15 02:34:11 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/07/15 02:34:11 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SeVA.dll
[2009/07/15 02:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/07/15 02:34:04 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/07/15 02:34:04 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/07/15 02:34:02 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/15 02:34:02 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/07/15 02:34:02 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapahost.dll
[2009/07/15 02:34:02 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/07/15 02:34:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/07/15 02:34:00 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/15 02:34:00 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/07/15 02:34:00 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapa3hst.dll
[2009/07/15 02:34:00 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/07/15 02:34:00 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapacfg.dll
[2009/07/15 02:34:00 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/07/15 02:34:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/15 02:33:59 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/07/15 02:33:59 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/07/15 02:33:59 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/07/15 02:33:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/07/15 02:33:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/07/15 02:33:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/07/15 02:33:58 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/15 02:33:58 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/07/15 02:33:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\escUnattend.exe
[2009/07/15 02:33:57 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2009/07/15 02:33:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/15 02:33:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/07/15 02:33:55 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/15 02:33:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 02:33:55 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/07/15 02:33:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/07/15 02:33:55 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EscMigPlugin.dll
[2009/07/15 02:33:54 | 00,355,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskshadow.exe
[2009/07/15 02:33:54 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/07/15 02:33:54 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/15 02:33:54 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/07/15 02:33:54 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/07/15 02:33:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/07/15 02:33:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/07/15 02:33:53 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/15 02:33:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/07/15 02:33:52 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/15 02:33:51 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/15 02:33:51 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/07/15 02:33:51 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/07/15 02:33:51 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/07/15 02:33:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/07/15 02:33:51 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/07/15 02:33:50 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/07/15 02:33:50 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/07/15 02:33:50 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/15 02:33:49 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/15 02:33:49 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/15 02:33:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/07/15 02:33:48 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/15 02:33:48 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/07/15 02:33:48 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/07/15 02:33:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/07/15 02:33:48 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/07/15 02:33:46 | 00,637,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2009/07/15 02:33:46 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/07/15 02:33:46 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/07/15 02:33:46 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/07/15 02:33:46 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/15 02:33:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/07/15 02:33:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/07/15 02:33:46 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/07/15 02:33:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/15 02:33:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/15 02:33:46 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/07/15 02:33:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/07/15 02:33:45 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/07/15 02:33:45 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/07/15 02:33:45 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/07/15 02:33:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/07/15 02:33:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/07/15 02:33:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/07/15 02:33:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/07/15 02:33:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/07/15 02:33:44 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/15 02:33:44 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FCMgrDLL.dll
[2009/07/15 02:33:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/07/15 02:33:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/07/15 02:33:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/07/15 02:33:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/07/15 02:33:43 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/07/15 02:33:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/07/15 02:33:43 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/07/15 02:33:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/07/15 02:33:43 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/07/15 02:33:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/07/15 02:33:42 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/15 02:33:35 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/07/15 02:33:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/07/15 02:33:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/07/15 02:33:33 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/07/15 02:33:33 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/07/15 02:33:33 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/07/15 02:33:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/15 02:33:32 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/15 02:33:32 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/07/15 02:33:32 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/07/15 02:33:31 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/07/15 02:33:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/07/15 02:33:31 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/15 02:33:31 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/07/15 02:33:31 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/07/15 02:33:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/07/15 02:33:31 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 02:33:30 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/07/15 02:33:30 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/07/15 02:33:30 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/07/15 02:33:30 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/07/15 02:33:30 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avolprop.dll
[2009/07/15 02:33:27 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/15 02:33:24 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll.old
[2009/07/15 02:33:24 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/07/15 02:33:24 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/07/15 02:33:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/07/15 02:33:23 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/07/15 02:33:23 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/07/15 02:33:23 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/07/15 02:33:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/07/15 02:33:23 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/15 02:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/07/15 02:33:22 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/07/15 02:33:21 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveSockets.dll
[2009/07/15 02:33:21 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/07/15 02:33:18 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/07/15 02:33:17 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/07/15 02:33:17 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/07/15 02:33:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/15 02:33:16 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/07/15 02:33:16 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/07/15 02:33:16 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll
[2009/07/15 02:33:16 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/07/15 02:33:15 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/07/15 02:33:14 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/07/15 02:33:14 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/07/15 02:33:14 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/07/15 02:33:14 | 00,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComplianceExtensions.dll
[2009/07/15 02:33:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/07/15 02:33:14 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/07/15 02:33:13 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/15 02:33:13 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/15 02:33:13 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/07/15 02:33:12 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/07/15 02:33:11 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/07/15 02:33:10 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/07/15 02:33:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/07/15 02:33:10 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/07/15 02:33:09 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/07/15 02:33:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcpromo.exe
[2009/07/15 02:33:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/07/15 02:33:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcgpofix.exe
[2009/07/15 02:33:08 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/07/15 02:33:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/07/15 02:33:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/07/15 02:33:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/07/15 02:33:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/07/15 02:33:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/07/15 02:33:07 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/07/15 02:33:07 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/07/15 02:33:07 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/07/15 02:33:07 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/07/15 02:33:07 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/07/15 02:33:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/07/15 02:33:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/07/15 02:33:06 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
[2009/07/15 02:33:06 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscsvc.dll
[2009/07/15 02:33:06 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certadm.dll
[2009/07/15 02:33:06 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceipdata.exe
[2009/07/15 02:33:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.dll
[2009/07/15 02:33:06 | 00,075,066 | -H-- | C] () -- C:\Windows\System32\ceipdata.xml
[2009/07/15 02:33:06 | 00,071,626 | -H-- | C] () -- C:\Windows\System32\ceiprole.xml
[2009/07/15 02:33:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/15 02:33:06 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.exe
[2009/07/15 02:33:05 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/07/15 02:33:05 | 00,489,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certocm.dll
[2009/07/15 02:33:05 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/07/15 02:33:05 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/15 02:33:04 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/07/15 02:33:04 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/07/15 02:33:04 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/07/15 02:33:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/07/15 02:33:04 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/07/15 02:33:03 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/07/15 02:33:02 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/07/15 02:33:02 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/15 02:33:02 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/07/15 02:33:02 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/07/15 02:33:02 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/07/15 02:33:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/07/15 02:33:01 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/07/15 02:33:01 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/15 02:33:00 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/07/15 02:33:00 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/07/15 02:32:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/07/15 02:32:58 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/07/15 02:32:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/07/15 02:32:57 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/07/15 02:32:56 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/15 02:32:56 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/07/15 02:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/15 02:32:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/07/15 02:32:55 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/07/15 02:32:55 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/15 02:32:55 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/07/15 02:32:55 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/07/15 02:32:55 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/07/15 02:32:55 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/07/15 02:32:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/15 02:32:54 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/15 02:32:53 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/07/15 02:32:53 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
quiestbml
2009-07-26, 01:39
[2009/07/15 02:32:49 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/07/15 02:32:49 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/15 02:32:49 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/07/15 02:32:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/07/15 02:32:49 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/07/15 02:32:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/07/15 02:32:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/07/15 02:32:47 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/15 02:32:47 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/07/15 02:32:46 | 00,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprsnap.dll
[2009/07/15 02:32:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/07/15 02:32:45 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/07/15 02:32:45 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/07/15 02:32:44 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/07/15 02:32:41 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/07/15 02:32:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/07/15 02:32:40 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/15 02:32:40 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/15 02:32:40 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/15 02:32:40 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/15 02:32:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/15 02:32:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/15 02:32:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/15 02:32:39 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/07/15 02:32:38 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/15 02:32:37 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/07/15 02:32:37 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/07/15 02:32:37 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/07/15 02:32:37 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/07/15 02:32:37 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/07/15 02:32:37 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/07/15 02:32:37 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/07/15 02:32:35 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/07/15 02:32:35 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/07/15 02:32:35 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/15 02:32:35 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/07/15 02:32:34 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/07/15 02:32:26 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/15 02:32:24 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/15 02:32:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/07/15 02:32:22 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/15 02:32:16 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/07/15 02:32:16 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/07/15 02:32:16 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/07/15 02:32:15 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/07/15 02:32:15 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/07/15 02:32:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/07/15 02:32:13 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/07/15 02:32:13 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/07/15 02:32:13 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/07/15 02:32:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/07/15 02:32:13 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/15 02:32:13 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/07/15 02:32:13 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/07/15 02:32:12 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/07/15 02:32:12 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/07/15 02:32:12 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/07/15 02:32:12 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/07/15 02:32:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/07/15 02:32:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/07/15 02:32:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/07/15 02:32:11 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/07/15 02:32:11 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/07/15 02:32:11 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/07/15 02:32:11 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/07/15 02:32:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/07/15 02:32:10 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/07/15 02:32:10 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/07/15 02:32:10 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/07/15 02:32:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/07/15 02:32:10 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/07/15 02:32:10 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmmc.dll
[2009/07/15 02:32:10 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/07/15 02:32:10 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmhst.dll
[2009/07/15 02:32:08 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/15 02:32:08 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/07/15 02:32:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/15 02:32:08 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/15 02:32:08 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/07/15 02:32:08 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/07/15 02:32:08 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/07/15 02:32:07 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/15 02:32:06 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/07/15 02:32:05 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/15 02:32:05 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/15 02:32:04 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/07/15 02:32:02 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/07/15 02:32:01 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/15 02:32:01 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/07/15 02:32:01 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/15 02:32:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSNSMgrDLL.dll
[2009/07/15 02:32:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSCSIMgrDLL.dll
[2009/07/15 02:32:01 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/15 02:32:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/07/15 02:32:00 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/07/15 02:31:59 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/07/15 02:31:59 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/15 02:31:59 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/15 02:31:59 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/07/15 02:31:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/07/15 02:31:58 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/15 02:31:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/15 02:31:57 | 00,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/15 02:31:57 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/07/15 02:31:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/15 02:31:57 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/07/15 02:31:57 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/07/15 02:31:57 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/15 02:31:57 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/07/15 02:31:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/07/15 02:31:57 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/07/15 02:31:57 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/15 02:31:56 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/15 02:31:54 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/15 02:31:53 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/07/15 02:31:52 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/07/15 02:31:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/07/15 02:31:52 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/07/15 02:31:51 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/07/15 02:31:51 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/07/15 02:31:48 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/07/15 02:31:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/15 02:31:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/15 02:31:47 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/07/15 02:31:47 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/15 02:31:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/15 02:31:46 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/07/15 02:31:44 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/07/15 02:31:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/07/15 02:31:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/07/15 02:31:41 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/07/15 02:31:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/07/15 02:31:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/07/15 02:31:40 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/07/15 02:31:40 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/07/15 02:31:38 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/07/15 02:31:38 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/07/15 02:31:38 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktpass.exe
[2009/07/15 02:31:38 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/07/15 02:31:37 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/07/15 02:31:35 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/15 02:31:35 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/07/15 02:31:34 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/07/15 02:31:34 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/15 02:31:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/15 02:31:33 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/15 02:31:33 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/15 02:31:33 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/07/15 02:31:33 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/07/15 02:31:31 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/15 02:31:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/15 02:31:30 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/07/15 02:31:27 | 03,667,200 | ---- | C] () -- C:\Windows\System32\loc2008.nls
[2009/07/15 02:31:26 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/15 02:31:26 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/07/15 02:31:25 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/15 02:31:25 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/07/15 02:31:25 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/07/15 02:31:24 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/07/15 02:31:24 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/15 02:31:24 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/15 02:31:24 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/07/15 02:31:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/07/15 02:31:23 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/07/15 02:31:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/07/15 02:31:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/07/15 02:31:21 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/15 02:31:21 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/15 02:31:21 | 00,333,257 | RHS- | C] () -- C:\bootmgr
[2009/07/15 02:31:20 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/07/15 02:31:19 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/15 02:31:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/07/15 02:31:16 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/07/15 02:31:16 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/15 02:31:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/07/15 02:31:15 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/07/15 02:31:15 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/07/15 02:31:15 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/07/15 02:31:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/07/15 02:31:14 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/15 02:31:13 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/07/15 02:31:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/07/15 02:31:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/07/15 02:31:12 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/15 02:31:12 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/07/15 02:31:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/07/15 02:31:11 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/15 02:31:11 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/07/15 02:31:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/15 02:31:11 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/07/15 02:31:11 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/15 02:31:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/07/15 02:31:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/07/15 02:31:10 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/07/15 02:31:10 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/07/15 02:31:10 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/07/15 02:31:09 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/07/15 02:31:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/07/15 02:31:08 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/07/15 02:31:08 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Volshext.dll
[2009/07/15 02:31:07 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/07/15 02:31:07 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/07/15 02:31:07 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/07/15 02:31:07 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/15 02:31:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUI.dll
[2009/07/15 02:31:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUIRUN.exe
[2009/07/15 02:31:05 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/07/15 02:31:05 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/07/15 02:31:05 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/07/15 02:31:05 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/07/15 02:31:04 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/07/15 02:31:04 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/07/15 02:31:03 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/07/15 02:31:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/07/15 02:31:02 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/15 02:31:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/07/15 02:31:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/07/15 02:30:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/07/15 02:30:58 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/07/15 02:30:57 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/07/15 02:30:57 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/07/15 02:30:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/15 02:30:57 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/07/15 02:30:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/15 02:30:57 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/07/15 02:30:56 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/15 02:30:56 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/07/15 02:30:56 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/07/15 02:30:56 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/07/15 02:30:56 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/07/15 02:30:56 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/07/15 02:30:56 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/07/15 02:30:55 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/07/15 02:30:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/07/15 02:30:55 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/07/15 02:30:54 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/07/15 02:30:54 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/07/15 02:30:54 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/07/15 02:30:53 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/07/15 02:30:53 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/07/15 02:30:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/07/15 02:30:52 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/07/15 02:30:52 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/07/15 02:30:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/15 02:30:48 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/15 02:30:47 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/07/15 02:30:46 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/07/15 02:30:45 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/07/15 02:30:45 | 00,568,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StorExpl.dll
[2009/07/15 02:30:45 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/07/15 02:30:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/07/15 02:30:45 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/07/15 02:30:42 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/07/15 02:30:42 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\svrmgrnc.dll
[2009/07/15 02:30:41 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/15 02:30:41 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmtrace.dll
[2009/07/15 02:30:41 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/15 02:30:40 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/07/15 02:30:40 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/07/15 02:30:40 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srm.dll
[2009/07/15 02:30:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/07/15 02:30:40 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/07/15 02:30:40 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/07/15 02:30:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmclient.dll
[2009/07/15 02:30:36 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/07/15 02:30:36 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/07/15 02:30:35 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/07/15 02:30:35 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/07/15 02:30:34 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/07/15 02:30:34 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SMEF.dll
[2009/07/15 02:30:33 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/07/15 02:30:33 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/07/15 02:30:33 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/07/15 02:30:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/07/15 02:30:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/07/15 02:30:33 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/07/15 02:30:32 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/07/15 02:30:32 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll.backup
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/07/15 02:30:32 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/07/15 02:30:31 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/07/15 02:30:31 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/07/15 02:30:31 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/15 02:30:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/07/15 02:30:31 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/07/15 02:30:31 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/07/15 02:30:30 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/07/15 02:30:30 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/07/15 02:30:30 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/07/15 02:30:30 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/07/15 02:30:30 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/07/15 02:30:30 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/07/15 02:30:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/07/15 02:30:28 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/07/15 02:30:27 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/07/15 02:30:27 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/07/15 02:30:27 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/07/15 02:30:27 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/07/15 02:30:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/07/15 02:30:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/15 02:30:26 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/07/15 02:30:26 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/07/15 02:30:26 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/07/15 02:30:25 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2009/07/15 02:30:25 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsuserex.dll
[2009/07/15 02:30:25 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/07/15 02:30:25 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/07/15 02:30:24 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/07/15 02:30:24 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/07/15 02:30:24 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2009/07/15 02:30:24 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009/07/15 02:30:24 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/07/15 02:30:24 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/07/15 02:30:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/07/15 02:30:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2009/07/15 02:30:24 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2009/07/15 02:30:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/07/15 02:30:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSErrRedir.dll
[2009/07/15 02:30:23 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/07/15 02:30:23 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/15 02:30:23 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/07/15 02:30:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/07/15 02:30:20 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/07/15 02:30:19 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/07/15 02:30:19 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/07/15 02:30:19 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umrdp.dll
[2009/07/15 02:30:19 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/07/15 02:30:18 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/07/15 02:30:18 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/15 02:30:06 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/07/15 02:30:06 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2009/07/15 02:30:06 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/07/15 02:30:06 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2009/07/15 02:30:06 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/07/15 02:30:05 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/15 02:30:05 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisnap.dll
[2009/07/15 02:30:05 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/07/15 02:30:05 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/07/15 02:30:05 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/07/15 02:30:05 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/07/15 02:30:04 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll.backup
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/07/15 02:30:04 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/07/15 02:30:04 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/07/15 02:30:04 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/07/15 02:30:04 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/07/15 02:30:04 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/07/15 02:30:04 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/07/15 02:18:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/15 01:56:35 | 00,048,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/15 01:55:04 | 00,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2009/07/15 01:54:45 | 00,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2009/07/15 01:52:29 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/07/15 01:39:03 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/07/15 01:32:34 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/07/15 00:31:07 | 00,337,216 | ---- | C] (NETGEAR, Inc.) -- C:\Windows\System32\drivers\wg121nd5.sys
[2009/07/01 21:39:09 | 00,095,232 | ---- | C] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/05/15 23:22:51 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/19 07:24:26 | 00,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008/01/19 04:45:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2008/01/19 04:45:57 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2008/01/19 00:34:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\System32\drivers\*.tmp files]
[2009/07/25 17:39:03 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 17:39:03 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/25 15:49:23 | 00,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/25 09:05:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/24 17:46:05 | 00,657,102 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/24 17:46:05 | 00,571,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/24 17:46:05 | 00,092,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/24 17:41:38 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/24 17:39:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/24 17:38:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/24 17:38:40 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/23 15:23:50 | 00,004,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 13:23:20 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:39:27 | 02,169,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/23 12:33:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/22 23:19:24 | 00,048,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/22 18:57:02 | 01,759,945 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/22 13:40:42 | 00,644,907 | R--- | M] () -- C:\crosshairs.zip
[2009/07/22 02:24:16 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/21 00:47:35 | 00,000,036 | ---- | M] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:28:13 | 00,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/18 23:55:50 | 00,001,051 | ---- | M] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/17 22:06:39 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 11:24:01 | 00,002,092 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 04:52:02 | 00,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:02:46 | 00,000,144 | ---- | M] () -- C:\Windows\win.ini
[2009/07/15 03:43:53 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:41:54 | 00,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 03:08:22 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/15 03:06:22 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 02:31:26 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/07/15 01:46:34 | 00,046,815 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/06 20:47:56 | 00,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/06 20:47:46 | 01,169,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/06 20:47:46 | 00,051,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/07/06 20:47:36 | 00,326,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/06 20:47:30 | 02,898,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/06 20:12:50 | 02,657,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/04 03:05:24 | 01,005,997 | ---- | M] () -- C:\city.vmf
[2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/03 06:18:58 | 13,151,375 | ---- | M] () -- C:\secondaxisdark.psd
[2009/07/01 21:39:12 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/07/01 21:11:30 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress.doc
[2009/06/29 15:16:48 | 00,160,256 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Windows\Remote Shutdown 2 Professional.xml:Remote_Shutdown
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:679ABA25
< End of report >
quiestbml
2009-07-26, 01:47
No extra.txt was created.
Hi,
Let's run custom script with OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:679ABA25
:Commands
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL2 log.
You seem to have MBAM installed there as well. Please run a full scan with it (let it delete its findings) and post back the report.
Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner)
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read the requirements and privacy statement then click on the Accept button.
The program will launch and start to download the latest definition files.
You will be prompted to install an application from Kaspersky. Click Run
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
Click on Save Report As....
Change the Files of type to Text file (.txt) before clicking on the Save button.
Save this report to a convenient place.
Copy and paste that information into your topic.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Does redirecting occur with both IE and Firefox?
quiestbml
2009-07-26, 19:15
It occurs with both IE 7.0 *and* Firefox 3.5.1
Here's the new OTL log, I'll get the kaspersky log up in a bit.
OTL logfile created on: 7/26/2009 12:11:20 PM - Run 4
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Server Standard Edition (full installation) Service Pack 2 (Version = 6.0.6002) - Type = NTServer
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 71.14% Memory free
4.00 Gb Paging File | 3.36 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 112.04 Gb Free Space | 75.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.84 Gb Total Space | 1.46 Gb Free Space | 5.25% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: WIN-7M4XLFMC8TB
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Razer\Habu\razerhid.exe ()
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Razer\Habu\razertra.exe ()
PRC - C:\Program Files\Razer\Habu\razerofa.exe (Razer Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (AMD External Events Utility [Auto | Running]) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (EventLog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FCRegSvc [On_Demand | Stopped]) -- C:\Windows\System32\FCRegSvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (RSoPProv [On_Demand | Stopped]) -- C:\Windows\System32\RSoPProv.exe (Microsoft Corporation)
SRV - (sacsvr [On_Demand | Stopped]) -- C:\Windows\System32\sacsvr.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Stopped]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Steam Client Service [On_Demand | Running]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (b06bdrv [Disabled | Stopped]) -- C:\Windows\system32\drivers\bxvbdx.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (eamon [Auto | Running]) -- C:\Windows\System32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ehdrv.sys (ESET)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (epfwwfpr [Auto | Running]) -- C:\Windows\System32\DRIVERS\epfwwfpr.sys (ESET)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HabuFltr [On_Demand | Running]) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ioatdma [Disabled | Stopped]) -- C:\Windows\system32\drivers\qd26032.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation)
DRV - (s3cap [Disabled | Stopped]) -- C:\Windows\system32\drivers\s3cap.sys (Microsoft Corporation)
DRV - (sacdrv [Boot | Stopped]) -- C:\Windows\system32\DRIVERS\sacdrv.sys (Microsoft Corporation)
DRV - (SCDEmu [System | Running]) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (storflt [Boot | Running]) -- C:\Windows\system32\drivers\storflt.sys (Microsoft Corporation)
DRV - (storvsc [Disabled | Stopped]) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [Disabled | Stopped]) -- C:\Windows\system32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vmbus [Disabled | Stopped]) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (wg121 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\wg121nd5.sys (NETGEAR, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://news.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: glasser@sixxgate.com:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: rein@notiz.jp:3.5.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/19 11:35:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/07/15 03:08:24 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/25 18:32:41 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/15 03:09:30 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009/07/15 03:10:42 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\glasser@sixxgate.com
[2009/07/15 03:24:20 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\locationbar2@design-noir.de
[2009/07/15 03:08:48 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\61dujzln.default\extensions\rein@notiz.jp
[2009/07/25 18:32:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/19 11:35:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/23 12:33:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/19 11:35:50 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/19 11:35:50 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/19 11:35:50 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 12:22:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (56 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {43E3F87D-DE7F-4087-BD4F-0DC854981158} http://download.microsoft.com/download/7/3/8/7384c441-3721-41ee-ae15-b678888f00dd/clearadj.CAB (CTAdjust Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.252.0.12 68.238.112.12
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell - "" = AutoRun
O33 - MountPoints2\{17775ee7-74a9-11de-ad95-00095bd2739c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRunCD.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[2009/07/26 11:53:45 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/25 09:05:37 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/24 22:10:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2009/07/23 15:22:09 | 00,004,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 15:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/07/23 13:23:08 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/07/23 13:10:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\antimalware
[2009/07/23 12:58:24 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/23 12:52:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/23 12:51:20 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/23 12:33:26 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:26 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/23 12:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/23 06:40:17 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ESET
[2009/07/23 06:17:08 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/23 06:16:55 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/23 06:16:53 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/23 06:16:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/23 06:16:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/07/22 23:20:49 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/22 23:19:22 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009/07/22 20:44:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009/07/22 20:42:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2009/07/22 20:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/07/22 19:01:42 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Download Manager
[2009/07/22 19:01:33 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/07/22 18:56:58 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Frameworkx.com
[2009/07/22 18:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2009/07/22 13:40:42 | 00,644,907 | R--- | C] () -- C:\crosshairs.zip
[2009/07/22 02:12:10 | 06,665,497 | ---- | C] () -- C:\GMIF.mp3
[2009/07/22 02:09:51 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Orangeline Interactive
[2009/07/22 02:09:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Orangeline_Interactive
[2009/07/22 02:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Citrus Alarm Clock
[2009/07/21 00:47:34 | 00,000,036 | ---- | C] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:41:09 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Auslogics
[2009/07/20 23:39:23 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/07/20 23:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/07/20 23:28:13 | 00,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/20 10:48:40 | 00,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 10:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/07/20 10:48:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/07/19 16:49:26 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009/07/18 23:55:50 | 00,001,051 | ---- | C] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/18 23:05:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Received Files
[2009/07/18 23:01:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2009/07/18 22:38:52 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/07/17 22:32:36 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\My Games
[2009/07/17 22:08:00 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2009/07/17 22:06:42 | 00,000,000 | RH-D | C] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2009/07/17 22:00:53 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/07/17 21:37:59 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/07/17 21:37:59 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/07/17 21:37:59 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/07/17 21:37:59 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/07/17 21:37:59 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/07/17 21:37:59 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/07/17 21:37:59 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/07/17 21:37:58 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/07/17 21:37:58 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/07/17 21:37:58 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/07/17 21:37:58 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/07/17 21:37:58 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/07/17 21:37:58 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/07/17 21:37:57 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/07/17 21:37:57 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/07/17 21:37:57 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/07/17 21:37:57 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/07/17 21:37:57 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/07/17 21:37:57 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/07/17 21:37:57 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/07/17 21:37:56 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/07/17 21:37:56 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/07/17 21:37:56 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/07/17 21:37:56 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/07/17 21:37:56 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/07/17 21:37:56 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/07/17 21:37:56 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/07/17 21:37:56 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/07/17 21:37:55 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/07/17 21:37:55 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/07/17 21:37:54 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/07/17 21:15:07 | 00,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2009/07/17 21:11:03 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2009/07/17 21:10:47 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/17 20:42:12 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009/07/17 17:24:03 | 00,014,592 | ---- | C] (Motorola) -- C:\Windows\System32\drivers\USBICP.sys
[2009/07/17 17:24:00 | 00,027,776 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\System32\drivers\habu.sys
[2009/07/17 17:23:59 | 00,073,728 | ---- | C] (Razer Inc.) -- C:\Windows\System32\habu.cpl
[2009/07/17 17:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\Razer
[2009/07/17 17:23:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2009/07/16 22:39:54 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/15 19:40:29 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 17:36:44 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2009/07/15 17:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra
[2009/07/15 13:43:35 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2009/07/15 12:22:53 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2009/07/15 12:22:46 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/07/15 12:22:46 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/07/15 12:22:37 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/15 12:22:30 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/07/15 12:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/07/15 12:21:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2009/07/15 12:21:52 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/07/15 12:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/07/15 11:24:14 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/07/15 11:24:14 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/07/15 11:24:14 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/07/15 11:24:13 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/07/15 11:24:13 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/07/15 11:24:13 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/07/15 11:24:13 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/07/15 11:24:13 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/07/15 11:24:13 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/07/15 11:24:13 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/07/15 11:24:09 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/07/15 11:24:09 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/07/15 11:24:09 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/07/15 11:24:09 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/07/15 11:24:09 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2009/07/15 11:24:09 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/07/15 11:24:09 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/07/15 11:24:09 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/07/15 11:24:08 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/07/15 11:24:01 | 00,002,092 | ---- | C] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC
[2009/07/15 11:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/07/15 10:51:55 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 10:51:55 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 10:51:55 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 10:51:55 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/15 10:51:55 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/15 10:51:54 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/07/15 10:51:52 | 03,597,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/15 10:51:51 | 01,167,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/15 10:51:50 | 00,828,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/15 10:51:50 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/07/15 10:51:49 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/07/15 10:51:48 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/07/15 05:31:20 | 02,892,089 | ---- | C] () -- C:\Users\Administrator\Documents\DSC00031.JPG
[2009/07/15 05:30:33 | 00,032,256 | ---- | C] () -- C:\Users\Administrator\Documents\annotatedbib - International Courts.doc
[2009/07/15 05:30:31 | 00,015,983 | ---- | C] () -- C:\Users\Administrator\Documents\A MANIFESTO OF DIRECTIONIST ARCHITECTURE.docx
[2009/07/15 05:24:39 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/15 05:24:20 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/15 05:24:20 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/07/15 05:23:02 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/07/15 05:22:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/15 05:21:24 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/07/15 05:17:22 | 00,173,657 | ---- | C] () -- C:\sfdeco.vmf
[2009/07/15 05:17:21 | 05,748,610 | ---- | C] () -- C:\sf_waterworks.vmf
[2009/07/15 05:17:21 | 05,655,566 | ---- | C] () -- C:\sf_romanbugfix.vmf
[2009/07/15 05:17:21 | 00,422,612 | ---- | C] () -- C:\sf_islamic.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo_b1.vmf
[2009/07/15 05:17:20 | 02,964,186 | ---- | C] () -- C:\sf_fieldtriptwo.vmf
[2009/07/15 05:17:20 | 01,343,638 | ---- | C] () -- C:\sf_bloxs_beta1.vmf
[2009/07/15 05:17:19 | 13,151,375 | ---- | C] () -- C:\secondaxisdark.psd
[2009/07/15 05:17:18 | 16,234,127 | ---- | C] () -- C:\secondaxiscards.psd
[2009/07/15 05:17:18 | 02,371,858 | ---- | C] () -- C:\secondaxis.psd
[2009/07/15 05:17:17 | 07,759,936 | ---- | C] () -- C:\romanice.vmf
[2009/07/15 05:17:17 | 02,280,036 | ---- | C] () -- C:\sample.mp3
[2009/07/15 05:17:17 | 00,403,256 | ---- | C] () -- C:\Sam_11_8_2008@13_55_33.wav
[2009/07/15 05:17:16 | 07,759,936 | ---- | C] () -- C:\roman.vmf
[2009/07/15 05:17:16 | 07,146,335 | ---- | C] () -- C:\naziarch.vmf
[2009/07/15 05:17:16 | 01,023,571 | ---- | C] () -- C:\gm_snowstruct_d.vmf
[2009/07/15 05:17:16 | 00,795,236 | ---- | C] () -- C:\mystsample.mp3
[2009/07/15 05:17:16 | 00,206,362 | ---- | C] () -- C:\resume.psd
[2009/07/15 05:17:16 | 00,039,659 | ---- | C] () -- C:\korean.vmf
[2009/07/15 05:17:16 | 00,038,123 | ---- | C] () -- C:\modernflagpedistal.vmf
[2009/07/15 05:17:16 | 00,005,099 | ---- | C] () -- C:\protector.vmf
[2009/07/15 05:17:15 | 01,369,361 | ---- | C] () -- C:\gm_snowstruct2_d.vmf
[2009/07/15 05:17:15 | 01,005,997 | ---- | C] () -- C:\city.vmf
[2009/07/15 05:17:15 | 00,195,187 | ---- | C] () -- C:\baths.vmf
[2009/07/15 05:17:15 | 00,103,396 | ---- | C] () -- C:\civildefense.vmf
[2009/07/15 05:17:15 | 00,018,984 | ---- | C] () -- C:\ClassicRomanCaps.ttf
[2009/07/15 05:17:15 | 00,000,000 | ---D | C] -- C:\Serbia Project
[2009/07/15 05:17:01 | 00,000,000 | ---D | C] -- C:\pastori
[2009/07/15 05:15:07 | 01,226,083 | ---- | C] () -- C:\smod_testmap.vmf
[2009/07/15 05:15:07 | 00,499,482 | ---- | C] () -- C:\traincar.vmf
[2009/07/15 05:15:07 | 00,075,235 | ---- | C] () -- C:\Untitled - Textured Shaded.vmf
[2009/07/15 05:15:07 | 00,019,029 | ---- | C] () -- C:\teleporttest.vmf
[2009/07/15 05:15:07 | 00,000,000 | ---D | C] -- C:\Brian's Backups
[2009/07/15 05:14:21 | 00,000,000 | ---D | C] -- C:\Terminal Velocity
[2009/07/15 05:09:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2009/07/15 04:52:02 | 00,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/07/15 04:52:02 | 00,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/07/15 04:52:01 | 00,000,087 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:50:59 | 01,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2009/07/15 04:50:59 | 00,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2009/07/15 04:50:58 | 00,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/15 04:50:58 | 00,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2009/07/15 04:50:58 | 00,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2009/07/15 04:50:58 | 00,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2009/07/15 04:50:57 | 02,898,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/15 04:50:57 | 02,657,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/15 04:50:57 | 01,169,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/15 04:50:57 | 00,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/15 04:50:57 | 00,051,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2009/07/15 04:50:56 | 00,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2009/07/15 04:50:55 | 01,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2009/07/15 04:50:55 | 00,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2009/07/15 04:50:55 | 00,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2009/07/15 04:50:54 | 00,160,256 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2009/07/15 04:50:54 | 00,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2009/07/15 04:50:54 | 00,125,952 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2009/07/15 04:50:54 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/07/15 04:50:54 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/07/15 04:50:49 | 00,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2009/07/15 04:50:49 | 00,000,000 | -H-D | C] -- C:\Program Files\Temp
[2009/07/15 04:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2009/07/15 04:04:11 | 00,000,000 | ---D | C] -- C:\ProgramData\ATI
[2009/07/15 03:46:41 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009/07/15 03:43:53 | 00,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:43:37 | 21,459,68128 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Windows\twain_32
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Photo Gallery
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/07/15 03:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Calendar
[2009/07/15 03:39:35 | 00,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2009/07/15 03:39:32 | 01,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/07/15 03:37:59 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009/07/15 03:37:59 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/07/15 03:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/15 03:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/07/15 03:36:54 | 00,000,000 | ---D | C] -- C:\ATI
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/07/15 03:28:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/07/15 03:28:50 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/07/15 03:28:42 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/07/15 03:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/07/15 03:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/07/15 03:28:17 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/07/15 03:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/07/15 03:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/07/15 03:27:34 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/07/15 03:23:09 | 00,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/07/15 03:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/07/15 03:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/07/15 03:08:22 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/07/15 03:08:21 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2009/07/15 03:07:07 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\.purple
[2009/07/15 03:06:56 | 00,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2009/07/15 03:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2009/07/15 03:06:22 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/15 03:05:48 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/07/15 03:05:48 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/07/15 03:05:48 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/07/15 03:05:48 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/07/15 03:05:42 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/07/15 03:05:42 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/07/15 03:05:42 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/07/15 03:05:39 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/07/15 03:05:39 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/07/15 02:59:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/07/15 02:58:11 | 01,759,945 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/15 02:58:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2009/07/15 02:37:05 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/07/15 02:36:44 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/07/15 02:35:02 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/07/15 02:35:02 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/07/15 02:35:02 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/07/15 02:35:01 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/07/15 02:35:01 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/07/15 02:35:01 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwServiceExt.dll
[2009/07/15 02:35:01 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwSceExt.dll
[2009/07/15 02:35:01 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwRegistryExt.dll
[2009/07/15 02:35:01 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCWViewer.exe
[2009/07/15 02:35:00 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/07/15 02:35:00 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsopprov.exe
[2009/07/15 02:35:00 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/07/15 02:34:59 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/07/15 02:34:59 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/07/15 02:34:59 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/07/15 02:34:59 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/07/15 02:34:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/07/15 02:34:59 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/07/15 02:34:59 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/07/15 02:34:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2009/07/15 02:34:58 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/07/15 02:34:58 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/07/15 02:34:58 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
quiestbml
2009-07-26, 19:16
[2009/07/15 02:34:58 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/07/15 02:34:58 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/07/15 02:34:57 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCW.exe
[2009/07/15 02:34:57 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengf.dll
[2009/07/15 02:34:57 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwFirewallExt.dll
[2009/07/15 02:34:57 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/07/15 02:34:57 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengb.dll
[2009/07/15 02:34:57 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/07/15 02:34:57 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwcmd.exe
[2009/07/15 02:34:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwAuditExt.dll
[2009/07/15 02:34:57 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwhlp.dll
[2009/07/15 02:34:57 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scss.exe
[2009/07/15 02:34:57 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scshost.exe
[2009/07/15 02:34:56 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/07/15 02:34:56 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/07/15 02:34:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/15 02:34:54 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/07/15 02:34:54 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/07/15 02:34:54 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/07/15 02:34:53 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/07/15 02:34:53 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/15 02:34:53 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/07/15 02:34:51 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/07/15 02:34:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/07/15 02:34:50 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/15 02:34:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/07/15 02:34:49 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/07/15 02:34:49 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/07/15 02:34:49 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/15 02:34:49 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/07/15 02:34:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/07/15 02:34:49 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/07/15 02:34:49 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/07/15 02:34:49 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/15 02:34:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/07/15 02:34:49 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/07/15 02:34:48 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/07/15 02:34:48 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/07/15 02:34:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/07/15 02:34:48 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/07/15 02:34:48 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/15 02:34:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/15 02:34:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/07/15 02:34:46 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/07/15 02:34:45 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/15 02:34:45 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/15 02:34:45 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/07/15 02:34:44 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/07/15 02:34:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/07/15 02:34:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/07/15 02:34:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/07/15 02:34:43 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/15 02:34:43 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/15 02:34:41 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/15 02:34:41 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2009/07/15 02:34:38 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/15 02:34:38 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/07/15 02:34:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/07/15 02:34:37 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/07/15 02:34:37 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/15 02:34:36 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/07/15 02:34:36 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/07/15 02:34:36 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/15 02:34:36 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/07/15 02:34:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/07/15 02:34:36 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/07/15 02:34:35 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/07/15 02:34:35 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/07/15 02:34:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/15 02:34:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/15 02:34:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/07/15 02:34:32 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/15 02:34:32 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/15 02:34:32 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/07/15 02:34:31 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/07/15 02:34:31 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/07/15 02:34:31 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/07/15 02:34:31 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/07/15 02:34:31 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/07/15 02:34:31 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/07/15 02:34:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/15 02:34:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/07/15 02:34:30 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/07/15 02:34:30 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/07/15 02:34:30 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/07/15 02:34:30 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/07/15 02:34:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasuser.dll
[2009/07/15 02:34:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/07/15 02:34:30 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/07/15 02:34:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/07/15 02:34:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/07/15 02:34:29 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/15 02:34:29 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/07/15 02:34:29 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/15 02:34:29 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/07/15 02:34:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/07/15 02:34:29 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/15 02:34:29 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/15 02:34:28 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/07/15 02:34:28 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2009/07/15 02:34:28 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/07/15 02:34:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2009/07/15 02:34:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/07/15 02:34:28 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/07/15 02:34:28 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/07/15 02:34:28 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/07/15 02:34:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/07/15 02:34:27 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/15 02:34:27 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/07/15 02:34:27 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2009/07/15 02:34:27 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/07/15 02:34:27 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/07/15 02:34:27 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2009/07/15 02:34:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/07/15 02:34:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/07/15 02:34:27 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/15 02:34:26 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/07/15 02:34:26 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/15 02:34:26 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/07/15 02:34:26 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/15 02:34:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/15 02:34:25 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/15 02:34:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/07/15 02:34:22 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/07/15 02:34:21 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/07/15 02:34:21 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/07/15 02:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/07/15 02:34:20 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/07/15 02:34:20 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/07/15 02:34:19 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/07/15 02:34:16 | 00,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerUnifiedOptin.dll
[2009/07/15 02:34:16 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerWerOptinGui.dll
[2009/07/15 02:34:16 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/15 02:34:16 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerCeipOptinGui.dll
[2009/07/15 02:34:13 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/15 02:34:13 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/07/15 02:34:12 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/07/15 02:34:12 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/07/15 02:34:11 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/15 02:34:11 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/07/15 02:34:11 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SeVA.dll
[2009/07/15 02:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/07/15 02:34:04 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/07/15 02:34:04 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/07/15 02:34:02 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/15 02:34:02 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/07/15 02:34:02 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapahost.dll
[2009/07/15 02:34:02 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/07/15 02:34:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/07/15 02:34:00 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/15 02:34:00 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/07/15 02:34:00 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapa3hst.dll
[2009/07/15 02:34:00 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/07/15 02:34:00 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapacfg.dll
[2009/07/15 02:34:00 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/07/15 02:34:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/15 02:33:59 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/07/15 02:33:59 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/07/15 02:33:59 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/07/15 02:33:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/07/15 02:33:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/07/15 02:33:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/07/15 02:33:58 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/15 02:33:58 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/07/15 02:33:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\escUnattend.exe
[2009/07/15 02:33:57 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2009/07/15 02:33:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/15 02:33:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/07/15 02:33:55 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/15 02:33:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 02:33:55 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/07/15 02:33:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/07/15 02:33:55 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EscMigPlugin.dll
[2009/07/15 02:33:54 | 00,355,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskshadow.exe
[2009/07/15 02:33:54 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/07/15 02:33:54 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/15 02:33:54 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/07/15 02:33:54 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/07/15 02:33:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/07/15 02:33:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/07/15 02:33:53 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/15 02:33:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/07/15 02:33:52 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/15 02:33:51 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/15 02:33:51 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/07/15 02:33:51 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/07/15 02:33:51 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/07/15 02:33:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/07/15 02:33:51 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/07/15 02:33:50 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/07/15 02:33:50 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/07/15 02:33:50 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/15 02:33:49 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/15 02:33:49 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/15 02:33:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/07/15 02:33:48 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/15 02:33:48 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/07/15 02:33:48 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/07/15 02:33:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/07/15 02:33:48 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/07/15 02:33:46 | 00,637,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2009/07/15 02:33:46 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/07/15 02:33:46 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/07/15 02:33:46 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/07/15 02:33:46 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/15 02:33:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/07/15 02:33:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/07/15 02:33:46 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/07/15 02:33:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/15 02:33:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/15 02:33:46 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/07/15 02:33:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/07/15 02:33:45 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/07/15 02:33:45 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/07/15 02:33:45 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/07/15 02:33:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/07/15 02:33:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/07/15 02:33:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/07/15 02:33:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/07/15 02:33:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/07/15 02:33:44 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/15 02:33:44 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FCMgrDLL.dll
[2009/07/15 02:33:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/07/15 02:33:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/07/15 02:33:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/07/15 02:33:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/07/15 02:33:43 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/07/15 02:33:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/07/15 02:33:43 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/07/15 02:33:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/07/15 02:33:43 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/07/15 02:33:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/07/15 02:33:42 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/15 02:33:35 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/07/15 02:33:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/07/15 02:33:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/07/15 02:33:33 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/07/15 02:33:33 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/07/15 02:33:33 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/07/15 02:33:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/15 02:33:32 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/15 02:33:32 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/07/15 02:33:32 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/07/15 02:33:31 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/07/15 02:33:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/07/15 02:33:31 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/15 02:33:31 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/07/15 02:33:31 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/07/15 02:33:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/07/15 02:33:31 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 02:33:30 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/07/15 02:33:30 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/07/15 02:33:30 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/07/15 02:33:30 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/07/15 02:33:30 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avolprop.dll
[2009/07/15 02:33:27 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/15 02:33:24 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll.old
[2009/07/15 02:33:24 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/07/15 02:33:24 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/07/15 02:33:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/07/15 02:33:23 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/07/15 02:33:23 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/07/15 02:33:23 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/07/15 02:33:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/07/15 02:33:23 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/15 02:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/07/15 02:33:22 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/07/15 02:33:21 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveSockets.dll
[2009/07/15 02:33:21 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/07/15 02:33:18 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/07/15 02:33:17 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/07/15 02:33:17 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/07/15 02:33:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/15 02:33:16 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/07/15 02:33:16 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/07/15 02:33:16 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll
[2009/07/15 02:33:16 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/07/15 02:33:15 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/07/15 02:33:14 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/07/15 02:33:14 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/07/15 02:33:14 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/07/15 02:33:14 | 00,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComplianceExtensions.dll
[2009/07/15 02:33:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/07/15 02:33:14 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/07/15 02:33:13 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/15 02:33:13 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/15 02:33:13 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/07/15 02:33:12 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/07/15 02:33:11 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/07/15 02:33:10 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/07/15 02:33:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/07/15 02:33:10 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/07/15 02:33:09 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/07/15 02:33:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcpromo.exe
[2009/07/15 02:33:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/07/15 02:33:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcgpofix.exe
[2009/07/15 02:33:08 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/07/15 02:33:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/07/15 02:33:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/07/15 02:33:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/07/15 02:33:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/07/15 02:33:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/07/15 02:33:07 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/07/15 02:33:07 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/07/15 02:33:07 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/07/15 02:33:07 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/07/15 02:33:07 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/07/15 02:33:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/07/15 02:33:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/07/15 02:33:06 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
[2009/07/15 02:33:06 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscsvc.dll
[2009/07/15 02:33:06 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certadm.dll
[2009/07/15 02:33:06 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceipdata.exe
[2009/07/15 02:33:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.dll
[2009/07/15 02:33:06 | 00,075,066 | -H-- | C] () -- C:\Windows\System32\ceipdata.xml
[2009/07/15 02:33:06 | 00,071,626 | -H-- | C] () -- C:\Windows\System32\ceiprole.xml
[2009/07/15 02:33:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/15 02:33:06 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.exe
[2009/07/15 02:33:05 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/07/15 02:33:05 | 00,489,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certocm.dll
[2009/07/15 02:33:05 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/07/15 02:33:05 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/15 02:33:04 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/07/15 02:33:04 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/07/15 02:33:04 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/07/15 02:33:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/07/15 02:33:04 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/07/15 02:33:03 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/07/15 02:33:02 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/07/15 02:33:02 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/15 02:33:02 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/07/15 02:33:02 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/07/15 02:33:02 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/07/15 02:33:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/07/15 02:33:01 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/07/15 02:33:01 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/15 02:33:00 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/07/15 02:33:00 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/07/15 02:32:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/07/15 02:32:58 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/07/15 02:32:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/07/15 02:32:57 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/07/15 02:32:56 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/15 02:32:56 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/07/15 02:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/15 02:32:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/07/15 02:32:55 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/07/15 02:32:55 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/15 02:32:55 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/07/15 02:32:55 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/07/15 02:32:55 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/07/15 02:32:55 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/07/15 02:32:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/15 02:32:54 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/15 02:32:53 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/07/15 02:32:53 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/15 02:32:49 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/07/15 02:32:49 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/15 02:32:49 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/07/15 02:32:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/07/15 02:32:49 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/07/15 02:32:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/07/15 02:32:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/07/15 02:32:47 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/15 02:32:47 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/07/15 02:32:46 | 00,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprsnap.dll
[2009/07/15 02:32:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/07/15 02:32:45 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/07/15 02:32:45 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/07/15 02:32:44 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/07/15 02:32:41 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/07/15 02:32:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/07/15 02:32:40 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/15 02:32:40 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/15 02:32:40 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/15 02:32:40 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/15 02:32:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/15 02:32:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/15 02:32:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/15 02:32:39 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/07/15 02:32:38 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/15 02:32:37 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/07/15 02:32:37 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/07/15 02:32:37 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/07/15 02:32:37 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/07/15 02:32:37 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/07/15 02:32:37 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/07/15 02:32:37 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/07/15 02:32:35 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/07/15 02:32:35 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/07/15 02:32:35 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/15 02:32:35 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/07/15 02:32:34 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/07/15 02:32:26 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/15 02:32:24 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/15 02:32:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/07/15 02:32:22 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/15 02:32:16 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/07/15 02:32:16 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/07/15 02:32:16 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/07/15 02:32:15 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/07/15 02:32:15 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/07/15 02:32:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/07/15 02:32:13 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/07/15 02:32:13 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/07/15 02:32:13 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/07/15 02:32:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/07/15 02:32:13 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/15 02:32:13 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/07/15 02:32:13 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/07/15 02:32:12 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/07/15 02:32:12 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/07/15 02:32:12 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/07/15 02:32:12 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/07/15 02:32:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/07/15 02:32:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/07/15 02:32:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/07/15 02:32:11 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/07/15 02:32:11 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/07/15 02:32:11 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/07/15 02:32:11 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/07/15 02:32:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/07/15 02:32:10 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/07/15 02:32:10 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/07/15 02:32:10 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/07/15 02:32:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/07/15 02:32:10 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/07/15 02:32:10 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmmc.dll
[2009/07/15 02:32:10 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/07/15 02:32:10 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmhst.dll
[2009/07/15 02:32:08 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/15 02:32:08 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/07/15 02:32:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/15 02:32:08 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/15 02:32:08 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/07/15 02:32:08 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/07/15 02:32:08 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/07/15 02:32:07 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/15 02:32:06 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/07/15 02:32:05 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/15 02:32:05 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/15 02:32:04 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/07/15 02:32:02 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/07/15 02:32:01 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/15 02:32:01 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/07/15 02:32:01 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/15 02:32:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSNSMgrDLL.dll
[2009/07/15 02:32:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSCSIMgrDLL.dll
[2009/07/15 02:32:01 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/15 02:32:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/07/15 02:32:00 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/07/15 02:31:59 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/07/15 02:31:59 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/15 02:31:59 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/15 02:31:59 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/07/15 02:31:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/07/15 02:31:58 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/15 02:31:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/15 02:31:57 | 00,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/15 02:31:57 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/07/15 02:31:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/15 02:31:57 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/07/15 02:31:57 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/07/15 02:31:57 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/15 02:31:57 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/07/15 02:31:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/07/15 02:31:57 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/07/15 02:31:57 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/15 02:31:56 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/15 02:31:54 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/15 02:31:53 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/07/15 02:31:52 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/07/15 02:31:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/07/15 02:31:52 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/07/15 02:31:51 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/07/15 02:31:51 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/07/15 02:31:48 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/07/15 02:31:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/15 02:31:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/15 02:31:47 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/07/15 02:31:47 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/15 02:31:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/15 02:31:46 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/07/15 02:31:44 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/07/15 02:31:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/07/15 02:31:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/07/15 02:31:41 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/07/15 02:31:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/07/15 02:31:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/07/15 02:31:40 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/07/15 02:31:40 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/07/15 02:31:38 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/07/15 02:31:38 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/07/15 02:31:38 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktpass.exe
[2009/07/15 02:31:38 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/07/15 02:31:37 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/07/15 02:31:35 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/15 02:31:35 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/07/15 02:31:34 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/07/15 02:31:34 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/15 02:31:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/15 02:31:33 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/15 02:31:33 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/15 02:31:33 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/07/15 02:31:33 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/07/15 02:31:31 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/15 02:31:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/15 02:31:30 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/07/15 02:31:27 | 03,667,200 | ---- | C] () -- C:\Windows\System32\loc2008.nls
[2009/07/15 02:31:26 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/15 02:31:26 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/07/15 02:31:25 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/15 02:31:25 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/07/15 02:31:25 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/07/15 02:31:24 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/07/15 02:31:24 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/15 02:31:24 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/15 02:31:24 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/07/15 02:31:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/07/15 02:31:23 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/07/15 02:31:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/07/15 02:31:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/07/15 02:31:21 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/15 02:31:21 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/15 02:31:21 | 00,333,257 | RHS- | C] () -- C:\bootmgr
[2009/07/15 02:31:20 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/07/15 02:31:19 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/15 02:31:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/07/15 02:31:16 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/07/15 02:31:16 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/15 02:31:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/07/15 02:31:15 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/07/15 02:31:15 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/07/15 02:31:15 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/07/15 02:31:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/07/15 02:31:14 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/15 02:31:13 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/07/15 02:31:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/07/15 02:31:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/07/15 02:31:12 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/15 02:31:12 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/07/15 02:31:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/07/15 02:31:11 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/15 02:31:11 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/07/15 02:31:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/15 02:31:11 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/07/15 02:31:11 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/15 02:31:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/07/15 02:31:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/07/15 02:31:10 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/07/15 02:31:10 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/07/15 02:31:10 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/07/15 02:31:09 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/07/15 02:31:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/07/15 02:31:08 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/07/15 02:31:08 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Volshext.dll
[2009/07/15 02:31:07 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/07/15 02:31:07 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/07/15 02:31:07 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/07/15 02:31:07 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/15 02:31:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUI.dll
[2009/07/15 02:31:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUIRUN.exe
[2009/07/15 02:31:05 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/07/15 02:31:05 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/07/15 02:31:05 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/07/15 02:31:05 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/07/15 02:31:04 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/07/15 02:31:04 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/07/15 02:31:03 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/07/15 02:31:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/07/15 02:31:02 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/15 02:31:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/07/15 02:31:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/07/15 02:30:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/07/15 02:30:58 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/07/15 02:30:57 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/07/15 02:30:57 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/07/15 02:30:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/15 02:30:57 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/07/15 02:30:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/15 02:30:57 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/07/15 02:30:56 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
quiestbml
2009-07-26, 19:18
[2009/07/15 02:34:58 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/07/15 02:34:58 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/07/15 02:34:57 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCW.exe
[2009/07/15 02:34:57 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengf.dll
[2009/07/15 02:34:57 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwFirewallExt.dll
[2009/07/15 02:34:57 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/07/15 02:34:57 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwengb.dll
[2009/07/15 02:34:57 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/07/15 02:34:57 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwcmd.exe
[2009/07/15 02:34:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ScwAuditExt.dll
[2009/07/15 02:34:57 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scwhlp.dll
[2009/07/15 02:34:57 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scss.exe
[2009/07/15 02:34:57 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scshost.exe
[2009/07/15 02:34:56 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/07/15 02:34:56 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/07/15 02:34:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/07/15 02:34:54 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/07/15 02:34:54 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/07/15 02:34:54 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/07/15 02:34:53 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/07/15 02:34:53 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/07/15 02:34:53 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/07/15 02:34:51 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/07/15 02:34:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/07/15 02:34:50 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/07/15 02:34:50 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/07/15 02:34:49 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/07/15 02:34:49 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/07/15 02:34:49 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/07/15 02:34:49 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/07/15 02:34:49 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/07/15 02:34:49 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/07/15 02:34:49 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/07/15 02:34:49 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/07/15 02:34:49 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/07/15 02:34:49 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciide.sys
[2009/07/15 02:34:48 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/07/15 02:34:48 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/07/15 02:34:48 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/07/15 02:34:48 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/07/15 02:34:48 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/07/15 02:34:48 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/07/15 02:34:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/07/15 02:34:46 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/07/15 02:34:45 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/07/15 02:34:45 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/07/15 02:34:45 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/07/15 02:34:44 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/07/15 02:34:44 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/07/15 02:34:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/07/15 02:34:44 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/07/15 02:34:43 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/07/15 02:34:43 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/07/15 02:34:41 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/07/15 02:34:41 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2009/07/15 02:34:38 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/07/15 02:34:38 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/07/15 02:34:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/07/15 02:34:37 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/07/15 02:34:37 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/07/15 02:34:36 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/07/15 02:34:36 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/07/15 02:34:36 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/15 02:34:36 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/07/15 02:34:36 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/07/15 02:34:36 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/07/15 02:34:35 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/07/15 02:34:35 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/07/15 02:34:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/07/15 02:34:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/15 02:34:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/07/15 02:34:32 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/07/15 02:34:32 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/07/15 02:34:32 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/07/15 02:34:31 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/07/15 02:34:31 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/07/15 02:34:31 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/07/15 02:34:31 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/07/15 02:34:31 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/07/15 02:34:31 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/07/15 02:34:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/07/15 02:34:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/07/15 02:34:30 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/07/15 02:34:30 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/07/15 02:34:30 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/07/15 02:34:30 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/07/15 02:34:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasuser.dll
[2009/07/15 02:34:30 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/07/15 02:34:30 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/07/15 02:34:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/07/15 02:34:30 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/07/15 02:34:29 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/07/15 02:34:29 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/07/15 02:34:29 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/07/15 02:34:29 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/07/15 02:34:29 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/07/15 02:34:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/07/15 02:34:29 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/15 02:34:29 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/15 02:34:28 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/07/15 02:34:28 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2009/07/15 02:34:28 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/07/15 02:34:28 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2009/07/15 02:34:28 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/07/15 02:34:28 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/07/15 02:34:28 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/07/15 02:34:28 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/07/15 02:34:28 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/07/15 02:34:27 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/07/15 02:34:27 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/07/15 02:34:27 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpdr.sys
[2009/07/15 02:34:27 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/07/15 02:34:27 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/07/15 02:34:27 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2009/07/15 02:34:27 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/07/15 02:34:27 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/07/15 02:34:27 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/07/15 02:34:26 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/07/15 02:34:26 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/07/15 02:34:26 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/07/15 02:34:26 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/07/15 02:34:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/07/15 02:34:25 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/07/15 02:34:25 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/07/15 02:34:22 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/07/15 02:34:21 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/07/15 02:34:21 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/07/15 02:34:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/07/15 02:34:20 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/07/15 02:34:20 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/07/15 02:34:19 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/07/15 02:34:16 | 00,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerUnifiedOptin.dll
[2009/07/15 02:34:16 | 00,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerWerOptinGui.dll
[2009/07/15 02:34:16 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/07/15 02:34:16 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ServerCeipOptinGui.dll
[2009/07/15 02:34:13 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/07/15 02:34:13 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/07/15 02:34:12 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/07/15 02:34:12 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/07/15 02:34:11 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/07/15 02:34:11 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/07/15 02:34:11 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SeVA.dll
[2009/07/15 02:34:11 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/07/15 02:34:04 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/07/15 02:34:04 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/07/15 02:34:02 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/15 02:34:02 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/07/15 02:34:02 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapahost.dll
[2009/07/15 02:34:02 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/07/15 02:34:01 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/07/15 02:34:00 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/07/15 02:34:00 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/07/15 02:34:00 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapa3hst.dll
[2009/07/15 02:34:00 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/07/15 02:34:00 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapacfg.dll
[2009/07/15 02:34:00 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/07/15 02:34:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/07/15 02:33:59 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/07/15 02:33:59 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/07/15 02:33:59 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/07/15 02:33:59 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/07/15 02:33:59 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/07/15 02:33:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/07/15 02:33:58 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/07/15 02:33:58 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/07/15 02:33:58 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\escUnattend.exe
[2009/07/15 02:33:57 | 00,133,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extmgr.dll
[2009/07/15 02:33:57 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/07/15 02:33:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/07/15 02:33:55 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/07/15 02:33:55 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 02:33:55 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/07/15 02:33:55 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/07/15 02:33:55 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EscMigPlugin.dll
[2009/07/15 02:33:54 | 00,355,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskshadow.exe
[2009/07/15 02:33:54 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/07/15 02:33:54 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/07/15 02:33:54 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/07/15 02:33:54 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/07/15 02:33:54 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/07/15 02:33:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/07/15 02:33:53 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/07/15 02:33:53 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/07/15 02:33:52 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/07/15 02:33:51 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/15 02:33:51 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/07/15 02:33:51 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/07/15 02:33:51 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/07/15 02:33:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/07/15 02:33:51 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/07/15 02:33:50 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/07/15 02:33:50 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/07/15 02:33:50 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/07/15 02:33:49 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/07/15 02:33:49 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/07/15 02:33:49 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/07/15 02:33:48 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/07/15 02:33:48 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys
[2009/07/15 02:33:48 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/07/15 02:33:48 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/07/15 02:33:48 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/07/15 02:33:46 | 00,637,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2009/07/15 02:33:46 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/07/15 02:33:46 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/07/15 02:33:46 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/07/15 02:33:46 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/15 02:33:46 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/07/15 02:33:46 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/07/15 02:33:46 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/07/15 02:33:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/07/15 02:33:46 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/07/15 02:33:46 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/07/15 02:33:46 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/07/15 02:33:45 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/07/15 02:33:45 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/07/15 02:33:45 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/07/15 02:33:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/07/15 02:33:45 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/07/15 02:33:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/07/15 02:33:45 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/07/15 02:33:44 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/07/15 02:33:44 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/07/15 02:33:44 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FCMgrDLL.dll
[2009/07/15 02:33:44 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/07/15 02:33:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/07/15 02:33:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/07/15 02:33:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/07/15 02:33:43 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/07/15 02:33:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/07/15 02:33:43 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/07/15 02:33:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/07/15 02:33:43 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/07/15 02:33:43 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/07/15 02:33:42 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/07/15 02:33:35 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/07/15 02:33:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/07/15 02:33:34 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/07/15 02:33:33 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/07/15 02:33:33 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/07/15 02:33:33 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/07/15 02:33:33 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/07/15 02:33:32 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/07/15 02:33:32 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/07/15 02:33:32 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/07/15 02:33:31 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/07/15 02:33:31 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/07/15 02:33:31 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/07/15 02:33:31 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/07/15 02:33:31 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/07/15 02:33:31 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/07/15 02:33:31 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 02:33:30 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/07/15 02:33:30 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/07/15 02:33:30 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/07/15 02:33:30 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/07/15 02:33:30 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avolprop.dll
[2009/07/15 02:33:27 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/07/15 02:33:24 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll.old
[2009/07/15 02:33:24 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/07/15 02:33:24 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/07/15 02:33:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/07/15 02:33:23 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/07/15 02:33:23 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/07/15 02:33:23 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/07/15 02:33:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/07/15 02:33:23 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/07/15 02:33:23 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/07/15 02:33:22 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/07/15 02:33:21 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveSockets.dll
[2009/07/15 02:33:21 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/07/15 02:33:18 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/07/15 02:33:17 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/07/15 02:33:17 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/07/15 02:33:17 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/07/15 02:33:16 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/07/15 02:33:16 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/07/15 02:33:16 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgmts.dll
[2009/07/15 02:33:16 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/07/15 02:33:15 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/07/15 02:33:14 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/07/15 02:33:14 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/07/15 02:33:14 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/07/15 02:33:14 | 00,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComplianceExtensions.dll
[2009/07/15 02:33:14 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/07/15 02:33:14 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/07/15 02:33:13 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/07/15 02:33:13 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/07/15 02:33:13 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/07/15 02:33:12 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/07/15 02:33:11 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/07/15 02:33:10 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/07/15 02:33:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/07/15 02:33:10 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/07/15 02:33:09 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/07/15 02:33:09 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcpromo.exe
[2009/07/15 02:33:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/07/15 02:33:09 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dcgpofix.exe
[2009/07/15 02:33:08 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/07/15 02:33:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/07/15 02:33:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/07/15 02:33:08 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/07/15 02:33:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/07/15 02:33:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/07/15 02:33:07 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/07/15 02:33:07 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys
[2009/07/15 02:33:07 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/07/15 02:33:07 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/07/15 02:33:07 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/07/15 02:33:07 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/07/15 02:33:07 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/07/15 02:33:06 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscui.dll
[2009/07/15 02:33:06 | 00,491,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscsvc.dll
[2009/07/15 02:33:06 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certadm.dll
[2009/07/15 02:33:06 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceipdata.exe
[2009/07/15 02:33:06 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.dll
[2009/07/15 02:33:06 | 00,075,066 | -H-- | C] () -- C:\Windows\System32\ceipdata.xml
[2009/07/15 02:33:06 | 00,071,626 | -H-- | C] () -- C:\Windows\System32\ceiprole.xml
[2009/07/15 02:33:06 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/07/15 02:33:06 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ceiprole.exe
[2009/07/15 02:33:05 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/07/15 02:33:05 | 00,489,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certocm.dll
[2009/07/15 02:33:05 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/07/15 02:33:05 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/15 02:33:04 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/07/15 02:33:04 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/07/15 02:33:04 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/07/15 02:33:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/07/15 02:33:04 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/07/15 02:33:03 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/07/15 02:33:02 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/07/15 02:33:02 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/07/15 02:33:02 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/07/15 02:33:02 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/07/15 02:33:02 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/07/15 02:33:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/07/15 02:33:01 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/07/15 02:33:01 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/15 02:33:00 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/07/15 02:33:00 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/07/15 02:32:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/07/15 02:32:58 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/07/15 02:32:58 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/07/15 02:32:57 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/07/15 02:32:56 | 00,461,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/15 02:32:56 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/07/15 02:32:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/15 02:32:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/07/15 02:32:55 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/07/15 02:32:55 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/07/15 02:32:55 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/07/15 02:32:55 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/07/15 02:32:55 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/07/15 02:32:55 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/07/15 02:32:55 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/07/15 02:32:54 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/15 02:32:53 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/07/15 02:32:53 | 00,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/15 02:32:49 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/07/15 02:32:49 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/07/15 02:32:49 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/07/15 02:32:49 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/07/15 02:32:49 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/07/15 02:32:49 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/07/15 02:32:48 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/07/15 02:32:47 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/07/15 02:32:47 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/07/15 02:32:46 | 00,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprsnap.dll
[2009/07/15 02:32:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/07/15 02:32:45 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/07/15 02:32:45 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/07/15 02:32:44 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/07/15 02:32:41 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/07/15 02:32:41 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/07/15 02:32:40 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/07/15 02:32:40 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/07/15 02:32:40 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/07/15 02:32:40 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/07/15 02:32:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/07/15 02:32:39 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/07/15 02:32:39 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/07/15 02:32:39 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/07/15 02:32:38 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/07/15 02:32:37 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/07/15 02:32:37 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/07/15 02:32:37 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/07/15 02:32:37 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/07/15 02:32:37 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/07/15 02:32:37 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/07/15 02:32:37 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/07/15 02:32:35 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/07/15 02:32:35 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/07/15 02:32:35 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/07/15 02:32:35 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/07/15 02:32:34 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/07/15 02:32:26 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/07/15 02:32:24 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/07/15 02:32:24 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/07/15 02:32:22 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/07/15 02:32:16 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/07/15 02:32:16 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/07/15 02:32:16 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/07/15 02:32:15 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/07/15 02:32:15 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/07/15 02:32:15 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/07/15 02:32:13 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/07/15 02:32:13 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/07/15 02:32:13 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/07/15 02:32:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/07/15 02:32:13 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/15 02:32:13 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/07/15 02:32:13 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/07/15 02:32:12 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/07/15 02:32:12 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/07/15 02:32:12 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/07/15 02:32:12 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/07/15 02:32:12 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/07/15 02:32:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/07/15 02:32:12 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/07/15 02:32:11 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/07/15 02:32:11 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/07/15 02:32:11 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/07/15 02:32:11 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/07/15 02:32:11 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/07/15 02:32:10 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/07/15 02:32:10 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/07/15 02:32:10 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/07/15 02:32:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/07/15 02:32:10 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/07/15 02:32:10 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmmc.dll
[2009/07/15 02:32:10 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/07/15 02:32:10 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsmhst.dll
[2009/07/15 02:32:08 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/07/15 02:32:08 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/07/15 02:32:08 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/15 02:32:08 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/07/15 02:32:08 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/07/15 02:32:08 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/07/15 02:32:08 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/07/15 02:32:07 | 01,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/15 02:32:06 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/07/15 02:32:05 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/07/15 02:32:05 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/07/15 02:32:04 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/07/15 02:32:02 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/07/15 02:32:01 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/15 02:32:01 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/07/15 02:32:01 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/07/15 02:32:01 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSNSMgrDLL.dll
[2009/07/15 02:32:01 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iSCSIMgrDLL.dll
quiestbml
2009-07-26, 19:20
[2009/07/15 02:32:01 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/15 02:32:01 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/07/15 02:32:00 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/07/15 02:31:59 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/07/15 02:31:59 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/15 02:31:59 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/07/15 02:31:59 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/07/15 02:31:59 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/07/15 02:31:58 | 06,079,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/15 02:31:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/07/15 02:31:57 | 00,398,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/15 02:31:57 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/07/15 02:31:57 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/15 02:31:57 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/07/15 02:31:57 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/07/15 02:31:57 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/07/15 02:31:57 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/07/15 02:31:57 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/07/15 02:31:57 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/07/15 02:31:57 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/07/15 02:31:56 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/15 02:31:54 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/15 02:31:53 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/07/15 02:31:52 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/07/15 02:31:52 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/07/15 02:31:52 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/07/15 02:31:51 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/07/15 02:31:51 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/07/15 02:31:48 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/07/15 02:31:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/07/15 02:31:47 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/07/15 02:31:47 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/07/15 02:31:47 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/07/15 02:31:47 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/07/15 02:31:46 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/07/15 02:31:44 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/07/15 02:31:44 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/07/15 02:31:42 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/07/15 02:31:41 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/07/15 02:31:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/07/15 02:31:41 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/07/15 02:31:40 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/07/15 02:31:40 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/07/15 02:31:38 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/07/15 02:31:38 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/07/15 02:31:38 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktpass.exe
[2009/07/15 02:31:38 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/07/15 02:31:37 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/07/15 02:31:35 | 11,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2009/07/15 02:31:35 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/07/15 02:31:34 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/07/15 02:31:34 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/07/15 02:31:34 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/07/15 02:31:33 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/07/15 02:31:33 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/07/15 02:31:33 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/07/15 02:31:33 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/07/15 02:31:31 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/07/15 02:31:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/07/15 02:31:30 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/07/15 02:31:27 | 03,667,200 | ---- | C] () -- C:\Windows\System32\loc2008.nls
[2009/07/15 02:31:26 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/15 02:31:26 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2009/07/15 02:31:25 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/07/15 02:31:25 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/07/15 02:31:25 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/07/15 02:31:24 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/07/15 02:31:24 | 00,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/15 02:31:24 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/07/15 02:31:24 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/07/15 02:31:23 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/07/15 02:31:23 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/07/15 02:31:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/07/15 02:31:22 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/07/15 02:31:21 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/07/15 02:31:21 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/07/15 02:31:21 | 00,333,257 | RHS- | C] () -- C:\bootmgr
[2009/07/15 02:31:20 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/07/15 02:31:19 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/07/15 02:31:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/07/15 02:31:16 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/07/15 02:31:16 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/15 02:31:16 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/07/15 02:31:15 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/07/15 02:31:15 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/07/15 02:31:15 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/07/15 02:31:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/07/15 02:31:14 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/07/15 02:31:13 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/07/15 02:31:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/07/15 02:31:13 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/07/15 02:31:12 | 00,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/15 02:31:12 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/07/15 02:31:12 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/07/15 02:31:11 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/07/15 02:31:11 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/07/15 02:31:11 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/07/15 02:31:11 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/07/15 02:31:11 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/07/15 02:31:11 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/07/15 02:31:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbohci.sys
[2009/07/15 02:31:10 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/07/15 02:31:10 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/07/15 02:31:10 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/07/15 02:31:09 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/07/15 02:31:09 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/07/15 02:31:08 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/07/15 02:31:08 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Volshext.dll
[2009/07/15 02:31:07 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/07/15 02:31:07 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/07/15 02:31:07 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/07/15 02:31:07 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/15 02:31:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUI.dll
[2009/07/15 02:31:07 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSUIRUN.exe
[2009/07/15 02:31:05 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/07/15 02:31:05 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/07/15 02:31:05 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/07/15 02:31:05 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/07/15 02:31:04 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/07/15 02:31:04 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/07/15 02:31:03 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/07/15 02:31:03 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/07/15 02:31:02 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/07/15 02:31:01 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/07/15 02:31:00 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/07/15 02:30:58 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/07/15 02:30:58 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/07/15 02:30:57 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/07/15 02:30:57 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/07/15 02:30:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/07/15 02:30:57 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/07/15 02:30:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/07/15 02:30:57 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/07/15 02:30:56 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/15 02:30:56 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/07/15 02:30:56 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/07/15 02:30:56 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/07/15 02:30:56 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/07/15 02:30:56 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/07/15 02:30:56 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/07/15 02:30:55 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/07/15 02:30:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/07/15 02:30:55 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/07/15 02:30:54 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/07/15 02:30:54 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/07/15 02:30:54 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/07/15 02:30:53 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/07/15 02:30:53 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/07/15 02:30:53 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/07/15 02:30:52 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/07/15 02:30:52 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/07/15 02:30:50 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/07/15 02:30:48 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/07/15 02:30:47 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/07/15 02:30:46 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/07/15 02:30:45 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/07/15 02:30:45 | 00,568,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StorExpl.dll
[2009/07/15 02:30:45 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/07/15 02:30:45 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/07/15 02:30:45 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/07/15 02:30:42 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/07/15 02:30:42 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\svrmgrnc.dll
[2009/07/15 02:30:41 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/15 02:30:41 | 00,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmtrace.dll
[2009/07/15 02:30:41 | 00,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/15 02:30:40 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/07/15 02:30:40 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/07/15 02:30:40 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srm.dll
[2009/07/15 02:30:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/07/15 02:30:40 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/07/15 02:30:40 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/07/15 02:30:40 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srmclient.dll
[2009/07/15 02:30:36 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/07/15 02:30:36 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/07/15 02:30:35 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/07/15 02:30:35 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/07/15 02:30:34 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/07/15 02:30:34 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SMEF.dll
[2009/07/15 02:30:33 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/07/15 02:30:33 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/07/15 02:30:33 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/07/15 02:30:33 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/07/15 02:30:33 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/07/15 02:30:33 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/07/15 02:30:32 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/07/15 02:30:32 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll.backup
[2009/07/15 02:30:32 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/07/15 02:30:32 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/07/15 02:30:31 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/07/15 02:30:31 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/07/15 02:30:31 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/15 02:30:31 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/07/15 02:30:31 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/07/15 02:30:31 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/07/15 02:30:30 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/07/15 02:30:30 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/07/15 02:30:30 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/07/15 02:30:30 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/07/15 02:30:30 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/07/15 02:30:30 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/07/15 02:30:30 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/07/15 02:30:28 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/07/15 02:30:27 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/07/15 02:30:27 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/07/15 02:30:27 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/07/15 02:30:27 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/07/15 02:30:27 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/07/15 02:30:27 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/07/15 02:30:26 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/07/15 02:30:26 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/07/15 02:30:26 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/07/15 02:30:25 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2009/07/15 02:30:25 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsuserex.dll
[2009/07/15 02:30:25 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/07/15 02:30:25 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/07/15 02:30:24 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/07/15 02:30:24 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/07/15 02:30:24 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2009/07/15 02:30:24 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBAUDIO.sys
[2009/07/15 02:30:24 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/07/15 02:30:24 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/07/15 02:30:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/07/15 02:30:24 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2009/07/15 02:30:24 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2009/07/15 02:30:24 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/07/15 02:30:24 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSErrRedir.dll
[2009/07/15 02:30:23 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/07/15 02:30:23 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/07/15 02:30:23 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/07/15 02:30:23 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/07/15 02:30:20 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/07/15 02:30:19 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/07/15 02:30:19 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/07/15 02:30:19 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umrdp.dll
[2009/07/15 02:30:19 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/07/15 02:30:18 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/07/15 02:30:18 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/15 02:30:06 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/07/15 02:30:06 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2009/07/15 02:30:06 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/07/15 02:30:06 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2009/07/15 02:30:06 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/07/15 02:30:05 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/07/15 02:30:05 | 00,285,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisnap.dll
[2009/07/15 02:30:05 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/07/15 02:30:05 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/07/15 02:30:05 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/07/15 02:30:05 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/07/15 02:30:04 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll.backup
[2009/07/15 02:30:04 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/07/15 02:30:04 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/07/15 02:30:04 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/07/15 02:30:04 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/07/15 02:30:04 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/07/15 02:30:04 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/07/15 02:30:04 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/07/15 02:18:26 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/15 01:56:35 | 00,048,600 | ---- | C] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/15 01:55:04 | 00,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2009/07/15 01:54:46 | 00,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2009/07/15 01:54:45 | 00,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2009/07/15 01:54:45 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2009/07/15 01:52:29 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009/07/15 01:39:03 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/07/15 01:32:34 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/07/15 00:31:07 | 00,337,216 | ---- | C] (NETGEAR, Inc.) -- C:\Windows\System32\drivers\wg121nd5.sys
[2009/07/01 21:39:09 | 00,095,232 | ---- | C] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/05/15 23:22:51 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/01/19 07:24:26 | 00,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2008/01/19 04:45:57 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2008/01/19 04:45:57 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2008/01/19 00:34:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== Files - Modified Within 30 Days ==========
[1 C:\Windows\System32\drivers\*.tmp files]
[2009/07/26 12:09:48 | 00,657,102 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/26 12:09:48 | 00,571,370 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/26 12:09:48 | 00,092,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/26 12:02:16 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 12:02:16 | 00,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 12:02:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/26 12:01:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/26 12:01:41 | 21,459,68128 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/26 11:59:48 | 00,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2009/07/25 18:55:34 | 00,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/07/25 09:05:48 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/24 17:41:38 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/23 15:23:50 | 00,004,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 13:23:20 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.execf
[2009/07/23 12:39:27 | 02,169,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/23 12:33:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/07/23 12:33:09 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/07/23 12:33:09 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/07/22 23:19:24 | 00,048,600 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/22 18:57:02 | 01,759,945 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/22 13:40:42 | 00,644,907 | R--- | M] () -- C:\crosshairs.zip
[2009/07/22 02:24:16 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/07/21 00:47:35 | 00,000,036 | ---- | M] () -- C:\Windows\Remote Shutdown 2 Professional.xml
[2009/07/20 23:28:13 | 00,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/18 23:55:50 | 00,001,051 | ---- | M] () -- C:\Users\Administrator\Desktop\Crysis.lnk
[2009/07/17 22:06:39 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2009/07/15 19:32:57 | 00,001,723 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Single Player.lnk
[2009/07/15 11:24:01 | 00,002,092 | ---- | M] () -- C:\Users\Public\Desktop\S.T.A.L.K.E.R. - Shadow of Chernobyl.lnk
[2009/07/15 04:52:02 | 00,000,087 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2009/07/15 04:51:00 | 00,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2009/07/15 04:02:46 | 00,000,144 | ---- | M] () -- C:\Windows\win.ini
[2009/07/15 03:43:53 | 00,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2009/07/15 03:41:54 | 00,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/07/15 03:08:22 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/15 03:06:22 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/15 02:31:26 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009/07/15 01:46:34 | 00,046,815 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/06 20:47:56 | 00,551,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2009/07/06 20:47:46 | 01,169,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2009/07/06 20:47:46 | 00,051,744 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2009/07/06 20:47:36 | 00,326,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2009/07/06 20:47:30 | 02,898,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2009/07/06 20:12:50 | 02,657,120 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2009/07/04 03:05:24 | 01,005,997 | ---- | M] () -- C:\city.vmf
[2009/07/03 10:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/07/03 06:18:58 | 13,151,375 | ---- | M] () -- C:\secondaxisdark.psd
[2009/07/01 21:39:12 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress2.doc
[2009/07/01 21:11:30 | 00,095,232 | ---- | M] () -- C:\Users\Administrator\Documents\fourtress.doc
[2009/06/29 15:16:48 | 00,160,256 | ---- | M] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 176 bytes -> C:\Windows\Remote Shutdown 2 Professional.xml:Remote_Shutdown
< End of report >
Sorry, delete reply #21 at the top of this page, it doubleposted, and that post is duplicate.
quiestbml
2009-07-27, 01:59
Malwarebytes' Anti-Malware 1.39
Database version: 2486
Windows 6.0.6002 Service Pack 2
7/26/2009 6:58:10 PM
mbam-log-2009-07-26 (18-58-10).txt
Scan type: Full Scan (C:\|)
Objects scanned: 147055
Time elapsed: 19 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\administrator\Desktop\antimalware\avenger.exe (Trojan.Agnet) -> Quarantined and deleted successfully.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 26, 2009
Operating System: Microsoft Windows Server 2008 Standard Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 26, 2009 19:17:02
Records in database: 2551506
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
Scan statistics:
Files scanned: 67761
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:11:34
No malware has been detected. The scan area is clean.
The selected area was scanned.
Hi,
Locate if present the following file & delete it:
C:\windows\ntbtlog.txt
Restart the computer
Just before the OS loading screen starts hit F8 as if going to safe mode.
From the advanced boot menu choose "enable boot logging" then hit enter.
Post the following file:
C:\windows\ntbtlog.txt
quiestbml
2009-07-27, 16:43
Service Pack 2 7 27 2009 09:16:15.500
Loaded driver \SystemRoot\system32\ntkrnlpa.exe
Loaded driver \SystemRoot\system32\hal.dll
Loaded driver \SystemRoot\system32\kdcom.dll
Loaded driver \SystemRoot\system32\PSHED.dll
Loaded driver \SystemRoot\system32\BOOTVID.dll
Loaded driver \SystemRoot\system32\CLFS.SYS
Loaded driver \SystemRoot\system32\CI.dll
Loaded driver \SystemRoot\system32\DRIVERS\sacdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\NDIS.SYS
Loaded driver \SystemRoot\system32\DRIVERS\msrpc.sys
Loaded driver \SystemRoot\system32\DRIVERS\NETIO.SYS
Loaded driver \SystemRoot\system32\drivers\Wdf01000.sys
Loaded driver \SystemRoot\system32\drivers\WDFLDR.SYS
Loaded driver \SystemRoot\system32\drivers\acpi.sys
Loaded driver \SystemRoot\system32\drivers\WMILIB.SYS
Loaded driver \SystemRoot\system32\drivers\msisadrv.sys
Loaded driver \SystemRoot\system32\drivers\pci.sys
Loaded driver \SystemRoot\System32\drivers\partmgr.sys
Loaded driver \SystemRoot\system32\drivers\volmgr.sys
Loaded driver \SystemRoot\System32\drivers\volmgrx.sys
Loaded driver \SystemRoot\system32\drivers\pciide.sys
Loaded driver \SystemRoot\system32\drivers\PCIIDEX.SYS
Loaded driver \SystemRoot\System32\drivers\mountmgr.sys
Loaded driver \SystemRoot\system32\drivers\atapi.sys
Loaded driver \SystemRoot\system32\drivers\ataport.SYS
Loaded driver \SystemRoot\system32\drivers\fltmgr.sys
Loaded driver \SystemRoot\system32\DRIVERS\Lbd.sys
Loaded driver \SystemRoot\System32\Drivers\ksecdd.sys
Loaded driver \SystemRoot\System32\drivers\tcpip.sys
Loaded driver \SystemRoot\System32\drivers\fwpkclnt.sys
Loaded driver \SystemRoot\system32\drivers\storflt.sys
Loaded driver \SystemRoot\System32\Drivers\Ntfs.sys
Loaded driver \SystemRoot\system32\drivers\volsnap.sys
Loaded driver \SystemRoot\System32\Drivers\spldr.sys
Loaded driver \SystemRoot\System32\Drivers\mup.sys
Loaded driver \SystemRoot\system32\drivers\disk.sys
Loaded driver \SystemRoot\system32\drivers\CLASSPNP.SYS
Loaded driver \SystemRoot\system32\drivers\crcdisk.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunnel.sys
Loaded driver \SystemRoot\system32\DRIVERS\tunmp.sys
Loaded driver \SystemRoot\system32\DRIVERS\amdk8.sys
Loaded driver \SystemRoot\System32\drivers\dxgkrnl.sys
Loaded driver \SystemRoot\system32\DRIVERS\atikmdag.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbohci.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys
Loaded driver \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
Loaded driver \SystemRoot\system32\DRIVERS\HDAudBus.sys
Loaded driver \SystemRoot\system32\DRIVERS\Rtlh86.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\msiscsi.sys
Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys
Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rassstp.sys
Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys
Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys
Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys
Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys
Loaded driver \SystemRoot\system32\DRIVERS\umbus.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys
Loaded driver \SystemRoot\system32\drivers\RTKVHDA.sys
Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
Loaded driver \SystemRoot\System32\Drivers\Null.SYS
Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
Loaded driver \SystemRoot\system32\DRIVERS\ehdrv.sys
Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys
Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\drivers\vga.sys
Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
Loaded driver \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Loaded driver \SystemRoot\system32\drivers\rdpencdd.sys
Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
Loaded driver \systemroot\system32\drivers\vsfoceykpytcxp.sys
Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
Loaded driver \SystemRoot\system32\DRIVERS\tdx.sys
Loaded driver \SystemRoot\system32\DRIVERS\smb.sys
Loaded driver \SystemRoot\system32\drivers\afd.sys
Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
Loaded driver \SystemRoot\system32\DRIVERS\pacer.sys
Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys
Did not load driver \SystemRoot\system32\DRIVERS\serial.sys
Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys
Loaded driver \SystemRoot\System32\Drivers\SCDEmu.SYS
Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys
Loaded driver \SystemRoot\system32\drivers\nsiproxy.sys
Loaded driver \SystemRoot\System32\Drivers\dfsc.sys
Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
Loaded driver \SystemRoot\system32\DRIVERS\wg121nd5.sys
Loaded driver \SystemRoot\system32\drivers\habu.sys
Loaded driver \SystemRoot\system32\DRIVERS\hidusb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mouhid.sys
Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
Loaded driver \SystemRoot\System32\Drivers\fastfat.SYS
Loaded driver \SystemRoot\system32\DRIVERS\monitor.sys
Loaded driver \SystemRoot\system32\drivers\fileinfo.sys
Loaded driver \SystemRoot\system32\drivers\luafv.sys
Loaded driver \SystemRoot\system32\DRIVERS\eamon.sys
Loaded driver \SystemRoot\system32\DRIVERS\lltdio.sys
Loaded driver \SystemRoot\system32\DRIVERS\nwifi.sys
Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys
Loaded driver \SystemRoot\system32\DRIVERS\rspndr.sys
Loaded driver \SystemRoot\system32\DRIVERS\bowser.sys
Loaded driver \SystemRoot\System32\drivers\mpsdrv.sys
Loaded driver \SystemRoot\system32\drivers\mrxdav.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb10.sys
Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb20.sys
Loaded driver \SystemRoot\system32\DRIVERS\asyncmac.sys
Loaded driver \SystemRoot\system32\drivers\HTTP.sys
Did not load driver \SystemRoot\system32\DRIVERS\parport.sys
Loaded driver \SystemRoot\system32\DRIVERS\epfwwfpr.sys
Loaded driver \SystemRoot\system32\drivers\peauth.sys
Loaded driver \SystemRoot\System32\Drivers\secdrv.SYS
Loaded driver \SystemRoot\System32\DRIVERS\srvnet.sys
Loaded driver \SystemRoot\System32\drivers\tcpipreg.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv2.sys
Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
Did not load driver \SystemRoot\System32\DRIVERS\srv.sys
Loaded driver \SystemRoot\system32\DRIVERS\cdfs.sys
Also, found this interesting: Nod32 found this file on startup, but couldn't delete it:
quiestbml
2009-07-27, 16:46
Object:
\\?\globalroot\systemroot\system32\vsfoceqrmxifvr.dll
Threat:
Win32/Olmarik.JU trojan
Comment:
Error while cleaning.
When I go to system32, the file is not there.
Hi,
I assume you have Windows Server 2008 media available. Please follow instructions given in a tutorial here (http://www.bleepingcomputer.com/tutorials/tutorial147.html) to access Windows Recovery Environment (don't mind about Vista, same things apply to Server 2008 too).
Access command prompt as shown in the tutorial. Then write following bolded commands (each line presents command, have ENTER pressed after each one):
c:
cd\windows\system32\drivers
attrib -s -r -h vsfoceykpytcxp.sys
ren vsfoceykpytcxp.sys vsfoceykpytcxp._ys
exit
After that you should end up back to System Recovery Options -window. Click Restart there and wait until Windows starts up. Then run GMER again and post back its report. Post also a fresh OTL report.
quiestbml
2009-07-27, 22:37
Bingo.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-27 15:35:53
Windows 6.0.6002 Service Pack 2
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1984] kernel32.dll!SetUnhandledExceptionFilter 76CAA84F 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:388] 841CE790
---- Services - GMER 1.0.15 ----
Service system32\drivers\vsfoceykpytcxp.sys (*** hidden *** ) [SYSTEM] vsfoceqtxbddjs <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs@imagepath \systemroot\system32\drivers\vsfoceykpytcxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main@aid 10162
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceykpytcxp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules@vsfocecmd.dll \systemroot\system32\vsfocelvkpgcmd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules@vsfocelog.dat \systemroot\system32\vsfocefnwqxnew.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules@vsfocewsp.dll \systemroot\system32\vsfoceqrmxifvr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\vsfoceqtxbddjs\modules@vsfoce.dat \systemroot\system32\vsfocetkgfqixw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs@imagepath \systemroot\system32\drivers\vsfoceykpytcxp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main@aid 10162
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main\injector@* vsfocewsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules@vsfocerk.sys \systemroot\system32\drivers\vsfoceykpytcxp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules@vsfocecmd.dll \systemroot\system32\vsfocelvkpgcmd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules@vsfocelog.dat \systemroot\system32\vsfocefnwqxnew.dat
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules@vsfocewsp.dll \systemroot\system32\vsfoceqrmxifvr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\vsfoceqtxbddjs\modules@vsfoce.dat \systemroot\system32\vsfocetkgfqixw.dat
---- EOF - GMER 1.0.15 ----
Good. We're making some progress there :)
Now launch GMER and run scan.
Right click the bad service (vsfoceqtxbddjs) that GMER flags up & hit delete service. Select no to delete file question.
After that, run a full scan with NOD32 to see if it can remove the findings this time. Provide a report of the scan if possible. Run Spybot too and post back its findings.
quiestbml
2009-07-28, 00:56
I had deleted the DLL and DAT files in system32 manually when I was in the recovery console earlier.
Nod32 found nothing.
Spybot found two tracking cookies, but that's it.
Should I delete the registry entries manually?
I forgot to ask reboot and run GMER again after that service removal. Please do so and post fresh GMER report. Shall see for further steps after that :)
quiestbml
2009-07-28, 02:36
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-27 19:35:59
Windows 6.0.6002 Service Pack 2
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1980] kernel32.dll!SetUnhandledExceptionFilter 7577A84F 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\USBSTOR \Device\0000006c 962D2FC8
Device \Driver\USBSTOR \Device\0000006d 962D2FC8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
---- Threads - GMER 1.0.15 ----
Thread System [4:388] 841C1790
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\wbem\Performance\WmiApRpl_new.h 357 bytes
---- EOF - GMER 1.0.15 ----
GMER log looks good. How's the system running now?
quiestbml
2009-07-28, 20:05
No more redirects. :D
Is it alright to remove that ._ys file now?
Hi,
Is it alright to remove that ._ys file now?
Yes, you may remove it :)
Let's uninstall OTL now.
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
You may delete DDS and HijackThis too.
Remember to keep system up-to-date.
Safe computing! :cool:
quiestbml
2009-07-28, 20:54
Thanks. :D
And thanks for the help!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.