guegae.exe (Trojan Agent)

[r4a9s]

My friend unknowingly infected my computer when he used his flash drive to give me a school project file. About three hours later his computer got the "blue screen of death" and mine began acting suspiciously. Vista began prompting me, at random intervals, to allow "programs" to run. These programs have random groups of letters for names, and I have not allowed them to continue their actions, but the task manager shows them running as system processes. I ran both spybots and AVG, but neither of them found anything. I then ran Malwarebytes and 2 infected items were found, they were listed as guegae.exe (trojan agents). That's when I downloaded and ran HJT and ERUNT. The log for HJT is below, but when I ran ERUNT with only the system registry option selected as per your instructions, it gave me several alerts saying that it could not save certain files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:03 AM, on 9/25/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neumann.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DX-NUSB] C:\Program Files (x86)\Dynex\DX-NUSB\v1000\Dynexwcui.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [zoazo] C:\Users\r4a9s\zoazo.exe
O4 - HKCU\..\Run: [siuop] C:\Users\r4a9s\siuop.exe
O4 - HKCU\..\Run: [riuom] C:\Users\r4a9s\riuom.exe
O4 - HKCU\..\Run: [cuecuf] C:\Users\r4a9s\cuecuf.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files (x86)\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: BabelgumUpdater - Unknown owner - C:\Program Files (x86)\Babelgum Player\babelgumupdater_service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9982 bytes

 

[Blade81]

Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

 

[r4a9s]

GMER Log

Here is the log

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-29 21:33:31
Windows 6.0.6002 Service Pack 2
Running: p91mxo2u.exe


---- Files - GMER 1.0.15 ----

File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci 81920 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.dir 4096 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid 65536 bytes

---- EOF - GMER 1.0.15 ----

 

[Blade81]

Update Malwarebytes' Anti-Malware and run a full scan with it (let it delete all findings). Post back its report.

 

[r4a9s]

Malwarebytes Log

Malwarebytes' Anti-Malware 1.41
Database version: 2874
Windows 6.0.6002 Service Pack 2

9/30/2009 8:51:42 AM
mbam-log-2009-09-30 (08-51-42).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 355155
Time elapsed: 1 hour(s), 40 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Blade81]

Let's continue.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

 

[r4a9s]

Extras Log

OTL Extras logfile created on: 9/30/2009 1:22:57 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\r4a9s\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 83.34% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.12 Gb Total Space | 465.02 Gb Free Space | 80.02% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.30 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOY2
Current User Name: r4a9s
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C8 F4 81 E1 A7 37 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C885EDC-3DF5-45E2-AE89-4777392F9168}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{3FC0BD73-2924-4680-A2C2-8EAF1B9FD9D9}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6866E137-67E1-431B-B504-BC509A9BF136}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D3DCF707-10FB-47B2-BEA1-5146E8DBB78E}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F84E7C96-3E24-46EC-BDF2-030D974953C9}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A67E3F4-249B-4F82-B62F-C998DA4871ED}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{15A9B7C0-21D4-4FE3-B413-83ED19E3002A}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{225BFD66-6E21-4FC0-8F51-AC7650A01DF2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{28F675A9-65BA-4FCB-B77D-B8772A096B3A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{34A4A824-8665-4761-8E66-667A450EBBBB}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{4BAB076B-CD39-4D39-90F6-AD05FABBCD92}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{59A830C6-5CB8-468E-A0A1-00A85E141775}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{947F1F62-C734-4735-8374-1190636FA3DA}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{94F60499-21BE-48C2-92A5-6AE3F4DE4AF4}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{A25744F5-0764-4878-B482-1A6709D43567}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{A7104A95-5D53-40BC-92E7-2C08EAAB4D8E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E10556C0-B026-4174-A289-8CDFA910B662}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{E238154C-B5B1-48AD-813D-34578A279363}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{F0474DC0-1790-4778-A6DD-778BDE71E603}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{F916F9F8-8A61-499F-8C34-EA4685A6B3AB}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"TCP Query User{1EE733DA-6DCB-420A-91CF-318884B5FA59}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{6A7BC570-060B-458B-9CB4-AF9B9FF38328}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{BEED0247-E623-45D5-9E8E-43EFF0A49E97}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{2F388985-8B82-4100-948D-94375459A469}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{6FCA99CF-EE42-454D-81D3-C94A00B74E78}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{A62C60DC-3EBD-4F2B-83A5-D588558EAF15}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A128921B-D03F-4BFB-8141-C365AA48D660}" = Adobe Setup
"{A2881E09-38DB-4F79-9135-00FDA01768A7}" = Adobe Creative Suite 4 Design Premium
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_913" = Adobe Acrobat 9.1.3 - CPSID_49522
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCE3C594-D549-4F96-B508-5FE2BE998159}" = Dynex Wireless N USB Adapter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_55230b0b70661df0f212e88f0b655f7" = Adobe Creative Suite 4 Design Premium
"AVG8Uninstall" = AVG 8.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LimeWire" = LimeWire 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Office8.0" = Microsoft Office 97, Professional Edition
"WildTangent dell Master Uninstall" = WildTangent Games

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2009 3:19:57 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 3:19:58 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 3:20:07 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 3:20:08 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 3:20:08 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 3:20:17 PM | Computer Name = Toy2 | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 9/1/2009 10:32:39 PM | Computer Name = Toy2 | Source = Application Hang | ID = 1002
Description = The program Acrobat.exe version 9.1.0.163 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11c4 Start Time: 01ca2b743207ac8b Termination Time: 0

Error - 9/3/2009 3:24:34 AM | Computer Name = Toy2 | Source = WinMgmt | ID = 10
Description =

Error - 9/3/2009 9:58:00 AM | Computer Name = Toy2 | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 9/7/2009 2:23:26 PM | Computer Name = Toy2 | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 7/26/2009 3:28:34 PM | Computer Name = Toy2 | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 5/6/2009 7:36:12 AM | Computer Name = Toy2 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
00219B19741E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 5/6/2009 7:36:13 AM | Computer Name = Toy2 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
00219B19741E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 5/6/2009 7:36:14 AM | Computer Name = Toy2 | Source = Dhcp | ID = 1002
Description = The IP address lease 0.0.0.0 for the Network Card with network address
00219B19741E has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 5/13/2009 2:56:48 PM | Computer Name = Toy2 | Source = HTTP | ID = 15016
Description =

Error - 5/14/2009 4:49:28 PM | Computer Name = Toy2 | Source = HTTP | ID = 15016
Description =

Error - 5/16/2009 10:05:21 AM | Computer Name = Toy2 | Source = HTTP | ID = 15016
Description =

Error - 5/26/2009 11:26:16 AM | Computer Name = Toy2 | Source = DCOM | ID = 10005
Description =

Error - 5/26/2009 11:26:16 AM | Computer Name = Toy2 | Source = Service Control Manager | ID = 7009
Description =

Error - 5/26/2009 11:26:16 AM | Computer Name = Toy2 | Source = Service Control Manager | ID = 7000
Description =

Error - 5/29/2009 9:19:48 AM | Computer Name = Toy2 | Source = HTTP | ID = 15016
Description =


< End of report >

 

[r4a9s]

OTL Log, Part 1

OTL logfile created on: 9/30/2009 1:22:57 PM - Run 1
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\r4a9s\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 83.34% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.12 Gb Total Space | 465.02 Gb Free Space | 80.02% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.30 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOY2
Current User Name: r4a9s
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\r4a9s\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AERTFilters [Auto | Running]) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (AvgLdx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (BCMH43XX [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\DX432364.sys (Broadcom Corporation)
DRV:64bit: - (e1express [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (iaStor [Disabled | Stopped]) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (igfx [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (winusb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\WinUSB.SYS (Microsoft Corporation)
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\SysWow64\winusb.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081209
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neumann.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.neumann.edu/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/06/27 08:24:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 14:48:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/10 16:10:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/09/10 16:10:07 | 00,000,000 | ---D | M]

[2009/05/06 09:05:30 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions
[2008/12/17 12:06:54 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/06 09:05:30 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/09/29 20:34:18 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions
[2009/09/01 15:09:00 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/17 22:04:29 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions\moveplayer@movenetworks.com
[2009/09/01 15:07:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/10 16:10:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/14 11:30:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/01 15:07:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 16:10:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 16:10:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 16:10:07 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (335318 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11491 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DX-NUSB] C:\Program Files (x86)\Dynex\DX-NUSB\v1000\Dynexwcui.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [cuecuf] C:\Users\r4a9s\cuecuf.exe ()
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [riuom] C:\Users\r4a9s\riuom.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [siuop] C:\Users\r4a9s\siuop.exe ()
O4 - HKCU..\Run: [zoazo] C:\Users\r4a9s\zoazo.exe ()
O4 - Startup: C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.54.175.38 66.54.175.122
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{78e659fc-d1b3-11dd-8948-00219b19741e}\Shell - "" = AutoRun
O33 - MountPoints2\{78e659fc-d1b3-11dd-8948-00219b19741e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{92409198-cba8-11dd-9734-00219b19741e}\Shell - "" = AutoRun
O33 - MountPoints2\{92409198-cba8-11dd-9734-00219b19741e}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db2f14c3-a90a-11de-9a4b-00219b19741e}\Shell\Auto\command - "" = J:\kugou.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/30 13:20:46 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Users\r4a9s\Desktop\OTL.exe
[2009/09/29 20:31:56 | 00,288,768 | ---- | C] () -- C:\Users\r4a9s\Desktop\p91mxo2u.exe
[2009/09/29 20:22:05 | 21,361,33631 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/29 11:14:36 | 00,000,732 | ---- | C] () -- C:\Users\r4a9s\AppData\Local\d3d9caps64.dat
[2009/09/28 15:21:39 | 00,027,134 | ---- | C] () -- C:\Users\r4a9s\Desktop\dad_form.pdf
[2009/09/28 15:21:14 | 00,033,280 | ---- | C] () -- C:\Users\r4a9s\Desktop\dad_form.xls
[2009/09/28 12:58:52 | 04,417,562 | ---- | C] () -- C:\Users\r4a9s\Desktop\6_Characters_Logo.jpg
[2009/09/28 12:57:40 | 04,470,505 | ---- | C] () -- C:\Users\r4a9s\Desktop\T-shirt_Logo.jpg
[2009/09/27 03:05:57 | 00,023,040 | ---- | C] () -- C:\Users\r4a9s\Desktop\College Picks.xls
[2009/09/25 11:46:31 | 00,000,000 | ---D | C] -- C:\Users\r4a9s\Desktop\ERUNT
[2009/09/25 11:45:37 | 00,000,945 | ---- | C] () -- C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/25 11:45:26 | 00,000,746 | ---- | C] () -- C:\Users\r4a9s\Desktop\ERUNT.lnk
[2009/09/25 11:45:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/09/25 01:27:19 | 00,001,930 | ---- | C] () -- C:\Users\r4a9s\Desktop\HijackThis.lnk
[2009/09/25 01:27:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/09/19 12:57:14 | 45,376,203 | ---- | C] () -- C:\Users\r4a9s\Desktop\Logo.psd
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2009/09/17 10:57:17 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2009/09/17 10:40:11 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/09/16 23:12:42 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0007.dll
[2009/09/16 23:12:42 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0007.dll
[2009/09/16 23:12:38 | 02,582,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLsvc.exe
[2009/09/16 23:12:38 | 02,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FunctionDiscoveryFolder.dll
[2009/09/16 23:12:38 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FunctionDiscoveryFolder.dll
[2009/09/16 23:12:38 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCExt.dll
[2009/09/16 23:12:37 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NlsLexicons0009.dll
[2009/09/16 23:12:37 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NlsLexicons0009.dll
[2009/09/16 23:12:35 | 04,699,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2009/09/16 23:12:35 | 02,280,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2009/09/16 23:12:35 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCExt.dll
[2009/09/16 23:12:35 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msstrc.dll
[2009/09/16 23:12:35 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2009/09/16 23:12:35 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmlfilter.dll
[2009/09/16 23:12:35 | 00,019,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2009/09/16 23:12:35 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2009/09/16 23:12:33 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2009/09/16 23:12:31 | 02,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2009/09/16 23:12:31 | 01,381,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2009/09/16 23:12:31 | 01,165,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2009/09/16 23:12:31 | 01,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2fs.dll
[2009/09/16 23:12:31 | 01,085,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz2.dll
[2009/09/16 23:12:31 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz2.dll
[2009/09/16 23:12:31 | 00,948,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hdaudbus.sys
[2009/09/16 23:12:31 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WscEapPr.dll
[2009/09/16 23:12:31 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WscEapPr.dll
[2009/09/16 23:12:31 | 00,046,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardcpl.cpl
[2009/09/16 23:12:30 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2009/09/16 23:12:30 | 00,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2009/09/16 23:12:30 | 00,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2009/09/16 23:12:29 | 03,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2009/09/16 23:12:29 | 00,886,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmain.dll
[2009/09/16 23:12:28 | 12,897,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2009/09/16 23:12:28 | 01,515,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ntfs.sys
[2009/09/16 23:12:28 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2009/09/16 23:12:27 | 01,582,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2009/09/16 23:12:27 | 00,946,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavenge.dll
[2009/09/16 23:12:27 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys
[2009/09/16 23:12:27 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2009/09/16 23:12:27 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2009/09/16 23:12:27 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2009/09/16 23:12:27 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2009/09/16 23:12:26 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll
[2009/09/16 23:12:26 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2fs.dll
[2009/09/16 23:12:25 | 03,263,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmcndmgr.dll
[2009/09/16 23:12:25 | 01,804,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2009/09/16 23:12:25 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2009/09/16 23:12:24 | 01,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2009/09/16 23:12:24 | 00,836,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\p2psvc.dll
[2009/09/16 23:12:24 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2009/09/16 23:12:24 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardcpl.cpl
[2009/09/16 23:12:23 | 02,715,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2009/09/16 23:12:23 | 02,506,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2009/09/16 23:12:23 | 01,418,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayCpl.dll
[2009/09/16 23:12:23 | 01,185,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2009/09/16 23:12:23 | 00,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spinstall.exe
[2009/09/16 23:12:23 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spreview.exe
[2009/09/16 23:12:22 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
[2009/09/16 23:12:22 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchIndexer.exe
[2009/09/16 23:12:22 | 00,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwizui.dll
[2009/09/16 23:12:22 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwizui.dll
[2009/09/16 23:12:20 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shell32.dll
[2009/09/16 23:12:20 | 03,433,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfsr.exe
[2009/09/16 23:12:20 | 01,915,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2009/09/16 23:12:20 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2009/09/16 23:12:20 | 00,796,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2009/09/16 23:12:20 | 00,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdohlp.dll
[2009/09/16 23:12:20 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2009/09/16 23:12:20 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spinstall.exe
[2009/09/16 23:12:20 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spreview.exe
[2009/09/16 23:12:19 | 00,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2VDEC.DLL
[2009/09/16 23:12:19 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2009/09/16 23:12:19 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\p2psvc.dll
[2009/09/16 23:12:19 | 00,501,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2009/09/16 23:12:19 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SearchIndexer.exe
[2009/09/16 23:12:19 | 00,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2009/09/16 23:12:19 | 00,223,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_GenuineIntel.dll
[2009/09/16 23:12:19 | 00,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2009/09/16 23:12:19 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

 

[r4a9s]

OTL Log, Part 2

[2009/09/16 23:12:19 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorPwdMgr.dll
[2009/09/16 23:12:19 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorPwdMgr.dll
[2009/09/16 23:12:18 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi2.dll
[2009/09/16 23:12:18 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2009/09/16 23:12:17 | 01,165,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntdll.dll
[2009/09/16 23:12:17 | 00,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kernel32.dll
[2009/09/16 23:12:17 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2VDEC.DLL
[2009/09/16 23:12:17 | 00,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv.sys
[2009/09/16 23:12:17 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2009/09/16 23:12:17 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2009/09/16 23:12:17 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscoree.dll
[2009/09/16 23:12:17 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2009/09/16 23:12:17 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\korwbrkr.dll
[2009/09/16 23:12:16 | 03,894,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2009/09/16 23:12:16 | 02,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Query.dll
[2009/09/16 23:12:16 | 00,922,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2009/09/16 23:12:16 | 00,403,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscoree.dll
[2009/09/16 23:12:16 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi2.dll
[2009/09/16 23:12:16 | 00,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2009/09/16 23:12:16 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdohlp.dll
[2009/09/16 23:12:15 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2009/09/16 23:12:15 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2009/09/16 23:12:15 | 00,606,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\http.sys
[2009/09/16 23:12:15 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2009/09/16 23:12:15 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2009/09/16 23:12:15 | 00,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshsq.dll
[2009/09/16 23:12:15 | 00,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sperror.dll
[2009/09/16 23:12:15 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\korwbrkr.dll
[2009/09/16 23:12:14 | 01,673,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsAnytimeUpgradeCPL.dll
[2009/09/16 23:12:14 | 01,259,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2009/09/16 23:12:14 | 01,019,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10.IME
[2009/09/16 23:12:14 | 00,401,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\P2PGraph.dll
[2009/09/16 23:12:14 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2009/09/16 23:12:14 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2009/09/16 23:12:14 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshsq.dll
[2009/09/16 23:12:14 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLC.dll
[2009/09/16 23:12:14 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sperror.dll
[2009/09/16 23:12:14 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2009/09/16 23:12:13 | 01,925,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2009/09/16 23:12:13 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjet40.dll
[2009/09/16 23:12:13 | 01,491,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtsvc.dll
[2009/09/16 23:12:13 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6.dll
[2009/09/16 23:12:13 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelinesvc.exe
[2009/09/16 23:12:13 | 00,738,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndis.sys
[2009/09/16 23:12:13 | 00,581,632 | ---- | C] (Microsoft) -- C:\Windows\SysNative\IasMigPlugin.dll
[2009/09/16 23:12:13 | 00,558,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2009/09/16 23:12:13 | 00,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2009/09/16 23:12:13 | 00,164,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Storport.sys
[2009/09/16 23:12:13 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorAPI.dll
[2009/09/16 23:12:13 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorAPI.dll
[2009/09/16 23:12:13 | 00,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2009/09/16 23:12:13 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\compcln.exe
[2009/09/16 23:12:13 | 00,049,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2009/09/16 23:12:12 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Query.dll
[2009/09/16 23:12:12 | 01,081,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qmgr.dll
[2009/09/16 23:12:12 | 01,078,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2009/09/16 23:12:12 | 01,064,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2009/09/16 23:12:12 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10.IME
[2009/09/16 23:12:12 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user32.dll
[2009/09/16 23:12:12 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srchadmin.dll
[2009/09/16 23:12:12 | 00,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2009/09/16 23:12:12 | 00,171,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2009/09/16 23:12:12 | 00,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EhStorShell.dll
[2009/09/16 23:12:12 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EhStorShell.dll
[2009/09/16 23:12:12 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBth.dll
[2009/09/16 23:12:11 | 03,079,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/09/16 23:12:11 | 01,733,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2009/09/16 23:12:11 | 01,584,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diagperf.dll
[2009/09/16 23:12:11 | 01,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2009/09/16 23:12:11 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ole32.dll
[2009/09/16 23:12:11 | 01,065,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2009/09/16 23:12:11 | 00,967,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mblctr.exe
[2009/09/16 23:12:11 | 00,719,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcss.dll
[2009/09/16 23:12:11 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IasMigReader.exe
[2009/09/16 23:12:11 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexch40.dll
[2009/09/16 23:12:11 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\P2PGraph.dll
[2009/09/16 23:12:11 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srchadmin.dll
[2009/09/16 23:12:10 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2009/09/16 23:12:10 | 01,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2009/09/16 23:12:10 | 01,658,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2009/09/16 23:12:10 | 01,650,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browseui.dll
[2009/09/16 23:12:10 | 01,433,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VSSVC.exe
[2009/09/16 23:12:10 | 01,357,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2009/09/16 23:12:10 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3.dll
[2009/09/16 23:12:10 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\riched20.dll
[2009/09/16 23:12:10 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\IasMigPlugin.dll
[2009/09/16 23:12:10 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2009/09/16 23:12:10 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdi32.dll
[2009/09/16 23:12:10 | 00,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spoolss.dll
[2009/09/16 23:12:10 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2009/09/16 23:12:10 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingWizard.exe
[2009/09/16 23:12:10 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingWizard.exe
[2009/09/16 23:12:09 | 01,930,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d9.dll
[2009/09/16 23:12:09 | 01,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2009/09/16 23:12:09 | 01,092,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmSvc.dll
[2009/09/16 23:12:09 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2009/09/16 23:12:09 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2009/09/16 23:12:09 | 00,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\afd.sys
[2009/09/16 23:12:09 | 00,379,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2009/09/16 23:12:09 | 00,347,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2009/09/16 23:12:09 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcrypt.dll
[2009/09/16 23:12:09 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SearchProtocolHost.exe
[2009/09/16 23:12:09 | 00,123,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2009/09/16 23:12:09 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBth.dll
[2009/09/16 23:12:09 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SearchFilterHost.exe
[2009/09/16 23:12:08 | 02,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dbgeng.dll
[2009/09/16 23:12:08 | 02,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apds.dll
[2009/09/16 23:12:08 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\milcore.dll
[2009/09/16 23:12:08 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2009/09/16 23:12:08 | 00,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2009/09/16 23:12:08 | 00,843,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schedsvc.dll
[2009/09/16 23:12:08 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NaturalLanguage6.dll
[2009/09/16 23:12:08 | 00,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapimig.exe
[2009/09/16 23:12:08 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eudcedit.exe
[2009/09/16 23:12:08 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasrecst.dll
[2009/09/16 23:12:08 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spoolss.dll
[2009/09/16 23:12:07 | 01,040,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2009/09/16 23:12:07 | 01,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpedit.dll
[2009/09/16 23:12:07 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpedit.dll
[2009/09/16 23:12:07 | 00,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comuid.dll
[2009/09/16 23:12:07 | 00,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2009/09/16 23:12:07 | 00,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2009/09/16 23:12:07 | 00,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiosrv.dll
[2009/09/16 23:12:07 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp60.dll
[2009/09/16 23:12:07 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\es.dll
[2009/09/16 23:12:07 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjtes40.dll
[2009/09/16 23:12:07 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwmi.dll
[2009/09/16 23:12:07 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Storprop.dll
[2009/09/16 23:12:06 | 01,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2009/09/16 23:12:06 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2009/09/16 23:12:06 | 00,820,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2009/09/16 23:12:06 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advapi32.dll
[2009/09/16 23:12:06 | 00,668,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2009/09/16 23:12:06 | 00,620,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsmsnap.dll
[2009/09/16 23:12:06 | 00,455,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll
[2009/09/16 23:12:06 | 00,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll
[2009/09/16 23:12:06 | 00,394,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtapi.dll
[2009/09/16 23:12:06 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstext40.dll
[2009/09/16 23:12:06 | 00,275,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fltMgr.sys
[2009/09/16 23:12:06 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\es.dll
[2009/09/16 23:12:06 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nlhtml.dll
[2009/09/16 23:12:06 | 00,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationSettings.exe
[2009/09/16 23:12:06 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLC.dll
[2009/09/16 23:12:06 | 00,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayServices.dll
[2009/09/16 23:12:06 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2009/09/16 23:12:05 | 01,681,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcnwiz.dll
[2009/09/16 23:12:05 | 01,570,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2009/09/16 23:12:05 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2009/09/16 23:12:05 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vssapi.dll
[2009/09/16 23:12:05 | 00,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2009/09/16 23:12:05 | 00,503,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2009/09/16 23:12:05 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devmgr.dll
[2009/09/16 23:12:05 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxbde40.dll
[2009/09/16 23:12:05 | 00,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2009/09/16 23:12:05 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msexcl40.dll
[2009/09/16 23:12:05 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2009/09/16 23:12:05 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2009/09/16 23:12:05 | 00,238,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnNetsh.dll
[2009/09/16 23:12:05 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebClnt.dll
[2009/09/16 23:12:05 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srvnet.sys
[2009/09/16 23:12:05 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuxiliaryDisplayDriverLib.dll
[2009/09/16 23:12:05 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwmi.dll
[2009/09/16 23:12:04 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2009/09/16 23:12:04 | 01,499,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtctm.dll
[2009/09/16 23:12:04 | 01,195,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2009/09/16 23:12:04 | 01,098,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NetProjW.dll
[2009/09/16 23:12:04 | 00,581,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcncsvc.dll
[2009/09/16 23:12:04 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfp.dll
[2009/09/16 23:12:04 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairingProxy.dll
[2009/09/16 23:12:04 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairingProxy.dll
[2009/09/16 23:12:04 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdBthProxy.dll
[2009/09/16 23:12:03 | 00,660,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2009/09/16 23:12:03 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrepl40.dll
[2009/09/16 23:12:03 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2009/09/16 23:12:03 | 00,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp60.dll
[2009/09/16 23:12:03 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2009/09/16 23:12:03 | 00,372,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\w32time.dll
[2009/09/16 23:12:03 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2009/09/16 23:12:03 | 00,289,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2009/09/16 23:12:03 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spoolsv.exe
[2009/09/16 23:12:03 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebClnt.dll
[2009/09/16 23:12:03 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2009/09/16 23:12:02 | 01,748,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certmgr.dll
[2009/09/16 23:12:02 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2009/09/16 23:12:02 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\crypt32.dll
[2009/09/16 23:12:02 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propsys.dll
[2009/09/16 23:12:02 | 00,727,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdtcprx.dll
[2009/09/16 23:12:02 | 00,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpsvc.dll
[2009/09/16 23:12:02 | 00,631,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLCommDlg.dll
[2009/09/16 23:12:02 | 00,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2009/09/16 23:12:02 | 00,354,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2009/09/16 23:12:02 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\umpnpmgr.dll
[2009/09/16 23:12:02 | 00,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netbt.sys
[2009/09/16 23:12:02 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eudcedit.exe
[2009/09/16 23:12:02 | 00,164,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2009/09/16 23:12:02 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrecst.dll
[2009/09/16 23:12:02 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2009/09/16 23:12:01 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2009/09/16 23:12:01 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d9.dll
[2009/09/16 23:12:01 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupapi.dll
[2009/09/16 23:12:01 | 00,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoScreensaver.scr
[2009/09/16 23:12:01 | 00,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2009/09/16 23:12:01 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mspbde40.dll
[2009/09/16 23:12:01 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdbss.sys
[2009/09/16 23:12:00 | 01,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMNetMgr.dll
[2009/09/16 23:12:00 | 00,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPSSVC.dll
[2009/09/16 23:12:00 | 00,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\swprv.dll
[2009/09/16 23:12:00 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2009/09/16 23:12:00 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLUI.exe
[2009/09/16 23:12:00 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2009/09/16 23:11:59 | 00,841,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2009/09/16 23:11:59 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2009/09/16 23:11:59 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msltus40.dll
[2009/09/16 23:11:58 | 01,543,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2009/09/16 23:11:58 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browseui.dll
[2009/09/16 23:11:58 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2009/09/16 23:11:58 | 00,671,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2009/09/16 23:11:58 | 00,581,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sqlsrv32.dll
[2009/09/16 23:11:58 | 00,380,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2009/09/16 23:11:58 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shlwapi.dll
[2009/09/16 23:11:58 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd3x40.dll
[2009/09/16 23:11:58 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2009/09/16 23:11:58 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbhub.sys
[2009/09/16 23:11:58 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtapi.dll
[2009/09/16 23:11:58 | 00,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/16 23:11:58 | 00,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2009/09/16 23:11:57 | 03,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2009/09/16 23:11:57 | 03,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2009/09/16 23:11:57 | 02,272,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2009/09/16 23:11:57 | 01,394,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wercon.exe
[2009/09/16 23:11:57 | 00,935,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ipsecsnp.dll
[2009/09/16 23:11:57 | 00,885,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgkrnl.sys
[2009/09/16 23:11:57 | 00,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2009/09/16 23:11:57 | 00,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2009/09/16 23:11:57 | 00,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2009/09/16 23:11:57 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iassdo.dll
[2009/09/16 23:11:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll
[2009/09/16 23:11:57 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlhtml.dll
[2009/09/16 23:11:57 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2009/09/16 23:11:56 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netshell.dll
[2009/09/16 23:11:56 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2009/09/16 23:11:56 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SLCommDlg.dll
[2009/09/16 23:11:56 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaut32.dll
[2009/09/16 23:11:56 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comdlg32.dll
[2009/09/16 23:11:56 | 00,462,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2009/09/16 23:11:56 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2009/09/16 23:11:56 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\QAGENTRT.DLL
[2009/09/16 23:11:56 | 00,304,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mswsock.dll
[2009/09/16 23:11:56 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2009/09/16 23:11:56 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnNetsh.dll
[2009/09/16 23:11:55 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apds.dll
[2009/09/16 23:11:55 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2009/09/16 23:11:55 | 01,114,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFaultSecure.exe
[2009/09/16 23:11:55 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctf.dll
[2009/09/16 23:11:55 | 00,717,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netlogon.dll
[2009/09/16 23:11:55 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcrt.dll
[2009/09/16 23:11:55 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswstr10.dll
[2009/09/16 23:11:55 | 00,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PhotoMetadataHandler.dll
[2009/09/16 23:11:55 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\emdmgmt.dll
[2009/09/16 23:11:55 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winhttp.dll
[2009/09/16 23:11:55 | 00,264,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2009/09/16 23:11:55 | 00,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll
[2009/09/16 23:11:55 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrxdav.sys
[2009/09/16 23:11:55 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propdefs.dll
[2009/09/16 23:11:55 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xmlfilter.dll
[2009/09/16 23:11:54 | 00,992,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2009/09/16 23:11:54 | 00,894,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\azroles.dll
[2009/09/16 23:11:54 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPSECSVC.DLL
[2009/09/16 23:11:54 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sqlsrv32.dll
[2009/09/16 23:11:54 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrd2x40.dll
[2009/09/16 23:11:54 | 00,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtutil.exe
[2009/09/16 23:11:54 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2009/09/16 23:11:54 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2009/09/16 23:11:54 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2009/09/16 23:11:54 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll
[2009/09/16 23:11:54 | 00,166,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2009/09/16 23:11:53 | 02,570,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\milcore.dll
[2009/09/16 23:11:53 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbgeng.dll
[2009/09/16 23:11:53 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanpref.dll
[2009/09/16 23:11:53 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shdocvw.dll
[2009/09/16 23:11:53 | 00,981,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2009/09/16 23:11:53 | 00,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2009/09/16 23:11:53 | 00,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDApi.dll
[2009/09/16 23:11:53 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2009/09/16 23:11:53 | 00,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wldap32.dll
[2009/09/16 23:11:53 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasnap.dll
[2009/09/16 23:11:53 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propdefs.dll
[2009/09/16 23:11:53 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscb.dll
[2009/09/16 23:11:52 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcndmgr.dll
[2009/09/16 23:11:52 | 01,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2009/09/16 23:11:52 | 01,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2009/09/16 23:11:52 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmSvc.dll
[2009/09/16 23:11:52 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usp10.dll
[2009/09/16 23:11:52 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iassam.dll
[2009/09/16 23:11:52 | 00,215,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msiscsi.sys
[2009/09/16 23:11:52 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtutil.exe
[2009/09/16 23:11:52 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2009/09/16 23:11:52 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2009/09/16 23:11:52 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll
[2009/09/16 23:11:51 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcnwiz.dll
[2009/09/16 23:11:51 | 00,923,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2009/09/16 23:11:51 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll
[2009/09/16 23:11:51 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2009/09/16 23:11:51 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2009/09/16 23:11:51 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2009/09/16 23:11:51 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoMetadataHandler.dll
[2009/09/16 23:11:51 | 00,405,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2009/09/16 23:11:51 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devmgr.dll
[2009/09/16 23:11:51 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDApi.dll
[2009/09/16 23:11:51 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wldap32.dll
[2009/09/16 23:11:51 | 00,269,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\volsnap.sys
[2009/09/16 23:11:51 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsldpc.dll
[2009/09/16 23:11:51 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2009/09/16 23:11:51 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2009/09/16 23:11:51 | 00,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\srv2.sys
[2009/09/16 23:11:51 | 00,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2009/09/16 23:11:51 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfp.dll
[2009/09/16 23:11:51 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtffilt.dll
[2009/09/16 23:11:51 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscb.dll
[2009/09/16 23:11:51 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdBthProxy.dll
[2009/09/16 23:11:50 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\brcpl.dll
[2009/09/16 23:11:50 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2009/09/16 23:11:50 | 01,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2009/09/16 23:11:50 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswdat10.dll
[2009/09/16 23:11:50 | 00,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnrollUI.dll
[2009/09/16 23:11:50 | 00,748,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2009/09/16 23:11:50 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecs.dll
[2009/09/16 23:11:50 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2009/09/16 23:11:50 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2009/09/16 23:11:50 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdtcprx.dll
[2009/09/16 23:11:50 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds.exe
[2009/09/16 23:11:50 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comdlg32.dll
[2009/09/16 23:11:50 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wcncsvc.dll
[2009/09/16 23:11:50 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsmsnap.dll
[2009/09/16 23:11:50 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2009/09/16 23:11:50 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2009/09/16 23:11:50 | 00,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmans.dll
[2009/09/16 23:11:50 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\services.exe
[2009/09/16 23:11:50 | 00,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2009/09/16 23:11:50 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2009/09/16 23:11:50 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskeng.exe
[2009/09/16 23:11:50 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2009/09/16 23:11:50 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2009/09/16 23:11:50 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imapi.dll
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quick.ime
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qintlgnt.ime
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\phon.ime
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cintlgnt.ime
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chajei.ime
[2009/09/16 23:11:50 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rasl2tp.sys
[2009/09/16 23:11:50 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reg.exe
[2009/09/16 23:11:50 | 00,073,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\partmgr.sys
[2009/09/16 23:11:50 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdProxy.dll
[2009/09/16 23:11:50 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjter40.dll
[2009/09/16 23:11:50 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mimefilt.dll
[2009/09/16 23:11:50 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mimefilt.dll
[2009/09/16 23:11:50 | 00,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciide.sys
[2009/09/16 23:11:49 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMNetMgr.dll
[2009/09/16 23:11:49 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2009/09/16 23:11:49 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PhotoScreensaver.scr
[2009/09/16 23:11:49 | 00,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaservc.dll
[2009/09/16 23:11:49 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RelMon.dll
[2009/09/16 23:11:49 | 00,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2009/09/16 23:11:49 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxclu.dll
[2009/09/16 23:11:49 | 00,361,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfs.sys
[2009/09/16 23:11:49 | 00,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winspool.drv
[2009/09/16 23:11:49 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2009/09/16 23:11:49 | 00,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pdh.dll
[2009/09/16 23:11:49 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offfilt.dll
[2009/09/16 23:11:49 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rsaenh.dll
[2009/09/16 23:11:49 | 00,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrobj.dll
[2009/09/16 23:11:49 | 00,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpsetup.dll
[2009/09/16 23:11:49 | 00,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fundisc.dll
[2009/09/16 23:11:49 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiswan.sys
[2009/09/16 23:11:49 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnsapi.dll
[2009/09/16 23:11:49 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MMDevAPI.dll
[2009/09/16 23:11:49 | 00,123,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2009/09/16 23:11:49 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysclass.dll
[2009/09/16 23:11:49 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\raspptp.sys
[2009/09/16 23:11:49 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\reg.exe
[2009/09/16 23:11:49 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2009/09/16 23:11:49 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtffilt.dll
[2009/09/16 23:11:49 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2009/09/16 23:11:48 | 01,321,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2009/09/16 23:11:48 | 00,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sethc.exe
[2009/09/16 23:11:48 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcomm.dll
[2009/09/16 23:11:48 | 00,488,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msinfo32.exe
[2009/09/16 23:11:48 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netapi32.dll
[2009/09/16 23:11:48 | 00,325,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpi.sys
[2009/09/16 23:11:48 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxclu.dll
[2009/09/16 23:11:48 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2009/09/16 23:11:48 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2009/09/16 23:11:48 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2009/09/16 23:11:48 | 00,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsldpc.dll
[2009/09/16 23:11:48 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasrad.dll
[2009/09/16 23:11:48 | 00,178,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pci.sys
[2009/09/16 23:11:48 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fundisc.dll
[2009/09/16 23:11:48 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcsvc6.dll
[2009/09/16 23:11:48 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptsvc.dll
[2009/09/16 23:11:48 | 00,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msiexec.exe
[2009/09/16 23:11:48 | 00,108,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2009/09/16 23:11:48 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2009/09/16 23:11:48 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscories.dll
[2009/09/16 23:11:48 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2009/09/16 23:11:48 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msstrc.dll
[2009/09/16 23:11:48 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2009/09/16 23:11:48 | 00,034,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2009/09/16 23:11:48 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hidserv.dll
[2009/09/16 23:11:47 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chsbrkr.dll
[2009/09/16 23:11:47 | 01,035,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2009/09/16 23:11:47 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2009/09/16 23:11:47 | 00,980,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printui.dll
[2009/09/16 23:11:47 | 00,785,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Utilman.exe
[2009/09/16 23:11:47 | 00,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autofmt.exe
[2009/09/16 23:11:47 | 00,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\termsrv.dll
[2009/09/16 23:11:47 | 00,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrxsmb10.sys
[2009/09/16 23:11:47 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsvcs.dll
[2009/09/16 23:11:47 | 00,238,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpipcfg.dll
[2009/09/16 23:11:47 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2009/09/16 23:11:47 | 00,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2009/09/16 23:11:47 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2009/09/16 23:11:47 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrxsmb.sys
[2009/09/16 23:11:47 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imapi.dll
[2009/09/16 23:11:47 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msiexec.exe
[2009/09/16 23:11:47 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLUINotify.dll
[2009/09/16 23:11:47 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasdatastore.dll
[2009/09/16 23:11:47 | 00,062,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\termdd.sys
[2009/09/16 23:11:46 | 02,024,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll
[2009/09/16 23:11:46 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll
[2009/09/16 23:11:46 | 01,691,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\connect.dll
[2009/09/16 23:11:46 | 00,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2009/09/16 23:11:46 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autofmt.exe
[2009/09/16 23:11:46 | 00,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsound.dll
[2009/09/16 23:11:46 | 00,408,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\volmgrx.sys
[2009/09/16 23:11:46 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2009/09/16 23:11:46 | 00,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scansetting.dll
[2009/09/16 23:11:46 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc.dll
[2009/09/16 23:11:46 | 00,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2009/09/16 23:11:46 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2009/09/16 23:11:46 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iassdo.dll
[2009/09/16 23:11:46 | 00,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2009/09/16 23:11:46 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2009/09/16 23:11:46 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imm32.dll
[2009/09/16 23:11:46 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Kswdmcap.ax
[2009/09/16 23:11:46 | 00,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2009/09/16 23:11:46 | 00,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs

 

[r4a9s]

OTL Log, Part 3

[2009/09/16 23:11:46 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasads.dll
[2009/09/16 23:11:46 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2009/09/16 23:11:46 | 00,039,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2009/09/16 23:11:46 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spcmsg.dll
[2009/09/16 23:11:46 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spcmsg.dll
[2009/09/16 23:11:45 | 02,420,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcenter.dll
[2009/09/16 23:11:45 | 01,676,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chsbrkr.dll
[2009/09/16 23:11:45 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2009/09/16 23:11:45 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pidgenx.dll
[2009/09/16 23:11:45 | 01,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pidgenx.dll
[2009/09/16 23:11:45 | 01,060,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmsys.cpl
[2009/09/16 23:11:45 | 00,911,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdlg.dll
[2009/09/16 23:11:45 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2009/09/16 23:11:45 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\azroles.dll
[2009/09/16 23:11:45 | 00,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prnntfy.dll
[2009/09/16 23:11:45 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnrollUI.dll
[2009/09/16 23:11:45 | 00,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsdyn.dll
[2009/09/16 23:11:45 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2009/09/16 23:11:45 | 00,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2009/09/16 23:11:45 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winlogon.exe
[2009/09/16 23:11:45 | 00,310,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msrpc.sys
[2009/09/16 23:11:45 | 00,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2009/09/16 23:11:45 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winspool.drv
[2009/09/16 23:11:45 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pdh.dll
[2009/09/16 23:11:45 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcsvc.dll
[2009/09/16 23:11:45 | 00,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spp.dll
[2009/09/16 23:11:45 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2009/09/16 23:11:45 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2009/09/16 23:11:45 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskpart.exe
[2009/09/16 23:11:45 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SCardSvr.dll
[2009/09/16 23:11:45 | 00,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\userenv.dll
[2009/09/16 23:11:45 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2009/09/16 23:11:45 | 00,073,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscories.dll
[2009/09/16 23:11:45 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ipfltdrv.sys
[2009/09/16 23:11:45 | 00,059,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mup.sys
[2009/09/16 23:11:44 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SyncCenter.dll
[2009/09/16 23:11:44 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/16 23:11:43 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certmgr.dll
[2009/09/16 23:11:43 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcomm.dll
[2009/09/16 23:11:43 | 00,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoconv.exe
[2009/09/16 23:11:43 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sethc.exe
[2009/09/16 23:11:43 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comuid.dll
[2009/09/16 23:11:43 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imkr80.ime
[2009/09/16 23:11:43 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WindowsCodecsExt.dll
[2009/09/16 23:11:43 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2009/09/16 23:11:43 | 00,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquoui.dll
[2009/09/16 23:11:43 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncrypt.dll
[2009/09/16 23:11:43 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iassam.dll
[2009/09/16 23:11:43 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrobj.dll
[2009/09/16 23:11:43 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spp.dll
[2009/09/16 23:11:43 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iashlpr.dll
[2009/09/16 23:11:43 | 00,067,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\disk.sys
[2009/09/16 23:11:43 | 00,055,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSHED.DLL
[2009/09/16 23:11:43 | 00,049,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys
[2009/09/16 23:11:43 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2009/09/16 23:11:43 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2009/09/16 23:11:43 | 00,019,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2009/09/16 23:11:42 | 01,891,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2009/09/16 23:11:42 | 01,740,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\onex.dll
[2009/09/16 23:11:42 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printui.dll
[2009/09/16 23:11:42 | 00,734,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2009/09/16 23:11:42 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoconv.exe
[2009/09/16 23:11:42 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2009/09/16 23:11:42 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasapi32.dll
[2009/09/16 23:11:42 | 00,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\diskraid.exe
[2009/09/16 23:11:42 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastls.dll
[2009/09/16 23:11:42 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2009/09/16 23:11:42 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2009/09/16 23:11:42 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2009/09/16 23:11:42 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2009/09/16 23:11:42 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srvsvc.dll
[2009/09/16 23:11:42 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntmarta.dll
[2009/09/16 23:11:42 | 00,155,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ecache.sys
[2009/09/16 23:11:42 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasnap.dll
[2009/09/16 23:11:42 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2009/09/16 23:11:42 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iassvcs.dll
[2009/09/16 23:11:42 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpr.dll
[2009/09/16 23:11:42 | 00,067,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\volmgr.sys
[2009/09/16 23:11:41 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2009/09/16 23:11:41 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\onex.dll
[2009/09/16 23:11:41 | 01,444,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PerfCenterCPL.dll
[2009/09/16 23:11:41 | 01,301,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themecpl.dll
[2009/09/16 23:11:41 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2009/09/16 23:11:41 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scecli.dll
[2009/09/16 23:11:41 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2009/09/16 23:11:41 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mswsock.dll
[2009/09/16 23:11:41 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2009/09/16 23:11:41 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2009/09/16 23:11:41 | 00,153,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basecsp.dll
[2009/09/16 23:11:41 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wusa.exe
[2009/09/16 23:11:41 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2009/09/16 23:11:41 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\basecsp.dll
[2009/09/16 23:11:41 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powrprof.dll
[2009/09/16 23:11:41 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\userenv.dll
[2009/09/16 23:11:41 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2009/09/16 23:11:41 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\audiodg.exe
[2009/09/16 23:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iasacct.dll
[2009/09/16 23:11:41 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logman.exe
[2009/09/16 23:11:41 | 00,029,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys
[2009/09/16 23:11:41 | 00,022,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2009/09/16 23:11:41 | 00,020,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi.sys
[2009/09/16 23:11:41 | 00,019,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spldr.sys
[2009/09/16 23:11:40 | 03,235,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkmap.dll
[2009/09/16 23:11:40 | 01,882,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpccpl.dll
[2009/09/16 23:11:40 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFaultSecure.exe
[2009/09/16 23:11:40 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Utilman.exe
[2009/09/16 23:11:40 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2009/09/16 23:11:40 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe
[2009/09/16 23:11:40 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2009/09/16 23:11:40 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2009/09/16 23:11:40 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RelMon.dll
[2009/09/16 23:11:40 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tapisrv.dll
[2009/09/16 23:11:40 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2009/09/16 23:11:40 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2009/09/16 23:11:40 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regsvc.dll
[2009/09/16 23:11:40 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offfilt.dll
[2009/09/16 23:11:40 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmm.dll
[2009/09/16 23:11:40 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2009/09/16 23:11:40 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\exfat.sys
[2009/09/16 23:11:40 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Faultrep.dll
[2009/09/16 23:11:40 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2009/09/16 23:11:40 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authz.dll
[2009/09/16 23:11:40 | 00,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstlsapi.dll
[2009/09/16 23:11:40 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsrslvr.dll
[2009/09/16 23:11:40 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSCard.dll
[2009/09/16 23:11:40 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsepno.dll
[2009/09/16 23:11:39 | 01,279,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2009/09/16 23:11:39 | 00,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2009/09/16 23:11:39 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2009/09/16 23:11:39 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\stobject.dll
[2009/09/16 23:11:39 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prnntfy.dll
[2009/09/16 23:11:39 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsound.dll
[2009/09/16 23:11:39 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AudioEng.dll
[2009/09/16 23:11:39 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscms.dll
[2009/09/16 23:11:39 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsvcs.dll
[2009/09/16 23:11:39 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskraid.exe
[2009/09/16 23:11:39 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscntfy.dll
[2009/09/16 23:11:39 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2009/09/16 23:11:39 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3svc.dll
[2009/09/16 23:11:39 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVol.exe
[2009/09/16 23:11:39 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2009/09/16 23:11:39 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apphelp.dll
[2009/09/16 23:11:39 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscript.exe
[2009/09/16 23:11:39 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2009/09/16 23:11:39 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2009/09/16 23:11:39 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Kswdmcap.ax
[2009/09/16 23:11:39 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2009/09/16 23:11:39 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\console.dll
[2009/09/16 23:11:39 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ulib.dll
[2009/09/16 23:11:39 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IPHLPAPI.DLL
[2009/09/16 23:11:39 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adsmsext.dll
[2009/09/16 23:11:39 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastapi.dll
[2009/09/16 23:11:39 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsnmp32.dll
[2009/09/16 23:11:39 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasdatastore.dll
[2009/09/16 23:11:39 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSTheme.exe
[2009/09/16 23:11:38 | 01,110,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2009/09/16 23:11:38 | 00,881,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2009/09/16 23:11:38 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipsecsnp.dll
[2009/09/16 23:11:38 | 00,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2009/09/16 23:11:38 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autoplay.dll
[2009/09/16 23:11:38 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlangpui.dll
[2009/09/16 23:11:38 | 00,387,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\zipfldr.dll
[2009/09/16 23:11:38 | 00,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2009/09/16 23:11:38 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rastls.dll
[2009/09/16 23:11:38 | 00,234,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2009/09/16 23:11:38 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnpsetup.dll
[2009/09/16 23:11:38 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2009/09/16 23:11:38 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\diskpart.exe
[2009/09/16 23:11:38 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mrxsmb20.sys
[2009/09/16 23:11:38 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdx.sys
[2009/09/16 23:11:38 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rastapi.dll
[2009/09/16 23:11:38 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpapi.dll
[2009/09/16 23:11:38 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iashlpr.dll
[2009/09/16 23:11:38 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2009/09/16 23:11:38 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdProxy.dll
[2009/09/16 23:11:38 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2009/09/16 23:11:37 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2009/09/16 23:11:37 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sud.dll
[2009/09/16 23:11:37 | 00,898,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercpl.dll
[2009/09/16 23:11:37 | 00,810,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcc.dll
[2009/09/16 23:11:37 | 00,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpcao.dll
[2009/09/16 23:11:37 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaui.dll
[2009/09/16 23:11:37 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsdyn.dll
[2009/09/16 23:11:37 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IKEEXT.DLL
[2009/09/16 23:11:37 | 00,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imkr80.ime
[2009/09/16 23:11:37 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\zipfldr.dll
[2009/09/16 23:11:37 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\modemui.dll
[2009/09/16 23:11:37 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasapi32.dll
[2009/09/16 23:11:37 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2009/09/16 23:11:37 | 00,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscript.exe
[2009/09/16 23:11:37 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2009/09/16 23:11:37 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasrad.dll
[2009/09/16 23:11:37 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscorier.dll
[2009/09/16 23:11:37 | 00,154,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscorier.dll
[2009/09/16 23:11:37 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wusa.exe
[2009/09/16 23:11:37 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshext.dll
[2009/09/16 23:11:37 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\regapi.dll
[2009/09/16 23:11:37 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hdwwiz.exe
[2009/09/16 23:11:37 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2009/09/16 23:11:37 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\findstr.exe
[2009/09/16 23:11:37 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logman.exe
[2009/09/16 23:11:37 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbehci.sys
[2009/09/16 23:11:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshbth.dll
[2009/09/16 23:11:37 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceEject.exe
[2009/09/16 23:11:37 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msisip.dll
[2009/09/16 23:11:36 | 06,100,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\chtbrkr.dll
[2009/09/16 23:11:36 | 02,680,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\accessibilitycpl.dll
[2009/09/16 23:11:36 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcenter.dll
[2009/09/16 23:11:36 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2009/09/16 23:11:36 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdlg.dll
[2009/09/16 23:11:36 | 00,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2009/09/16 23:11:36 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnpui.dll
[2009/09/16 23:11:36 | 00,589,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptui.dll
[2009/09/16 23:11:36 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2009/09/16 23:11:36 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imm32.dll
[2009/09/16 23:11:36 | 00,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2009/09/16 23:11:36 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2009/09/16 23:11:36 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ulib.dll
[2009/09/16 23:11:36 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshext.dll
[2009/09/16 23:11:36 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pacer.sys
[2009/09/16 23:11:36 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iassvcs.dll
[2009/09/16 23:11:36 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\feclient.dll
[2009/09/16 23:11:35 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkmap.dll
[2009/09/16 23:11:35 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themecpl.dll
[2009/09/16 23:11:35 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcc.dll
[2009/09/16 23:11:35 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2009/09/16 23:11:35 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2009/09/16 23:11:35 | 00,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\riched20.dll
[2009/09/16 23:11:35 | 00,474,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2009/09/16 23:11:35 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasplap.dll
[2009/09/16 23:11:35 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasppp.dll
[2009/09/16 23:11:35 | 00,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\udfs.sys
[2009/09/16 23:11:35 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scansetting.dll
[2009/09/16 23:11:35 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll
[2009/09/16 23:11:35 | 00,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tcpmon.dll
[2009/09/16 23:11:35 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msutb.dll
[2009/09/16 23:11:35 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2009/09/16 23:11:35 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntmarta.dll
[2009/09/16 23:11:35 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powrprof.dll
[2009/09/16 23:11:35 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wanarp.sys
[2009/09/16 23:11:35 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstlsapi.dll
[2009/09/16 23:11:35 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasacct.dll
[2009/09/16 23:11:35 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iasads.dll
[2009/09/16 23:11:35 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsnmp32.dll
[2009/09/16 23:11:35 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dataclen.dll
[2009/09/16 23:11:35 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ifmon.dll
[2009/09/16 23:11:35 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssprxy.dll
[2009/09/16 23:11:35 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsbyuv.dll
[2009/09/16 23:11:35 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2009/09/16 23:11:34 | 02,575,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SyncCenter.dll
[2009/09/16 23:11:34 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\accessibilitycpl.dll
[2009/09/16 23:11:34 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanpref.dll
[2009/09/16 23:11:34 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\connect.dll
[2009/09/16 23:11:34 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PerfCenterCPL.dll
[2009/09/16 23:11:34 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sud.dll
[2009/09/16 23:11:34 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2009/09/16 23:11:34 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll
[2009/09/16 23:11:34 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercpl.dll
[2009/09/16 23:11:34 | 00,622,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2009/09/16 23:11:34 | 00,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2009/09/16 23:11:34 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll
[2009/09/16 23:11:34 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autoplay.dll
[2009/09/16 23:11:34 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2009/09/16 23:11:34 | 00,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlangpui.dll
[2009/09/16 23:11:34 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pcaui.dll
[2009/09/16 23:11:34 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BFE.DLL
[2009/09/16 23:11:34 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinfo32.exe
[2009/09/16 23:11:34 | 00,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2009/09/16 23:11:34 | 00,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\thawbrkr.dll
[2009/09/16 23:11:34 | 00,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\raschap.dll
[2009/09/16 23:11:34 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/09/16 23:11:34 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scksp.dll
[2009/09/16 23:11:34 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2009/09/16 23:11:34 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleprn.dll
[2009/09/16 23:11:34 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pintlgnt.ime
[2009/09/16 23:11:34 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authz.dll
[2009/09/16 23:11:34 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2009/09/16 23:11:34 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2009/09/16 23:11:34 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\regapi.dll
[2009/09/16 23:11:34 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\samlib.dll
[2009/09/16 23:11:34 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmci.dll
[2009/09/16 23:11:34 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmmon32.exe
[2009/09/16 23:11:34 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rekeywiz.exe
[2009/09/16 23:11:34 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2009/09/16 23:11:34 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\npfs.sys
[2009/09/16 23:11:34 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimtf.dll
[2009/09/16 23:11:34 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iaspolcy.dll
[2009/09/16 23:11:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hidserv.dll
[2009/09/16 23:11:34 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fc.exe
[2009/09/16 23:11:34 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\kbdhid.sys
[2009/09/16 23:11:34 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscisvif.dll
[2009/09/16 23:11:34 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwinsat.dll
[2009/09/16 23:11:34 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2009/09/16 23:11:33 | 02,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPEncEn.dll
[2009/09/16 23:11:33 | 01,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPEncEn.dll
[2009/09/16 23:11:33 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmsys.cpl
[2009/09/16 23:11:33 | 00,779,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2009/09/16 23:11:33 | 00,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2009/09/16 23:11:33 | 00,669,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaaut.dll
[2009/09/16 23:11:33 | 00,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2009/09/16 23:11:33 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpcao.dll
[2009/09/16 23:11:33 | 00,439,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winhttp.dll
[2009/09/16 23:11:33 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
[2009/09/16 23:11:33 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2009/09/16 23:11:33 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2009/09/16 23:11:33 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2009/09/16 23:11:33 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscandui.dll
[2009/09/16 23:11:33 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tapisrv.dll
[2009/09/16 23:11:33 | 00,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dsprop.dll
[2009/09/16 23:11:33 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontext.dll
[2009/09/16 23:11:33 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Faultrep.dll
[2009/09/16 23:11:33 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scksp.dll
[2009/09/16 23:11:33 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdsutil.dll
[2009/09/16 23:11:33 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2009/09/16 23:11:33 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AudioSes.dll
[2009/09/16 23:11:33 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleprn.dll
[2009/09/16 23:11:33 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3msm.dll
[2009/09/16 23:11:33 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3msm.dll
[2009/09/16 23:11:33 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpr.dll
[2009/09/16 23:11:33 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPUnattend.exe
[2009/09/16 23:11:33 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\feclient.dll
[2009/09/16 23:11:33 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certprop.dll
[2009/09/16 23:11:33 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rekeywiz.exe
[2009/09/16 23:11:33 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\printfilterpipelineprxy.dll
[2009/09/16 23:11:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iaspolcy.dll
[2009/09/16 23:11:33 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\whealogr.dll
[2009/09/16 23:11:33 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsdchngr.dll
[2009/09/16 23:11:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscisvif.dll
[2009/09/16 23:11:33 | 00,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2009/09/16 23:11:33 | 00,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man

 

[r4a9s]

OTL Log, Part 4

[2009/09/16 23:11:32 | 03,341,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netshell.dll
[2009/09/16 23:11:32 | 01,738,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscui.cpl
[2009/09/16 23:11:32 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscui.cpl
[2009/09/16 23:11:32 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasgcw.dll
[2009/09/16 23:11:32 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2009/09/16 23:11:32 | 00,557,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpeffects.dll
[2009/09/16 23:11:32 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2009/09/16 23:11:32 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptui.dll
[2009/09/16 23:11:32 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapimig.exe
[2009/09/16 23:11:32 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasplap.dll
[2009/09/16 23:11:32 | 00,221,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2009/09/16 23:11:32 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certreq.exe
[2009/09/16 23:11:32 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scecli.dll
[2009/09/16 23:11:32 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2009/09/16 23:11:32 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hdwwiz.exe
[2009/09/16 23:11:32 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2009/09/16 23:11:32 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSTheme.exe
[2009/09/16 23:11:32 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PnPutil.exe
[2009/09/16 23:11:32 | 00,032,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys
[2009/09/16 23:11:32 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2009/09/16 23:11:32 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwinsat.dll
[2009/09/16 23:11:31 | 02,535,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSVidCtl.dll
[2009/09/16 23:11:31 | 02,438,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oobefldr.dll
[2009/09/16 23:11:31 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oobefldr.dll
[2009/09/16 23:11:31 | 01,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2009/09/16 23:11:31 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVidCtl.dll
[2009/09/16 23:11:31 | 00,688,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2009/09/16 23:11:31 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2009/09/16 23:11:31 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2009/09/16 23:11:31 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2009/09/16 23:11:31 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaaut.dll
[2009/09/16 23:11:31 | 00,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmdev.dll
[2009/09/16 23:11:31 | 00,521,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cmdial32.dll
[2009/09/16 23:11:31 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmdial32.dll
[2009/09/16 23:11:31 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shwebsvc.dll
[2009/09/16 23:11:31 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2009/09/16 23:11:31 | 00,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2009/09/16 23:11:31 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\modemui.dll
[2009/09/16 23:11:31 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\raschap.dll
[2009/09/16 23:11:31 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unimdm.tsp
[2009/09/16 23:11:31 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasppp.dll
[2009/09/16 23:11:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certreq.exe
[2009/09/16 23:11:31 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msutb.dll
[2009/09/16 23:11:31 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanui.dll
[2009/09/16 23:11:31 | 00,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpwd.sys
[2009/09/16 23:11:31 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanui.dll
[2009/09/16 23:11:31 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2009/09/16 23:11:31 | 00,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nwifi.sys
[2009/09/16 23:11:31 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVol.exe
[2009/09/16 23:11:31 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpipcfg.dll
[2009/09/16 23:11:31 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdmaud.drv
[2009/09/16 23:11:31 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\softkbd.dll
[2009/09/16 23:11:31 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontext.dll
[2009/09/16 23:11:31 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2009/09/16 23:11:31 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dsprop.dll
[2009/09/16 23:11:31 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tcpmon.dll
[2009/09/16 23:11:31 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shsetup.dll
[2009/09/16 23:11:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\btpanui.dll
[2009/09/16 23:11:31 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\shsetup.dll
[2009/09/16 23:11:31 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2009/09/16 23:11:31 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlgpclnt.dll
[2009/09/16 23:11:31 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SCardSvr.dll
[2009/09/16 23:11:31 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conime.exe
[2009/09/16 23:11:31 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWSD.dll
[2009/09/16 23:11:31 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rassstp.sys
[2009/09/16 23:11:31 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscsvc.dll
[2009/09/16 23:11:31 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\conime.exe
[2009/09/16 23:11:31 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cipher.exe
[2009/09/16 23:11:31 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdWSD.dll
[2009/09/16 23:11:31 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\l2nacp.dll
[2009/09/16 23:11:31 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2009/09/16 23:11:31 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmmon32.exe
[2009/09/16 23:11:31 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys
[2009/09/16 23:11:31 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxsms.dll
[2009/09/16 23:11:31 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\whealogr.dll
[2009/09/16 23:11:31 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsCtfMonitor.dll
[2009/09/16 23:11:30 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\chtbrkr.dll
[2009/09/16 23:11:30 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkexplorer.dll
[2009/09/16 23:11:30 | 00,946,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2009/09/16 23:11:30 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2009/09/16 23:11:30 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2009/09/16 23:11:30 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmnet.dll
[2009/09/16 23:11:30 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2009/09/16 23:11:30 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2009/09/16 23:11:30 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\thawbrkr.dll
[2009/09/16 23:11:30 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpeffects.dll
[2009/09/16 23:11:30 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2009/09/16 23:11:30 | 00,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2009/09/16 23:11:30 | 00,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstask.dll
[2009/09/16 23:11:30 | 00,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2009/09/16 23:11:30 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpdwcn.dll
[2009/09/16 23:11:30 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscandui.dll
[2009/09/16 23:11:30 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2009/09/16 23:11:30 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmontr.dll
[2009/09/16 23:11:30 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mdminst.dll
[2009/09/16 23:11:30 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceTypes.dll
[2009/09/16 23:11:30 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpdwcn.dll
[2009/09/16 23:11:30 | 00,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2009/09/16 23:11:30 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2009/09/16 23:11:30 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\credui.dll
[2009/09/16 23:11:30 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSDMon.dll
[2009/09/16 23:11:30 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmontr.dll
[2009/09/16 23:11:30 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpcsvc.dll
[2009/09/16 23:11:30 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpresult.exe
[2009/09/16 23:11:30 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctfui.dll
[2009/09/16 23:11:30 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adsmsext.dll
[2009/09/16 23:11:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\logagent.exe
[2009/09/16 23:11:30 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlgpclnt.dll
[2009/09/16 23:11:30 | 00,072,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ohci1394.sys
[2009/09/16 23:11:30 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cipher.exe
[2009/09/16 23:11:30 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2009/09/16 23:11:30 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskmon.dll
[2009/09/16 23:11:30 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dataclen.dll
[2009/09/16 23:11:30 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscapi.dll
[2009/09/16 23:11:30 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2009/09/16 23:11:30 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimtf.dll
[2009/09/16 23:11:30 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ifmon.dll
[2009/09/16 23:11:30 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\findstr.exe
[2009/09/16 23:11:30 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\version.dll
[2009/09/16 23:11:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NcdProp.dll
[2009/09/16 23:11:29 | 00,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2009/09/16 23:11:29 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2009/09/16 23:11:29 | 00,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmdev.dll
[2009/09/16 23:11:29 | 00,403,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MediaMetadataHandler.dll
[2009/09/16 23:11:29 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MediaMetadataHandler.dll
[2009/09/16 23:11:29 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2009/09/16 23:11:29 | 00,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2009/09/16 23:11:29 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2009/09/16 23:11:29 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAC3ENC.DLL
[2009/09/16 23:11:29 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2009/09/16 23:11:29 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\puiapi.dll
[2009/09/16 23:11:29 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mprapi.dll
[2009/09/16 23:11:29 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\softkbd.dll
[2009/09/16 23:11:29 | 00,116,736 | ---- | C] (Microsoft) -- C:\Windows\SysNative\SMBHelperClass.dll
[2009/09/16 23:11:29 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\logagent.exe
[2009/09/16 23:11:29 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmsynth.dll
[2009/09/16 23:11:29 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mprapi.dll
[2009/09/16 23:11:29 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\olepro32.dll
[2009/09/16 23:11:29 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smb.sys
[2009/09/16 23:11:29 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msctfui.dll
[2009/09/16 23:11:29 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdSSDP.dll
[2009/09/16 23:11:29 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sendmail.dll
[2009/09/16 23:11:29 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rshx32.dll
[2009/09/16 23:11:29 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2009/09/16 23:11:29 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\deskadp.dll
[2009/09/16 23:11:29 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshbth.dll
[2009/09/16 23:11:29 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscdll.dll
[2009/09/16 23:11:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2009/09/16 23:11:29 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\version.dll
[2009/09/16 23:11:29 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fc.exe
[2009/09/16 23:11:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdial.exe
[2009/09/16 23:11:29 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msisip.dll
[2009/09/16 23:11:29 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidusb.sys
[2009/09/16 23:11:28 | 02,247,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkexplorer.dll
[2009/09/16 23:11:28 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2009/09/16 23:11:28 | 00,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpps.dll
[2009/09/16 23:11:28 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmnet.dll
[2009/09/16 23:11:28 | 00,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll
[2009/09/16 23:11:28 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscntfy.dll
[2009/09/16 23:11:28 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdmaud.drv
[2009/09/16 23:11:28 | 00,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll
[2009/09/16 23:11:28 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SLLUA.exe
[2009/09/16 23:11:28 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll
[2009/09/16 23:11:28 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceTypes.dll
[2009/09/16 23:11:28 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAC3ENC.DLL
[2009/09/16 23:11:28 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mydocs.dll
[2009/09/16 23:11:28 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll
[2009/09/16 23:11:28 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tintlgnt.ime
[2009/09/16 23:11:28 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceClassExtension.dll
[2009/09/16 23:11:28 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll
[2009/09/16 23:11:28 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmusic.dll
[2009/09/16 23:11:28 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys
[2009/09/16 23:11:28 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dfsc.sys
[2009/09/16 23:11:28 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceClassExtension.dll
[2009/09/16 23:11:28 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll
[2009/09/16 23:11:28 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2009/09/16 23:11:28 | 00,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2009/09/16 23:11:28 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\SMBHelperClass.dll
[2009/09/16 23:11:28 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nslookup.exe
[2009/09/16 23:11:28 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2009/09/16 23:11:28 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PNPXAssoc.dll
[2009/09/16 23:11:28 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdWCN.dll
[2009/09/16 23:11:28 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdSSDP.dll
[2009/09/16 23:11:28 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Storprop.dll
[2009/09/16 23:11:28 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tscupgrd.exe
[2009/09/16 23:11:28 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dot3cfg.dll
[2009/09/16 23:11:28 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tscupgrd.exe
[2009/09/16 23:11:28 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fdeploy.dll
[2009/09/16 23:11:28 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2009/09/16 23:11:28 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\networkitemfactory.dll
[2009/09/16 23:11:28 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hbaapi.dll
[2009/09/16 23:11:28 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dot3cfg.dll
[2009/09/16 23:11:28 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2009/09/16 23:11:28 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\l2nacp.dll
[2009/09/16 23:11:28 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftp.exe
[2009/09/16 23:11:28 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cbsra.exe
[2009/09/16 23:11:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slcinst.dll
[2009/09/16 23:11:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthci.dll
[2009/09/16 23:11:28 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bitsigd.dll
[2009/09/16 23:11:28 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slcinst.dll
[2009/09/16 23:11:28 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftp.exe
[2009/09/16 23:11:28 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\hbaapi.dll
[2009/09/16 23:11:28 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2009/09/16 23:11:28 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\networkitemfactory.dll
[2009/09/16 23:11:28 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ocsetup.exe
[2009/09/16 23:11:28 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ocsetup.exe
[2009/09/16 23:11:28 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthudtask.exe
[2009/09/16 23:11:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscapi.dll
[2009/09/16 23:11:28 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2009/09/16 23:11:28 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ipconfig.exe
[2009/09/16 23:11:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys
[2009/09/16 23:11:28 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msacm32.drv
[2009/09/16 23:11:28 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msjint40.dll
[2009/09/16 23:11:28 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscdll.dll
[2009/09/16 23:11:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msacm32.drv
[2009/09/16 23:11:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsdchngr.dll
[2009/09/16 23:11:28 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsCtfMonitor.dll
[2009/09/16 23:11:28 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdial.exe
[2009/09/16 23:11:28 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpupdate.exe
[2009/09/16 23:11:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmcico.dll
[2009/09/16 23:11:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CHxReadingStringIME.dll
[2009/09/16 23:11:28 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CHxReadingStringIME.dll
[2009/09/16 23:11:27 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpps.dll
[2009/09/16 23:11:27 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cdrom.sys
[2009/09/16 23:11:27 | 00,068,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys
[2009/09/16 23:11:27 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vss_ps.dll
[2009/09/16 23:11:27 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\raspppoe.sys
[2009/09/16 23:11:27 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbcconf.dll
[2009/09/16 23:11:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcconf.dll
[2009/09/16 23:11:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2009/09/16 23:11:27 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winusb.sys
[2009/09/16 23:11:27 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthudtask.exe
[2009/09/16 23:11:27 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\midimap.dll
[2009/09/16 23:11:27 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrnr.dll
[2009/09/16 23:11:27 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NcdProp.dll
[2009/09/16 23:11:27 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2009/09/16 23:11:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2009/09/16 23:11:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vdmdbg.dll
[2009/09/16 23:11:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\midimap.dll
[2009/09/16 23:11:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2009/09/16 23:11:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2009/09/16 23:11:27 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2009/09/16 23:11:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2009/09/16 23:11:27 | 00,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2009/09/16 23:11:27 | 00,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2009/09/16 23:11:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\f3ahvoas.dll
[2009/09/16 23:11:26 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\f3ahvoas.dll
[2009/09/16 23:11:26 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2009/09/16 23:11:26 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2009/09/16 23:11:18 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdscore.dll
[2009/09/16 23:11:09 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2009/09/16 23:10:14 | 00,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmiEngine.dll
[2009/09/16 23:10:13 | 00,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdscore.dll
[2009/09/16 23:10:12 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PkgMgr.exe
[2009/09/16 23:10:08 | 00,315,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2009/09/09 07:10:38 | 03,547,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2009/09/09 07:10:38 | 02,900,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2009/09/09 07:10:38 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009/09/09 07:10:37 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009/09/09 07:10:37 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2009/09/09 07:10:37 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2009/09/09 07:10:37 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2009/09/09 07:10:37 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2009/09/09 07:10:37 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2009/09/09 07:10:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2009/09/09 07:10:37 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2009/09/09 07:10:37 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2009/09/09 07:10:16 | 01,425,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpip.sys
[2009/09/09 07:10:15 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2009/09/09 07:10:15 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009/09/09 07:10:15 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpipreg.sys
[2009/09/09 07:10:15 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NETSTAT.EXE
[2009/09/09 07:10:15 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009/09/09 07:10:15 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ARP.EXE
[2009/09/09 07:10:14 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ROUTE.EXE
[2009/09/09 07:10:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009/09/09 07:10:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009/09/09 07:10:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009/09/09 07:10:14 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2009/09/09 07:10:14 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRINFO.EXE
[2009/09/09 07:10:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009/09/09 07:10:14 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\finger.exe
[2009/09/09 07:10:14 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TCPSVCS.EXE
[2009/09/09 07:10:14 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009/09/09 07:10:14 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HOSTNAME.EXE
[2009/09/09 07:10:14 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009/09/09 07:10:14 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009/09/09 07:10:06 | 00,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2009/09/09 07:10:06 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009/09/09 07:10:04 | 02,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/09 07:10:04 | 00,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansvc.dll
[2009/09/09 07:10:04 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2009/09/09 07:10:04 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2009/09/09 07:10:04 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009/09/09 07:10:04 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009/09/09 07:10:04 | 00,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\L2SecHC.dll
[2009/09/09 07:10:04 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009/09/09 07:10:04 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2009/09/09 07:10:04 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2009/09/09 07:10:03 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2009/09/09 07:10:03 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2009/09/03 03:24:28 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/09/03 03:23:39 | 76,692,0281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/02 16:52:07 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009/09/02 16:52:07 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009/09/02 16:52:07 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2009/09/02 16:52:07 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009/09/01 15:07:40 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/09/01 15:07:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/09/01 15:07:40 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/06/15 07:59:02 | 00,005,124 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009/01/10 13:04:46 | 00,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 13:04:46 | 00,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:34:27 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[1997/07/11 01:00:00 | 00,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1997/07/11 01:00:00 | 00,031,232 | ---- | C] () -- C:\Windows\SysWow64\XLREC.DLL
[1997/07/11 01:00:00 | 00,025,600 | ---- | C] () -- C:\Windows\SysWow64\RECNCL.DLL
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1997/07/11 01:00:00 | 00,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[2009/09/30 13:20:56 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Users\r4a9s\Desktop\OTL.exe
[2009/09/30 12:22:08 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/30 12:22:08 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/30 08:09:21 | 41,992,965 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/09/30 07:43:33 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{720FCF7A-1C88-4260-99C2-38B2D5865D55}.job
[2009/09/29 20:32:06 | 00,288,768 | ---- | M] () -- C:\Users\r4a9s\Desktop\p91mxo2u.exe
[2009/09/29 20:27:30 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/09/29 20:27:29 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/09/29 20:27:29 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/09/29 20:23:56 | 00,113,494 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/09/29 20:22:30 | 00,000,680 | ---- | M] () -- C:\Users\r4a9s\AppData\Local\d3d9caps.dat
[2009/09/29 20:22:12 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/29 20:22:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/29 20:22:05 | 21,361,33631 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/29 11:14:36 | 00,000,732 | ---- | M] () -- C:\Users\r4a9s\AppData\Local\d3d9caps64.dat
[2009/09/29 01:15:12 | 00,023,040 | ---- | M] () -- C:\Users\r4a9s\Desktop\College Picks.xls
[2009/09/28 22:22:34 | 00,027,134 | ---- | M] () -- C:\Users\r4a9s\Desktop\dad_form.pdf
[2009/09/28 15:21:14 | 00,033,280 | ---- | M] () -- C:\Users\r4a9s\Desktop\dad_form.xls
[2009/09/28 12:59:42 | 45,376,203 | ---- | M] () -- C:\Users\r4a9s\Desktop\Logo.psd
[2009/09/28 12:58:57 | 04,417,562 | ---- | M] () -- C:\Users\r4a9s\Desktop\6_Characters_Logo.jpg
[2009/09/28 12:57:45 | 04,470,505 | ---- | M] () -- C:\Users\r4a9s\Desktop\T-shirt_Logo.jpg
[2009/09/25 11:45:37 | 00,000,945 | ---- | M] () -- C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/25 11:45:26 | 00,000,746 | ---- | M] () -- C:\Users\r4a9s\Desktop\ERUNT.lnk
[2009/09/25 02:20:00 | 00,335,318 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/09/25 01:27:19 | 00,001,930 | ---- | M] () -- C:\Users\r4a9s\Desktop\HijackThis.lnk
[2009/09/22 15:26:06 | 00,331,258 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090925-022000.backup
[2009/09/17 11:02:17 | 02,943,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/09/10 14:53:52 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/09/10 03:20:24 | 76,692,0281 | ---- | M] () -- C:\Windows\MEMORY.DMP
< End of report >

 

[Blade81]

Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread.

Please go to Control Panel > Programs and Features and uninstall the programs listed above (in red).



After that:

Uninstall Java(TM) 6 Update 7



Let's run OTL.

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKLM..\Run: [] File not found
  O4 - HKCU..\Run: [cuecuf] C:\Users\r4a9s\cuecuf.exe ()
  O4 - HKCU..\Run: [riuom] C:\Users\r4a9s\riuom.exe ()
  O4 - HKCU..\Run: [siuop] C:\Users\r4a9s\siuop.exe ()
  O4 - HKCU..\Run: [zoazo] C:\Users\r4a9s\zoazo.exe ()
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log (this time as an attachment. Archive into zip file if needed).

Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

• Read the requirements and privacy statement then click on the Accept button.

• The program will launch and start to download the latest definition files.

• You will be prompted to install an application from Kaspersky. Click Run

• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
• Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives

• Click on My Computer under Scan.

• Once the scan is complete, it will display the results. Click on View Scan Report.

• Click on Save Report As....

• Change the Files of type to Text file (.txt) before clicking on the Save button.

• Save this report to a convenient place.

• Copy and paste that information into your topic.

• The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here

 

[r4a9s]

Kaspersky and OTL Logs

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 1, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 01, 2009 16:22:56
Records in database: 2938476
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 245811
Threats found: 1
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 02:25:33


File name / Threat / Threats count
C:\_OTL\MovedFiles\10012009_100803\Users\r4a9s\cuecuf.exe Infected: Worm.Win32.VBNA.iby 1
C:\_OTL\MovedFiles\10012009_100803\Users\r4a9s\riuom.exe Infected: Worm.Win32.VBNA.iby 1
C:\_OTL\MovedFiles\10012009_100803\Users\r4a9s\siuop.exe Infected: Worm.Win32.VBNA.iby 1
C:\_OTL\MovedFiles\10012009_100803\Users\r4a9s\zoazo.exe Infected: Worm.Win32.VBNA.iby 1

Selected area has been scanned.

OTL Log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cuecuf deleted successfully.
C:\Users\r4a9s\cuecuf.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\riuom deleted successfully.
C:\Users\r4a9s\riuom.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\siuop deleted successfully.
C:\Users\r4a9s\siuop.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zoazo deleted successfully.
C:\Users\r4a9s\zoazo.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: r4a9s
File delete failed. C:\Users\r4a9s\AppData\Local\Temp\etilqs_aRMiVl8zpscGHUSTiMFd scheduled to be deleted on reboot.
->Temp folder emptied: 11470973 bytes
File delete failed. C:\Users\r4a9s\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 59310589 bytes
->Java cache emptied: 47994301 bytes
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 70164322 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
Windows Temp folder emptied: 268641 bytes
RecycleBin emptied: 6739017 bytes

Total Files Cleaned = 186.90 mb


OTL by OldTimer - Version 3.0.16.0 log created on 10012009_100803

Files\Folders moved on Reboot...
File\Folder C:\Users\r4a9s\AppData\Local\Temp\etilqs_aRMiVl8zpscGHUSTiMFd not found!
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_001_ moved successfully.
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_002_ moved successfully.
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_003_ moved successfully.
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\urlclassifier3.sqlite moved successfully.
C:\Users\r4a9s\AppData\Local\Mozilla\Firefox\Profiles\gocqea2x.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

 

[Blade81]

Hi,

Start OTL and check "Skip Microsoft Files" box. Then run the scan otherwise like you did on the first time.

 

[r4a9s]

Otl 2

OTL logfile created on: 10/2/2009 12:38:24 AM - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Users\r4a9s\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.75 Gb Available Physical Memory | 93.76% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.12 Gb Total Space | 462.36 Gb Free Space | 79.56% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.30 Gb Free Space | 55.33% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOY2
Current User Name: r4a9s
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
PRC - C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Users\r4a9s\AppData\Local\Temp\jkos-r4a9s\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Users\r4a9s\AppData\Local\Temp\jkos-r4a9s\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Users\r4a9s\AppData\Local\Temp\jkos-r4a9s\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Users\r4a9s\AppData\Local\Temp\jkos-r4a9s\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Users\r4a9s\AppData\Local\Temp\jkos-r4a9s\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation)
PRC - C:\Users\r4a9s\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AERTFilters [Auto | Running]) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Running]) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (adfs [Auto | Running]) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (AvgLdx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64 [System | Running]) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (BCMH43XX [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\DX432364.sys (Broadcom Corporation)
DRV:64bit: - (e1express [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (iaStor [Disabled | Stopped]) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
DRV:64bit: - (igfx [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64 [Boot | Running]) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (R300 [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (winusb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\WinUSB.SYS (Microsoft Corporation)
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV - (adfs [Auto | Running]) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (winusb [On_Demand | Stopped]) -- C:\Windows\SysWow64\winusb.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/sp?r=al&cf=sp
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2081209
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.neumann.edu/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.neumann.edu/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009/06/27 08:24:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 14:48:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/09/10 16:10:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/09/10 16:10:07 | 00,000,000 | ---D | M]

[2009/05/06 09:05:30 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions
[2008/12/17 12:06:54 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/06 09:05:30 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/10/02 00:11:38 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions
[2009/09/01 15:09:00 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/17 22:04:29 | 00,000,000 | ---D | M] -- C:\Users\r4a9s\AppData\Roaming\mozilla\Firefox\Profiles\gocqea2x.default\extensions\moveplayer@movenetworks.com
[2009/09/01 15:07:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/09/10 16:10:07 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/14 11:30:53 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/09/01 15:07:42 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/10 16:10:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/09/10 16:10:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeploytk.dll
[2009/09/10 16:10:07 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/16 21:04:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (335318 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11491 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DX-NUSB] C:\Program Files (x86)\Dynex\DX-NUSB\v1000\Dynexwcui.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\spybot - search & destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.54.175.38 66.54.175.122
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{78e659fc-d1b3-11dd-8948-00219b19741e}\Shell - "" = AutoRun
O33 - MountPoints2\{78e659fc-d1b3-11dd-8948-00219b19741e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{92409198-cba8-11dd-9734-00219b19741e}\Shell - "" = AutoRun
O33 - MountPoints2\{92409198-cba8-11dd-9734-00219b19741e}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db2f14c3-a90a-11de-9a4b-00219b19741e}\Shell\Auto\command - "" = J:\kugou.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/01 10:09:15 | 02,745,100 | -H-- | C] () -- C:\Users\r4a9s\AppData\Local\IconCache.db
[2009/10/01 10:08:03 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/30 13:20:46 | 00,518,144 | ---- | C] (OldTimer Tools) -- C:\Users\r4a9s\Desktop\OTL.exe
[2009/09/29 20:22:05 | 21,361,33631 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/29 11:14:36 | 00,000,732 | ---- | C] () -- C:\Users\r4a9s\AppData\Local\d3d9caps64.dat
[2009/09/28 15:21:39 | 00,027,134 | ---- | C] () -- C:\Users\r4a9s\Desktop\dad_form.pdf
[2009/09/28 15:21:14 | 00,033,280 | ---- | C] () -- C:\Users\r4a9s\Desktop\dad_form.xls
[2009/09/28 12:58:52 | 04,417,562 | ---- | C] () -- C:\Users\r4a9s\Desktop\6_Characters_Logo.jpg
[2009/09/28 12:57:40 | 04,470,505 | ---- | C] () -- C:\Users\r4a9s\Desktop\T-shirt_Logo.jpg
[2009/09/27 03:05:57 | 00,023,040 | ---- | C] () -- C:\Users\r4a9s\Desktop\College Picks.xls
[2009/09/25 11:46:31 | 00,000,000 | ---D | C] -- C:\Users\r4a9s\Desktop\ERUNT
[2009/09/25 11:45:37 | 00,000,945 | ---- | C] () -- C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/25 11:45:26 | 00,000,746 | ---- | C] () -- C:\Users\r4a9s\Desktop\ERUNT.lnk
[2009/09/25 11:45:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/09/25 01:27:19 | 00,001,930 | ---- | C] () -- C:\Users\r4a9s\Desktop\HijackThis.lnk
[2009/09/25 01:27:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/09/19 12:57:14 | 45,376,203 | ---- | C] () -- C:\Users\r4a9s\Desktop\Logo.psd
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2009/09/17 10:57:19 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2009/09/17 10:57:17 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2009/09/17 10:40:11 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2009/09/16 23:12:19 | 00,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2009/09/16 23:12:19 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/16 23:12:12 | 00,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2009/09/16 23:12:02 | 00,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2009/09/16 23:12:01 | 00,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2009/09/16 23:11:58 | 00,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/16 23:11:58 | 00,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2009/09/16 23:11:57 | 03,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2009/09/16 23:11:57 | 03,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2009/09/16 23:11:57 | 00,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2009/09/16 23:11:47 | 00,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2009/09/16 23:11:46 | 00,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2009/09/16 23:11:46 | 00,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2009/09/16 23:11:44 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/16 23:11:33 | 00,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2009/09/16 23:11:33 | 00,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2009/09/16 23:11:27 | 00,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2009/09/16 23:11:27 | 00,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2009/09/09 07:10:04 | 02,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009/09/03 03:24:28 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/09/03 03:23:39 | 76,692,0281 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/06/15 07:59:02 | 00,005,124 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini
[2009/01/10 13:04:46 | 00,000,611 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 13:04:46 | 00,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2008/01/20 22:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 08:34:27 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[1997/07/11 01:00:00 | 00,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1997/07/11 01:00:00 | 00,031,232 | ---- | C] () -- C:\Windows\SysWow64\XLREC.DLL
[1997/07/11 01:00:00 | 00,025,600 | ---- | C] () -- C:\Windows\SysWow64\RECNCL.DLL
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\Windows\SysWow64\ODBCSTF.DLL
[1997/07/11 01:00:00 | 00,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1997/07/11 01:00:00 | 00,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[2009/10/02 00:21:15 | 42,053,860 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2009/10/02 00:21:15 | 00,004,258 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2009/10/02 00:10:19 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/02 00:10:19 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/01 23:38:37 | 00,023,040 | ---- | M] () -- C:\Users\r4a9s\Desktop\College Picks.xls
[2009/10/01 21:50:02 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{720FCF7A-1C88-4260-99C2-38B2D5865D55}.job
[2009/10/01 10:16:52 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/10/01 10:16:52 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/10/01 10:16:52 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/10/01 10:10:31 | 00,000,680 | ---- | M] () -- C:\Users\r4a9s\AppData\Local\d3d9caps.dat
[2009/10/01 10:10:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/01 10:10:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/01 10:10:05 | 21,361,33631 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/01 10:09:16 | 02,745,100 | -H-- | M] () -- C:\Users\r4a9s\AppData\Local\IconCache.db
[2009/10/01 00:21:16 | 00,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2009/09/30 13:20:56 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Users\r4a9s\Desktop\OTL.exe
[2009/09/29 11:14:36 | 00,000,732 | ---- | M] () -- C:\Users\r4a9s\AppData\Local\d3d9caps64.dat
[2009/09/28 22:22:34 | 00,027,134 | ---- | M] () -- C:\Users\r4a9s\Desktop\dad_form.pdf
[2009/09/28 15:21:14 | 00,033,280 | ---- | M] () -- C:\Users\r4a9s\Desktop\dad_form.xls
[2009/09/28 12:59:42 | 45,376,203 | ---- | M] () -- C:\Users\r4a9s\Desktop\Logo.psd
[2009/09/28 12:58:57 | 04,417,562 | ---- | M] () -- C:\Users\r4a9s\Desktop\6_Characters_Logo.jpg
[2009/09/28 12:57:45 | 04,470,505 | ---- | M] () -- C:\Users\r4a9s\Desktop\T-shirt_Logo.jpg
[2009/09/25 11:45:37 | 00,000,945 | ---- | M] () -- C:\Users\r4a9s\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/09/25 11:45:26 | 00,000,746 | ---- | M] () -- C:\Users\r4a9s\Desktop\ERUNT.lnk
[2009/09/25 02:20:00 | 00,335,318 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/09/25 01:27:19 | 00,001,930 | ---- | M] () -- C:\Users\r4a9s\Desktop\HijackThis.lnk
[2009/09/22 15:26:06 | 00,331,258 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090925-022000.backup
[2009/09/17 11:02:17 | 02,943,216 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/09/10 14:53:52 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/09/10 03:20:24 | 76,692,0281 | ---- | M] () -- C:\Windows\MEMORY.DMP
< End of report >

 

[Blade81]

Looks quite good now. How's the system running?

 

[r4a9s]

System

The machine was running a little slow until I restarted it. It seems to be fine now, however, I noticed some strange entries in the task manager and I want to make sure everything is gone. These started appearing about the same time as the infection occurred, and I don't know what they are:

hkmcd.exe--hkcmd module

igfxpers.exe--persistence module

igfxsrvc.exe -- igfxsrvc module

igfxtray.exe--igfxtray Module

 

[Blade81]

Hi,

Each of those are legit ones

Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.

• Double-click OTL.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[r4a9s]

Thank you for your assistance

Thanks for the help, everything seems to be back in working order!

 

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.