rngrgreen
2010-12-03, 18:53
Please be advised I have 2 computers having an issue (different problems.) So I am making 2 threads one for each. This one is for the desktop.
Just recently my desktop stop working with IE7. The program works but will not go to any site. Firefox however works just fine no problems. This being the case I am pretty sure something is wrong with IE. I am unable to find a problem. using Microsoft security Essentials (MSE), Malwarebytes, Spybot and even F-secure online scanner. Everything come up clean. There is however a CD that I got from my friend that MSE deteced. I am posting that information along with the DDS. Also I have IE running while scanning with DDS. As far as that CD goes I did not run anything on that cd I took it out. and left it go.
MSE report Also it says that it removed it. after i took cd out.
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommendation: Permit this detected item only if you trust the program or the software publisher.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:K:\Patch.exe
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{26B8F6B4-D037-459A-BE25-5D16D8592A1A}-PATCH.EXE
DDS (Ver_10-11-27.01) - NTFSx86
Run by Barry W. Green at 11:48:46.93 on Fri 12/03/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2559.1231 [GMT -5:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Radmin Viewer 3\Radmin.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Download Temp\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=9ao51pps2f0kc
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\barryw~1.bar\appdata\roaming\mozilla\firefox\profiles\j112861w.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=cemsu3m3p52mm
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\barryw~1.bar\appdata\roaming\mozilla\firefox\profiles\j112861w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-2 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-5 541800]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-1 651264]
=============== Created Last 30 ================
2010-12-03 11:00:39 -------- d-----w- c:\progra~2\Kodak
2010-12-03 11:00:28 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-03 10:58:48 -------- d-----w- c:\windows\system32\kodak
2010-12-03 02:35:49 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{8c68ff79-9777-4548-8040-55c2236d67ad}\mpengine.dll
2010-12-02 21:57:32 388096 ----a-r- c:\users\barryw~1.bar\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-02 21:57:30 -------- d-----w- c:\program files\Trend Micro
2010-12-02 17:37:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 17:37:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-02 11:42:52 -------- d-----w- c:\program files\Orbitdownloader
2010-12-01 14:39:59 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\Malwarebytes
2010-12-01 14:39:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 14:39:51 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-01 14:39:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 14:39:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 14:04:54 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-01 13:32:15 -------- d-----w- c:\progra~2\Elaborate Bytes
2010-12-01 13:30:26 -------- d-----w- c:\program files\Elaborate Bytes
2010-12-01 13:29:58 -------- d-----w- c:\program files\SlySoft
2010-12-01 11:46:15 -------- d-----w- c:\users\barry w. green.barrywgreen-pc\Office Genuine Advantage
2010-12-01 11:06:30 -------- d-----w- c:\program files\Wii Backup Manager
2010-12-01 08:05:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-01 08:01:55 -------- d-----w- c:\program files\MSXML 4.0
2010-12-01 01:28:55 -------- d-----w- c:\windows\FLV Player
2010-11-30 22:19:49 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\ProgSense
2010-11-30 22:19:44 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\GrabPro
2010-11-30 22:19:44 -------- d-----w- C:\downloads
2010-11-30 21:13:17 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-11-30 18:49:45 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-11-30 18:49:45 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-11-30 18:49:45 221184 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-11-30 18:49:45 221184 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-11-30 18:49:41 602244 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-11-30 18:47:06 53248 ----a-w- C:\Process.exe
2010-11-30 17:20:44 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\Radmin
2010-11-30 17:20:10 -------- d-----w- c:\program files\Radmin Viewer 3
2010-11-30 16:51:25 -------- d-----w- c:\progra~2\LightScribe
2010-11-30 14:06:32 -------- d-----w- c:\program files\Nero
2010-11-30 14:04:41 -------- d-----w- c:\progra~2\Nero
2010-11-30 13:57:25 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Microsoft Games
2010-11-30 11:45:57 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-11-30 11:45:57 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-11-30 11:45:10 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-11-30 11:45:10 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-11-30 11:37:34 -------- d-----w- c:\windows\PCHEALTH
2010-11-30 11:34:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-30 11:32:52 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Microsoft Help
2010-11-30 11:02:14 -------- d-----w- c:\program files\Conduit
2010-11-30 11:02:11 -------- d-----w- c:\program files\ConduitEngine
2010-11-30 11:02:07 -------- d-----w- c:\program files\uTorrentBar
2010-11-30 11:02:04 -------- d-----w- C:\extensions
2010-11-30 10:59:24 -------- d-----w- c:\program files\uTorrent
2010-11-30 10:59:03 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\uTorrent
2010-11-30 10:56:55 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Google
2010-11-30 10:55:12 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Deployment
2010-11-30 10:55:12 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Apps
2010-11-30 02:22:13 -------- d-----w- c:\program files\common files\DivX Shared
2010-11-30 01:22:32 -------- d-----w- c:\program files\DivX
2010-11-30 01:19:17 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-30 01:18:00 268800 ----a-w- c:\windows\system32\es.dll
2010-11-30 01:10:36 -------- d-----w- c:\progra~2\DivX
2010-11-30 01:08:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-30 01:08:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-30 01:08:01 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\DAEMON Tools Lite
2010-11-30 01:07:58 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-11-30 00:21:45 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-11-30 00:21:44 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-30 00:21:44 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-11-30 00:21:44 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-30 00:21:43 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-30 00:21:43 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-30 00:21:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-30 00:21:42 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-11-30 00:15:46 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-30 00:15:46 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-30 00:15:46 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-30 00:15:45 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-30 00:15:41 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-30 00:15:40 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-30 00:15:40 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-30 00:15:40 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-29 23:33:49 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-29 23:33:49 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-29 23:33:47 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-29 23:33:47 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-29 23:33:47 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-29 20:08:54 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-29 20:08:54 2855424 ----a-w- c:\windows\system32\mf.dll
2010-11-29 20:08:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-29 20:08:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-29 20:08:53 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-29 20:07:10 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-11-29 20:06:38 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-29 20:05:46 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-11-29 20:05:19 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-11-29 20:05:19 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-11-29 20:04:59 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-11-29 20:04:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-29 20:04:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-29 20:04:05 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-29 20:03:32 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-29 20:03:32 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-11-29 20:03:32 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-11-29 20:02:46 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-29 20:01:46 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-11-29 20:01:45 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-11-29 20:01:45 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-11-29 20:01:45 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-11-29 20:01:45 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-11-29 20:01:45 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-11-29 19:59:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-29 19:58:21 2923520 ----a-w- c:\windows\explorer.exe
2010-11-29 19:58:05 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-11-29 19:57:47 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-29 19:57:46 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-29 19:56:08 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-29 19:54:51 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-29 19:54:51 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-29 19:54:27 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-29 19:54:26 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-29 19:54:26 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-29 19:54:03 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-29 19:54:03 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-29 19:53:42 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-29 19:53:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-29 19:53:42 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-29 18:43:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-29 18:43:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-29 18:43:58 24064 ----a-w- c:\windows\system32\lpk.dll
2010-11-29 18:43:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-29 18:43:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-29 18:43:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-29 18:39:35 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-29 18:39:35 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-29 18:39:34 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-29 18:39:34 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-29 18:37:19 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-29 18:37:19 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-29 18:37:18 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-29 18:36:35 707072 ----a-w- c:\program files\common files\system\wab32.dll
2010-11-29 18:36:35 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2010-11-29 18:36:35 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-11-29 18:36:35 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-11-29 18:36:35 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2010-11-29 18:36:34 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-11-29 18:36:33 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2010-11-29 18:36:33 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2010-11-29 18:36:29 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2010-11-29 18:36:29 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2010-11-29 18:36:29 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2010-11-29 18:35:30 15360 ----a-w- c:\windows\system32\netevent.dll
2010-11-29 18:35:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-29 18:35:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-29 18:35:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-29 18:35:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-29 18:35:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-29 18:35:29 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-29 18:35:29 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-29 18:35:29 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-29 18:34:16 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-11-29 18:34:16 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-11-29 18:34:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-11-29 18:34:12 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-11-29 18:34:10 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-11-29 18:33:32 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-11-29 18:33:32 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-11-29 18:32:54 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-29 18:32:53 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-29 18:32:53 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-29 18:32:53 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-29 18:32:53 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-29 18:32:52 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-11-29 18:31:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-29 18:31:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-11-29 18:31:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-29 18:31:57 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-11-29 18:30:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-29 18:30:35 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-29 18:30:34 7680 ----a-w- c:\windows\system32\lsass.exe
2010-11-29 18:30:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-29 18:30:34 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-29 18:30:34 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-29 18:28:56 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-11-29 18:28:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-29 18:27:00 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-29 18:27:00 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-29 18:27:00 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-29 18:26:24 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 18:26:24 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-11-29 18:25:38 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 18:25:38 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-29 18:25:00 90296 ----a-w- c:\program files\windows defender\MpOAV.dll
2010-11-29 18:25:00 670392 ----a-w- c:\program files\windows defender\MpRtMon.dll
2010-11-29 18:25:00 58552 ----a-w- c:\program files\windows defender\MpRtPlug.dll
2010-11-29 18:25:00 513720 ----a-w- c:\program files\windows defender\MpSoftEx.dll
2010-11-29 18:25:00 133816 ----a-w- c:\program files\windows defender\MpSigDwn.dll
2010-11-29 18:25:00 1006264 ----a-w- c:\program files\windows defender\MSASCui.exe
2010-11-29 18:24:59 318648 ----a-w- c:\program files\windows defender\MpCmdRun.exe
2010-11-29 18:24:59 311992 ----a-w- c:\program files\windows defender\MpClient.dll
2010-11-29 18:24:59 265912 ----a-w- c:\program files\windows defender\MpSvc.dll
2010-11-29 18:24:59 215224 ----a-w- c:\program files\windows defender\MsMpCom.dll
2010-11-29 18:24:59 19128 ----a-w- c:\program files\windows defender\MpAsDesc.dll
2010-11-29 18:24:59 14008 ----a-w- c:\program files\windows defender\MsMpLics.dll
2010-11-29 18:24:58 656568 ----a-w- c:\program files\windows defender\MsMpRes.dll
2010-11-29 18:23:14 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2010-11-29 18:22:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 18:22:39 414208 ----a-w- c:\windows\system32\msscp.dll
2010-11-29 18:22:06 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-11-29 18:21:24 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-11-29 18:20:12 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-11-29 18:20:10 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-29 18:20:10 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-29 18:20:10 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-11-29 18:18:40 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-29 18:18:01 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-29 18:18:01 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-29 18:18:01 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-29 18:18:01 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-29 18:18:00 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-29 18:18:00 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-29 18:17:31 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-11-29 18:17:02 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-11-29 18:17:02 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-11-29 18:17:02 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-29 18:17:02 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-29 18:17:02 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-11-29 18:17:02 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-29 18:17:01 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-29 18:17:01 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-29 18:15:54 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-29 18:15:22 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-29 18:10:42 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-29 18:10:40 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-29 18:10:40 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-29 18:10:39 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-29 18:10:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-29 18:10:39 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-29 18:10:38 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-29 18:10:37 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-29 18:10:37 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-29 18:10:36 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-29 18:10:36 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-29 18:08:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-29 18:08:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-29 18:08:52 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-29 18:08:52 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-11-29 18:08:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-29 18:08:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-29 18:08:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-29 18:08:13 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-11-29 18:07:42 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-29 18:07:42 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-29 18:07:42 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-29 18:07:09 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-29 18:07:09 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-29 18:06:29 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-11-29 18:06:29 223232 ----a-w- c:\windows\system32\SLC.dll
2010-11-29 18:06:28 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-11-29 18:06:27 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-11-29 18:06:27 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-11-29 18:06:27 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-11-29 18:06:27 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-11-29 18:06:25 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-11-29 18:06:25 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-11-29 18:05:47 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-29 18:04:18 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-11-29 18:04:18 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-11-29 18:04:16 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-11-29 18:04:15 1984512 ----a-w- c:\windows\system32\authui.dll
2010-11-29 18:04:15 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-11-29 18:04:12 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-11-29 18:04:10 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-11-29 18:03:17 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-11-29 18:03:17 37376 ----a-w- c:\windows\system32\printcom.dll
2010-11-29 18:02:16 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-29 17:59:36 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-11-29 17:59:34 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-29 17:59:31 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-29 17:59:26 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-29 17:59:24 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-29 17:59:18 472576 ----a-w- c:\windows\system32\secproc.dll
2010-11-29 17:59:15 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-29 17:59:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-29 17:59:04 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-29 17:57:39 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2010-11-29 17:57:39 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2010-11-29 17:57:39 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-29 17:56:23 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-29 17:56:22 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-29 17:55:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-29 17:55:16 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-29 17:55:16 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-11-29 17:53:34 94720 ----a-w- c:\windows\system32\logagent.exe
2010-11-29 17:53:33 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-11-29 17:52:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2010-11-29 17:51:29 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-29 17:51:28 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-29 17:50:30 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-29 17:49:32 1645568 ----a-w- c:\windows\system32\connect.dll
2010-11-29 17:48:40 5120 ----a-w- c:\windows\system32\wmi.dll
2010-11-29 17:48:40 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-11-29 17:48:40 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-11-29 17:47:46 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-29 17:46:02 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-29 17:46:02 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-11-29 17:46:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-29 17:42:21 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-29 17:41:39 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-11-29 17:41:04 274432 ----a-w- c:\windows\system32\raschap.dll
2010-11-29 17:41:04 232960 ----a-w- c:\windows\system32\rastls.dll
2010-11-29 17:40:11 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-29 17:39:14 633856 ----a-w- c:\windows\system32\user32.dll
2010-11-29 17:36:40 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-29 17:36:40 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-29 17:36:40 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-29 17:36:39 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-11-29 17:36:38 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-11-29 17:36:38 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-29 17:36:38 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-29 17:36:38 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-29 17:36:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-29 17:36:38 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-29 17:35:50 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-11-29 17:35:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-29 17:34:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-29 17:34:01 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-29 17:34:01 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-11-29 17:34:00 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-29 17:34:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-29 17:34:00 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-29 17:34:00 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-29 17:33:49 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-11-29 17:33:49 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-11-29 14:31:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-29 14:30:35 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-29 14:29:57 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-29 14:29:56 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-29 13:25:58 -------- d-----w- c:\program files\Runic Games
2010-11-29 12:44:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-29 01:14:55 -------- d-----w- c:\program files\Belkin
2010-11-29 01:14:06 -------- d-sh--w- c:\windows\Installer
2010-11-29 01:14:03 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-11-29 00:27:38 -------- d-----w- c:\windows\Panther
2010-11-29 00:26:37 -------- d-----w- c:\windows\system32\OEM
2010-11-28 22:36:47 -------- d-----w- c:\progra~2\PopCap Games
2010-11-28 22:32:12 -------- d-----w- c:\program files\Pop Cap Games
2010-11-28 22:25:23 -------- d-----w- c:\program files\Barry W. Green
2010-11-23 09:45:46 30888 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-22 16:16:57 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2010-11-20 18:01:07 26228 -c--a-w- C:\dhcp.reg
2010-11-19 23:39:52 14802 -c--a-w- C:\options.reg
2010-11-19 22:59:50 26214 -c--a-w- C:\tcip6.reg
2010-11-19 22:59:39 17850 -c--a-w- C:\tcip.reg
2010-11-16 19:08:12 -------- dc----w- c:\program files\Fat32FormatterEN
2010-11-14 04:03:26 -------- dc----w- C:\Nexon
2010-11-05 08:13:08 541800 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
==================== Find3M ====================
2010-11-30 18:52:24 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-11-30 18:52:24 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-11-29 18:41:44 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-29 18:41:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-29 18:41:43 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-11-29 18:41:35 389120 ----a-w- c:\windows\system32\html.iec
2010-11-29 18:41:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-29 18:41:34 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-29 18:41:33 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-29 18:41:29 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-29 18:41:28 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-29 18:41:25 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-11-29 18:14:47 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-29 18:07:09 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-11-29 17:55:22 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-11-29 17:55:20 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-29 17:55:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-11-29 17:55:18 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-29 17:55:18 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
============= FINISH: 11:49:58.46 ===============
Edit
Laptop: http://forums.spybot.info/showthread.php?t=60728
Just recently my desktop stop working with IE7. The program works but will not go to any site. Firefox however works just fine no problems. This being the case I am pretty sure something is wrong with IE. I am unable to find a problem. using Microsoft security Essentials (MSE), Malwarebytes, Spybot and even F-secure online scanner. Everything come up clean. There is however a CD that I got from my friend that MSE deteced. I am posting that information along with the DDS. Also I have IE running while scanning with DDS. As far as that CD goes I did not run anything on that cd I took it out. and left it go.
MSE report Also it says that it removed it. after i took cd out.
Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommendation: Permit this detected item only if you trust the program or the software publisher.
Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.
Items:
file:K:\Patch.exe
filelocalcopy:\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{26B8F6B4-D037-459A-BE25-5D16D8592A1A}-PATCH.EXE
DDS (Ver_10-11-27.01) - NTFSx86
Run by Barry W. Green at 11:48:46.93 on Fri 12/03/2010
Internet Explorer: 7.0.6000.16982
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2559.1231 [GMT -5:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Radmin Viewer 3\Radmin.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\Download Temp\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=9ao51pps2f0kc
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\barryw~1.bar\appdata\roaming\mozilla\firefox\profiles\j112861w.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mg4.mail.yahoo.com/dc/launch?.gx=1&.rand=cemsu3m3p52mm
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\barryw~1.bar\appdata\roaming\mozilla\firefox\profiles\j112861w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
============= SERVICES / DRIVERS ===============
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-2 1153368]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-5 541800]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2010-12-1 651264]
=============== Created Last 30 ================
2010-12-03 11:00:39 -------- d-----w- c:\progra~2\Kodak
2010-12-03 11:00:28 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-03 10:58:48 -------- d-----w- c:\windows\system32\kodak
2010-12-03 02:35:49 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{8c68ff79-9777-4548-8040-55c2236d67ad}\mpengine.dll
2010-12-02 21:57:32 388096 ----a-r- c:\users\barryw~1.bar\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-02 21:57:30 -------- d-----w- c:\program files\Trend Micro
2010-12-02 17:37:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 17:37:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-12-02 11:42:52 -------- d-----w- c:\program files\Orbitdownloader
2010-12-01 14:39:59 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\Malwarebytes
2010-12-01 14:39:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-01 14:39:51 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-01 14:39:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-01 14:39:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-01 14:04:54 651264 ----a-w- c:\windows\system32\drivers\netr28u.sys
2010-12-01 14:04:54 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-01 13:32:15 -------- d-----w- c:\progra~2\Elaborate Bytes
2010-12-01 13:30:26 -------- d-----w- c:\program files\Elaborate Bytes
2010-12-01 13:29:58 -------- d-----w- c:\program files\SlySoft
2010-12-01 11:46:15 -------- d-----w- c:\users\barry w. green.barrywgreen-pc\Office Genuine Advantage
2010-12-01 11:06:30 -------- d-----w- c:\program files\Wii Backup Manager
2010-12-01 08:05:36 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-12-01 08:01:55 -------- d-----w- c:\program files\MSXML 4.0
2010-12-01 01:28:55 -------- d-----w- c:\windows\FLV Player
2010-11-30 22:19:49 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\ProgSense
2010-11-30 22:19:44 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\GrabPro
2010-11-30 22:19:44 -------- d-----w- C:\downloads
2010-11-30 21:13:17 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-11-30 18:49:45 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-11-30 18:49:45 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-11-30 18:49:45 221184 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2010-11-30 18:49:45 221184 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-11-30 18:49:41 602244 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2010-11-30 18:47:06 53248 ----a-w- C:\Process.exe
2010-11-30 17:20:44 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\Radmin
2010-11-30 17:20:10 -------- d-----w- c:\program files\Radmin Viewer 3
2010-11-30 16:51:25 -------- d-----w- c:\progra~2\LightScribe
2010-11-30 14:06:32 -------- d-----w- c:\program files\Nero
2010-11-30 14:04:41 -------- d-----w- c:\progra~2\Nero
2010-11-30 13:57:25 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Microsoft Games
2010-11-30 11:45:57 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-11-30 11:45:57 30512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2010-11-30 11:45:10 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2010-11-30 11:45:10 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-11-30 11:37:34 -------- d-----w- c:\windows\PCHEALTH
2010-11-30 11:34:21 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-11-30 11:32:52 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Microsoft Help
2010-11-30 11:02:14 -------- d-----w- c:\program files\Conduit
2010-11-30 11:02:11 -------- d-----w- c:\program files\ConduitEngine
2010-11-30 11:02:07 -------- d-----w- c:\program files\uTorrentBar
2010-11-30 11:02:04 -------- d-----w- C:\extensions
2010-11-30 10:59:24 -------- d-----w- c:\program files\uTorrent
2010-11-30 10:59:03 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\uTorrent
2010-11-30 10:56:55 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Google
2010-11-30 10:55:12 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Deployment
2010-11-30 10:55:12 -------- d-----w- c:\users\barryw~1.bar\appdata\local\Apps
2010-11-30 02:22:13 -------- d-----w- c:\program files\common files\DivX Shared
2010-11-30 01:22:32 -------- d-----w- c:\program files\DivX
2010-11-30 01:19:17 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-11-30 01:18:00 268800 ----a-w- c:\windows\system32\es.dll
2010-11-30 01:10:36 -------- d-----w- c:\progra~2\DivX
2010-11-30 01:08:55 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-11-30 01:08:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-30 01:08:01 -------- d-----w- c:\users\barryw~1.bar\appdata\roaming\DAEMON Tools Lite
2010-11-30 01:07:58 -------- d-----w- c:\progra~2\DAEMON Tools Lite
2010-11-30 00:21:45 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-11-30 00:21:44 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-11-30 00:21:44 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-11-30 00:21:44 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-11-30 00:21:43 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-11-30 00:21:43 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-30 00:21:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-11-30 00:21:42 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-11-30 00:15:46 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-11-30 00:15:46 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-11-30 00:15:46 11264 ----a-w- c:\windows\system32\icardres.dll
2010-11-30 00:15:45 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-11-30 00:15:41 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-11-30 00:15:40 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-11-30 00:15:40 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-30 00:15:40 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-29 23:33:49 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-11-29 23:33:49 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-29 23:33:47 83968 ----a-w- c:\windows\system32\mscories.dll
2010-11-29 23:33:47 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-11-29 23:33:47 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-11-29 20:08:54 98816 ----a-w- c:\windows\system32\mfps.dll
2010-11-29 20:08:54 2855424 ----a-w- c:\windows\system32\mf.dll
2010-11-29 20:08:53 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-11-29 20:08:53 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-11-29 20:08:53 2048 ----a-w- c:\windows\system32\mferror.dll
2010-11-29 20:07:10 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-11-29 20:06:38 71680 ----a-w- c:\windows\system32\atl.dll
2010-11-29 20:05:46 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-11-29 20:05:19 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-11-29 20:05:19 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-11-29 20:04:59 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-11-29 20:04:36 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-11-29 20:04:36 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-11-29 20:04:05 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-11-29 20:03:32 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-11-29 20:03:32 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-11-29 20:03:32 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-11-29 20:02:46 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-11-29 20:01:46 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-11-29 20:01:45 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-11-29 20:01:45 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-11-29 20:01:45 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-11-29 20:01:45 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-11-29 20:01:45 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-11-29 19:59:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-29 19:58:21 2923520 ----a-w- c:\windows\explorer.exe
2010-11-29 19:58:05 229888 ----a-w- c:\windows\system32\msshsq.dll
2010-11-29 19:57:47 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-11-29 19:57:46 272384 ----a-w- c:\windows\system32\schannel.dll
2010-11-29 19:56:08 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-11-29 19:54:51 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-11-29 19:54:51 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-11-29 19:54:27 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-11-29 19:54:26 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-11-29 19:54:26 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-11-29 19:54:03 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-11-29 19:54:03 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-11-29 19:53:42 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-11-29 19:53:42 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-11-29 19:53:42 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-11-29 18:43:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-29 18:43:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-29 18:43:58 24064 ----a-w- c:\windows\system32\lpk.dll
2010-11-29 18:43:58 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-11-29 18:43:57 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-11-29 18:43:57 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-11-29 18:39:35 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-11-29 18:39:35 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-11-29 18:39:34 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-11-29 18:39:34 272896 ----a-w- c:\windows\system32\polstore.dll
2010-11-29 18:37:19 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-11-29 18:37:19 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-11-29 18:37:18 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-11-29 18:36:35 707072 ----a-w- c:\program files\common files\system\wab32.dll
2010-11-29 18:36:35 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2010-11-29 18:36:35 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-11-29 18:36:35 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-11-29 18:36:35 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2010-11-29 18:36:34 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-11-29 18:36:33 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2010-11-29 18:36:33 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2010-11-29 18:36:29 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2010-11-29 18:36:29 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2010-11-29 18:36:29 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2010-11-29 18:35:30 15360 ----a-w- c:\windows\system32\netevent.dll
2010-11-29 18:35:29 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-11-29 18:35:29 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-11-29 18:35:29 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-11-29 18:35:29 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-11-29 18:35:29 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-11-29 18:35:29 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-11-29 18:35:29 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-11-29 18:35:29 10240 ----a-w- c:\windows\system32\finger.exe
2010-11-29 18:34:16 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-11-29 18:34:16 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-11-29 18:34:13 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-11-29 18:34:12 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-11-29 18:34:10 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-11-29 18:33:32 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-11-29 18:33:32 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-11-29 18:32:54 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-11-29 18:32:53 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-11-29 18:32:53 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-11-29 18:32:53 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-11-29 18:32:53 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-11-29 18:32:52 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-11-29 18:31:58 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-11-29 18:31:58 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-11-29 18:31:57 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-11-29 18:31:57 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-11-29 18:30:35 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-11-29 18:30:35 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-11-29 18:30:34 7680 ----a-w- c:\windows\system32\lsass.exe
2010-11-29 18:30:34 72704 ----a-w- c:\windows\system32\secur32.dll
2010-11-29 18:30:34 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-11-29 18:30:34 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-11-29 18:28:56 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-11-29 18:28:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-29 18:27:00 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-11-29 18:27:00 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-11-29 18:27:00 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-11-29 18:26:24 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-11-29 18:26:24 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-11-29 18:25:38 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-29 18:25:38 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-29 18:25:00 90296 ----a-w- c:\program files\windows defender\MpOAV.dll
2010-11-29 18:25:00 670392 ----a-w- c:\program files\windows defender\MpRtMon.dll
2010-11-29 18:25:00 58552 ----a-w- c:\program files\windows defender\MpRtPlug.dll
2010-11-29 18:25:00 513720 ----a-w- c:\program files\windows defender\MpSoftEx.dll
2010-11-29 18:25:00 133816 ----a-w- c:\program files\windows defender\MpSigDwn.dll
2010-11-29 18:25:00 1006264 ----a-w- c:\program files\windows defender\MSASCui.exe
2010-11-29 18:24:59 318648 ----a-w- c:\program files\windows defender\MpCmdRun.exe
2010-11-29 18:24:59 311992 ----a-w- c:\program files\windows defender\MpClient.dll
2010-11-29 18:24:59 265912 ----a-w- c:\program files\windows defender\MpSvc.dll
2010-11-29 18:24:59 215224 ----a-w- c:\program files\windows defender\MsMpCom.dll
2010-11-29 18:24:59 19128 ----a-w- c:\program files\windows defender\MpAsDesc.dll
2010-11-29 18:24:59 14008 ----a-w- c:\program files\windows defender\MsMpLics.dll
2010-11-29 18:24:58 656568 ----a-w- c:\program files\windows defender\MsMpRes.dll
2010-11-29 18:23:14 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2010-11-29 18:22:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 18:22:39 414208 ----a-w- c:\windows\system32\msscp.dll
2010-11-29 18:22:06 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-11-29 18:21:24 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-11-29 18:20:12 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2010-11-29 18:20:10 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2010-11-29 18:20:10 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2010-11-29 18:20:10 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-11-29 18:18:40 696832 ----a-w- c:\windows\system32\localspl.dll
2010-11-29 18:18:01 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-11-29 18:18:01 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-11-29 18:18:01 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-11-29 18:18:01 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-11-29 18:18:00 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-11-29 18:18:00 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-11-29 18:17:31 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-11-29 18:17:02 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-11-29 18:17:02 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-11-29 18:17:02 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-11-29 18:17:02 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-11-29 18:17:02 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-11-29 18:17:02 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-11-29 18:17:01 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-29 18:17:01 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-11-29 18:15:54 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-11-29 18:15:22 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-11-29 18:10:42 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-11-29 18:10:40 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-11-29 18:10:40 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-11-29 18:10:39 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-11-29 18:10:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-11-29 18:10:39 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-11-29 18:10:38 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-11-29 18:10:37 53248 ----a-w- c:\windows\system32\iasads.dll
2010-11-29 18:10:37 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-11-29 18:10:36 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-11-29 18:10:36 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-11-29 18:08:52 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-29 18:08:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-11-29 18:08:52 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-11-29 18:08:52 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-11-29 18:08:52 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-11-29 18:08:52 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-11-29 18:08:52 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-11-29 18:08:13 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-11-29 18:07:42 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-11-29 18:07:42 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-11-29 18:07:42 2048 ----a-w- c:\windows\system32\asferror.dll
2010-11-29 18:07:09 25600 ----a-w- c:\windows\system32\amxread.dll
2010-11-29 18:07:09 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-11-29 18:06:29 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-11-29 18:06:29 223232 ----a-w- c:\windows\system32\SLC.dll
2010-11-29 18:06:28 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-11-29 18:06:27 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-11-29 18:06:27 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-11-29 18:06:27 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-11-29 18:06:27 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-11-29 18:06:25 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-11-29 18:06:25 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-11-29 18:05:47 97792 ----a-w- c:\windows\system32\cabview.dll
2010-11-29 18:04:18 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-11-29 18:04:18 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-11-29 18:04:16 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-11-29 18:04:15 1984512 ----a-w- c:\windows\system32\authui.dll
2010-11-29 18:04:15 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-11-29 18:04:12 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-11-29 18:04:10 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-11-29 18:03:17 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-11-29 18:03:17 37376 ----a-w- c:\windows\system32\printcom.dll
2010-11-29 18:02:16 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-11-29 17:59:36 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-11-29 17:59:34 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-11-29 17:59:31 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-11-29 17:59:26 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-11-29 17:59:24 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-11-29 17:59:18 472576 ----a-w- c:\windows\system32\secproc.dll
2010-11-29 17:59:15 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-11-29 17:59:05 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-11-29 17:59:04 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-11-29 17:57:39 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2010-11-29 17:57:39 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2010-11-29 17:57:39 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-11-29 17:56:23 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-11-29 17:56:22 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-11-29 17:55:23 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-29 17:55:16 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-29 17:55:16 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-11-29 17:53:34 94720 ----a-w- c:\windows\system32\logagent.exe
2010-11-29 17:53:33 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-11-29 17:52:09 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2010-11-29 17:51:29 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-11-29 17:51:28 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-11-29 17:50:30 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-11-29 17:49:32 1645568 ----a-w- c:\windows\system32\connect.dll
2010-11-29 17:48:40 5120 ----a-w- c:\windows\system32\wmi.dll
2010-11-29 17:48:40 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-11-29 17:48:40 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-11-29 17:47:46 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-11-29 17:46:02 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-11-29 17:46:02 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-11-29 17:46:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-11-29 17:42:21 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-29 17:41:39 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-11-29 17:41:04 274432 ----a-w- c:\windows\system32\raschap.dll
2010-11-29 17:41:04 232960 ----a-w- c:\windows\system32\rastls.dll
2010-11-29 17:40:11 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-11-29 17:39:14 633856 ----a-w- c:\windows\system32\user32.dll
2010-11-29 17:36:40 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-11-29 17:36:40 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-11-29 17:36:40 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-11-29 17:36:39 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-11-29 17:36:38 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-11-29 17:36:38 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-11-29 17:36:38 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-11-29 17:36:38 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-11-29 17:36:38 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-11-29 17:36:38 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-11-29 17:35:50 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-11-29 17:35:18 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-11-29 17:34:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-29 17:34:01 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-11-29 17:34:01 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-11-29 17:34:00 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-11-29 17:34:00 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-11-29 17:34:00 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-11-29 17:34:00 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-11-29 17:33:49 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-11-29 17:33:49 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-11-29 14:31:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-11-29 14:30:35 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-11-29 14:29:57 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-11-29 14:29:56 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-11-29 13:25:58 -------- d-----w- c:\program files\Runic Games
2010-11-29 12:44:17 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-29 01:14:55 -------- d-----w- c:\program files\Belkin
2010-11-29 01:14:06 -------- d-sh--w- c:\windows\Installer
2010-11-29 01:14:03 -------- d-----w- c:\windows\{4626E3EA-85B3-464E-B296-F3F5488D8B08}
2010-11-29 00:27:38 -------- d-----w- c:\windows\Panther
2010-11-29 00:26:37 -------- d-----w- c:\windows\system32\OEM
2010-11-28 22:36:47 -------- d-----w- c:\progra~2\PopCap Games
2010-11-28 22:32:12 -------- d-----w- c:\program files\Pop Cap Games
2010-11-28 22:25:23 -------- d-----w- c:\program files\Barry W. Green
2010-11-23 09:45:46 30888 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-22 16:16:57 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2010-11-20 18:01:07 26228 -c--a-w- C:\dhcp.reg
2010-11-19 23:39:52 14802 -c--a-w- C:\options.reg
2010-11-19 22:59:50 26214 -c--a-w- C:\tcip6.reg
2010-11-19 22:59:39 17850 -c--a-w- C:\tcip.reg
2010-11-16 19:08:12 -------- dc----w- c:\program files\Fat32FormatterEN
2010-11-14 04:03:26 -------- dc----w- C:\Nexon
2010-11-05 08:13:08 541800 ----a-w- c:\windows\system32\drivers\RTL8192su.sys
==================== Find3M ====================
2010-11-30 18:52:24 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-11-30 18:52:24 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-11-29 18:41:44 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-29 18:41:43 832512 ----a-w- c:\windows\system32\wininet.dll
2010-11-29 18:41:43 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2010-11-29 18:41:35 389120 ----a-w- c:\windows\system32\html.iec
2010-11-29 18:41:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-11-29 18:41:34 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-11-29 18:41:33 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-29 18:41:29 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-29 18:41:28 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-29 18:41:25 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-11-29 18:14:47 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-11-29 18:07:09 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-11-29 17:55:22 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2010-11-29 17:55:20 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-29 17:55:19 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-11-29 17:55:18 537600 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-29 17:55:18 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
============= FINISH: 11:49:58.46 ===============
Edit
Laptop: http://forums.spybot.info/showthread.php?t=60728