Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Talk malware [Solved]

Started by antonjohn88 , Dec 06 2009 09:29 AM

This topic is locked

#1
antonjohn88

Posted 06 December 2009 - 09:29 AM

Member

Member
13 posts

Hi,
I got a link frm a friend of mine earlier today nd it had a zip file. i opened that nd ma Avast antivirus showd warning. it had an option 2 delete d file nd i clicked that. But later today, wen i use my Google talk, the following message iz posted AUTOMATICALLY to all of my Online Friends. The message is:

" Could I upload this photo to my blog? Do you think it will be good?
http://srv057.images...hoto009.JPG.zip "

I had my entire system scanned using AVAST 4.8 Home edition, but it didnt help...
Pls Help me ASAP.. I searched the above message in google nd found a blog written in Mongolian (which i couldnt understand)
The blog is "http://eternalluck.blogspot.com/"

Someone, please help me ASAP...

#2
Rorschach112

Posted 06 December 2009 - 09:56 AM

Ralphie

Retired Staff
47,710 posts

hi

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time

#3
antonjohn88

Posted 06 December 2009 - 10:27 AM

Member

Topic Starter
Member
13 posts

Contents of extras.txt

OTL Extras logfile created on: 12/6/2009 9:48:15 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\user\Documents\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.51% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 58.63 Gb Free Space | 60.04% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 57.41 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
Drive E: | 102.65 Gb Total Space | 68.55 Gb Free Space | 66.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-320534519-2092302818-1520262176-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{119EE369-2846-4916-AB44-090D97D3C344}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{138A620B-9E6D-4990-B0DD-79ECCC42DE3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{248AC3E3-49F5-4ADA-9C52-6A0B0330C3CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C8869C2-6D90-4BD7-885A-DFF2A22D9FEF}" = lport=137 | protocol=17 | dir=in | app=system |
"{2F9E1FF0-5AE9-429D-B0AE-41D1151C8D02}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{36AA4FC6-CCD9-4CF0-8A0F-492EFAC1AA81}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BFEFB67-1CB6-43F8-BCA0-C2FCD786DC25}" = lport=445 | protocol=6 | dir=in | app=system |
"{3C308006-78C9-4833-AB4D-8BB769CF8E47}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D426AEC-EA2A-4BEA-83EE-9E7B4025FB64}" = lport=138 | protocol=17 | dir=in | app=system |
"{673840A7-D3F0-4CB4-BD4D-EF3A820BA5CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{970DA5FA-09C3-4126-BDE6-42E072B6DFB2}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D86657B-673B-4D17-9669-98C96960E5D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0E7F0D78-116C-477C-B263-E2D6A0AD3BCF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{0F1F255D-22C2-4947-A7AB-4ACB559AB73F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2EB737E4-DED0-47A8-84BA-65D4CB0E3729}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A5D76E5-2F33-4FDB-B6EC-E78857A0C3DD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{564AA587-278C-4737-9F23-97A49E7C51A2}" = protocol=1 | dir=out | [email protected],-28544 |
"{70C7C998-3510-4C3F-826E-A99DC671B4D8}" = protocol=58 | dir=in | [email protected],-28545 |
"{C4656832-57D6-4468-B403-66032FAB241A}" = protocol=58 | dir=out | [email protected],-28546 |
"{D661BA65-FE8E-4E6F-BE7B-43C4AE8274A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DDC7EE9F-1F0A-4AE4-AEF8-56C7DAB7EC0D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DE60048B-8CC3-4A91-AAA9-D76A379B5660}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E0EFC905-AC07-4BC1-97A9-9CE08C31417B}" = protocol=1 | dir=in | [email protected],-28543 |
"{F44B854B-4F0E-471F-AB4F-9DF2111373F6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{41E1ACAD-FD9C-4130-A476-F75BADCCDA1F}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{CAA4207A-FA73-471A-9C27-5C837344CC07}E:\games\gr\graw.exe" = protocol=6 | dir=in | app=e:\games\gr\graw.exe |
"UDP Query User{6D7407FD-BD19-49E1-9DB2-725B5C070190}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{F3C5636F-EE5B-4821-838D-186DE52A75AD}E:\games\gr\graw.exe" = protocol=17 | dir=in | app=e:\games\gr\graw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault™
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Premium
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC918800-3986-4359-A7F9-EFAA3BDF46A9}" = Transcend T.sonic 840 Multimedia Converter
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{FF059F2A-62A7-4E6A-B305-559591D2769E}" = Nokia PC Suite
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AGEIA PhysX v2.3.3" = AGEIA PhysX v2.3.3
"AskTBar Uninstall" = Ask Toolbar
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"avast!" = avast! Antivirus
"Creative OA013" = Integrated Webcam Driver (1.00.04.0310)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gears of War_is1" = Gears of War
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"VLC media player" = VLC media player 1.0.3
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/28/2009 11:19:16 PM | Computer Name = DELL | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\All\IMG_9450.JPG failed, 00000015.

[ Application Events ]
Error - 12/5/2009 8:18:57 AM | Computer Name = DELL | Source = Google Update | ID = 20
Description =

Error - 12/5/2009 9:04:05 AM | Computer Name = DELL | Source = Google Update | ID = 20
Description =

Error - 12/5/2009 10:04:05 AM | Computer Name = DELL | Source = Google Update | ID = 20
Description =

Error - 12/5/2009 10:23:08 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0094b5ed, process id 0x1598, application start time
0x01ca75b676e7c980.

Error - 12/5/2009 10:24:55 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0088b5ed, process id 0x10e8, application start time
0x01ca75b6b697cda0.

Error - 12/5/2009 10:24:57 AM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00a7b5ed, process id 0x127c, application start time
0x01ca75b6b7ec6120.

Error - 12/5/2009 2:59:56 PM | Computer Name = DELL | Source = WinMgmt | ID = 10
Description =

Error - 12/5/2009 3:24:28 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0093b5ed, process id 0x1224, application start time
0x01ca75e08c98afd0.

Error - 12/6/2009 2:04:05 AM | Computer Name = DELL | Source = Google Update | ID = 20
Description =

Error - 12/6/2009 2:04:45 AM | Computer Name = DELL | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11/28/2009 12:22:03 AM | Computer Name = DELL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 0025645B22E8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/28/2009 12:22:14 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

Error - 11/28/2009 1:46:45 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

Error - 11/28/2009 3:22:41 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7011
Description =

Error - 11/28/2009 7:16:11 AM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

Error - 11/28/2009 1:06:33 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

Error - 11/28/2009 1:40:40 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7011
Description =

Error - 11/28/2009 1:51:14 PM | Computer Name = DELL | Source = DCOM | ID = 10010
Description =

Error - 11/28/2009 1:57:44 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

Error - 11/28/2009 11:04:13 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#4
antonjohn88

Posted 06 December 2009 - 10:28 AM

Member

Topic Starter
Member
13 posts

contents of OTL.txt

OTL logfile created on: 12/6/2009 9:48:15 PM - Run 1
OTL by OldTimer - Version 3.1.11.7 Folder = C:\Users\user\Documents\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.51% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 58.63 Gb Free Space | 60.04% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 57.41 Gb Free Space | 58.79% Space Free | Partition Type: NTFS
Drive E: | 102.65 Gb Total Space | 68.55 Gb Free Space | 66.78% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/06 21:45:33 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\Downloads\OTL.exe
PRC - [2009/12/06 04:11:08 | 00,217,088 | ---- | M] ( ) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe
PRC - [2009/11/25 05:21:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 05:21:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 05:21:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 05:18:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 05:13:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/12 04:41:40 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/04/11 11:57:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/08 17:04:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2009/03/06 11:51:04 | 00,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/06 11:51:04 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/02 13:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/02/01 00:15:38 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/31 22:43:30 | 00,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/01/23 11:07:14 | 00,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/11/24 13:56:46 | 00,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/11/17 19:09:20 | 00,555,560 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/09/16 14:02:14 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/09/16 14:02:08 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/09/16 14:02:02 | 00,150,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/09/16 14:01:48 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/21 07:53:48 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 07:52:32 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net.exe
PRC - [2008/01/21 07:52:20 | 00,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
PRC - [2008/01/21 07:51:57 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/01/02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/03/21 01:13:16 | 00,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2005/12/13 08:49:08 | 00,217,088 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2005/11/07 10:09:18 | 00,120,320 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2004/11/02 20:24:46 | 00,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

========== Modules (SafeList) ==========

MOD - [2009/12/06 21:45:33 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\user\Documents\Downloads\OTL.exe
MOD - [2009/04/11 11:51:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/25 05:21:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 05:21:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 05:18:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 05:13:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/20 13:19:57 | 00,085,096 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/20 12:49:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/09/25 06:57:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/24 02:30:06 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/06 11:51:04 | 00,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/02 13:43:08 | 00,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2008/11/17 19:09:20 | 00,555,560 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/01/21 07:51:41 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/10 19:18:02 | 00,774,144 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/11/02 18:04:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2009/11/25 05:19:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 05:18:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 16:25:30 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 16:25:19 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 16:25:09 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/07/03 18:21:36 | 00,168,448 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/03/15 15:55:46 | 00,056,268 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/03/09 17:00:00 | 00,271,712 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA013Vid.sys -- (OA013Vid)
DRV - [2009/03/06 11:51:04 | 00,398,336 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/06 07:30:08 | 00,133,632 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\System32\drivers\OA013Ufd.sys -- (OA013Ufd)
DRV - [2009/02/05 19:48:16 | 00,192,048 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/11/12 21:23:42 | 00,084,008 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/11/12 21:23:40 | 00,109,096 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/11/12 21:23:36 | 00,018,344 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/09/11 10:52:48 | 06,047,904 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/07/25 15:41:10 | 00,029,736 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/01/21 07:51:35 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 07:51:35 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 07:51:35 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 07:51:34 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 07:51:34 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 07:51:34 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 07:51:33 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 07:51:33 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 07:51:33 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 07:51:33 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 07:51:32 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 07:51:32 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 07:51:32 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 07:51:31 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 07:51:31 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 07:51:31 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 07:51:31 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 07:51:30 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 07:51:29 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 07:51:29 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 07:51:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 07:51:28 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 07:51:09 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 07:51:09 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 07:51:09 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/10/26 14:41:02 | 01,044,984 | ---- | M] (Broadcom Corp.) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/02 15:20:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 13:55:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:06:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 12:07:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/08/25 09:17:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/iat/us_in.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 97 3A 4C A7 63 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [google] File not found
O4 - HKCU..\Run: [Google Update] C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [Yahoo Messengger] C:\Windows\System32\SSVICHOSST.exe File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe ( )
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 03:13:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00139e2b-c5dc-11de-8b58-0025645b22e8}\Shell\AutoRun\command - "" = rundll32.exe dx.dll,XxKOo
O33 - MountPoints2\{00139e2b-c5dc-11de-8b58-0025645b22e8}\Shell\open\Command - "" = rundll32.exe .\dx.dll,XxKOo
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\AutoRun\command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\explore\Command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\open\Command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3f49f24a-d993-11de-8370-0025645b22e8}\Shell\AutoRun\command - "" = H:\Gardi\Tuxat\bov.exe -- File not found
O33 - MountPoints2\{3f49f24a-d993-11de-8370-0025645b22e8}\Shell\open\command - "" = H:\Gardi\Tuxat\bov.exe -- File not found
O33 - MountPoints2\{4a1ec2cf-dcc4-11de-8c5f-0025645b22e8}\Shell - "" = AutoRun
O33 - MountPoints2\{4a1ec2cf-dcc4-11de-8c5f-0025645b22e8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9ebab0f-bda5-11de-a156-0025645b22e8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9ebab0f-bda5-11de-a156-0025645b22e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d71f1ed2-bd3e-11de-9007-00265ee4f89d}\Shell\AutoRun\command - "" = H:\se12ydam.exe -- File not found
O33 - MountPoints2\{d71f1ed2-bd3e-11de-9007-00265ee4f89d}\Shell\open\Command - "" = H:\se12ydam.exe -- File not found
O33 - MountPoints2\{d71f1f87-bd3e-11de-9007-0025645b22e8}\Shell\AutoRun\command - "" = H:\nds0q.exe -- File not found
O33 - MountPoints2\{d71f1f87-bd3e-11de-9007-0025645b22e8}\Shell\open\Command - "" = H:\nds0q.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 08:02:53 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {17C449B4-5E25-CE3F-5A5D-580345870BB2} - Microsoft Windows Media Player 11.0
ActiveX: {2150D439-ED31-E817-49DC-0860DE64A0A8} - Themes Setup
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30EC23C4-1F2D-98B8-3621-933091F0D0AC} - Microsoft Windows Media Player 11.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EB78CF23-6744-C9C0-3E28-C28ECE01497E} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/06 16:07:33 | 00,217,088 | ---- | C] ( ) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe
[2009/12/03 19:46:53 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\FIFA 08
[2009/11/30 16:51:15 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nokia Multimedia Player
[2009/11/30 12:22:59 | 00,000,000 | ---D | C] -- C:\.mtvconvertertmp
[2009/11/26 18:29:32 | 00,000,000 | ---D | C] -- C:\Program Files\WinAVI MP4 Converter
[2009/11/25 12:40:10 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 12:21:30 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/21 01:10:44 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\New Folder
[2009/11/19 22:34:09 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\dvdcss
[2009/11/19 16:49:34 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\BluetoothDeviceBackups
[2009/11/19 13:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/11/19 10:40:05 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nokia
[2009/11/19 10:39:52 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DataLayer
[2009/11/19 10:39:47 | 00,000,000 | ---D | C] -- C:\Users\user\Phone Browser
[2009/11/19 10:35:39 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PC Suite
[2009/11/19 10:34:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2009/11/19 10:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2009/11/19 10:34:47 | 00,000,000 | ---D | C] -- C:\Program Files\Nokia
[2009/11/19 10:34:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2009/11/18 07:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/18 06:58:59 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/18 06:58:58 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/18 06:58:58 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/18 06:58:34 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/18 06:58:34 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/18 06:58:34 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/18 06:58:34 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/18 06:58:34 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/18 06:58:34 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/18 06:58:33 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/18 06:58:33 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/18 06:58:33 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/18 06:58:33 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/18 06:58:33 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/18 06:58:33 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/18 06:58:33 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/18 06:58:33 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/18 06:58:33 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/18 06:58:33 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/18 06:58:33 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/18 06:58:33 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/18 06:58:33 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/18 06:58:33 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/18 06:58:33 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/18 06:58:33 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/18 06:58:33 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/18 06:58:33 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/18 06:58:32 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/18 06:58:10 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/18 06:58:10 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/18 06:58:08 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/18 06:58:07 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/18 06:58:07 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/18 06:58:07 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2009/11/18 06:58:07 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/18 06:58:07 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/18 06:58:07 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2009/11/18 06:58:07 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2009/11/18 06:58:06 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/18 06:58:06 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/18 06:57:00 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/18 06:57:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/14 18:17:02 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/11/14 18:17:02 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/11/14 18:17:01 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/11/14 16:43:28 | 00,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2009/11/14 16:28:11 | 00,000,000 | ---D | C] -- C:\Users\user\Documents\EA Games
[2009/11/14 14:56:04 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/11/14 13:39:13 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/11/14 13:39:10 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/11/14 13:39:09 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/11/14 13:39:09 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/11/14 13:39:07 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/11/14 13:39:05 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/11/14 13:39:04 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/11/14 13:39:03 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/11/14 13:39:02 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/11/14 13:39:01 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/11/14 13:39:01 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/11/14 13:39:01 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/11/14 13:39:00 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/11/14 13:38:59 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/11/14 13:38:59 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/11/14 13:38:59 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/11/14 13:38:59 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/11/14 13:38:57 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/11/14 13:38:57 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/11/14 13:38:56 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/11/14 13:38:55 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/11/14 13:38:55 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/11/14 13:38:55 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/11/14 13:38:54 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/11/14 13:38:53 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/11/14 13:38:53 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/11/14 13:38:53 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/11/14 13:38:51 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/11/14 13:38:51 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/11/14 13:38:51 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/11/14 13:38:51 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/11/14 13:38:50 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/11/14 13:38:49 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/11/14 13:38:49 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/11/14 13:38:49 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/11/14 13:38:48 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/11/14 13:38:48 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/11/14 13:38:47 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/11/14 13:38:47 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/11/14 13:38:47 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/11/14 13:38:47 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/11/14 13:38:47 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/11/14 13:38:47 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/11/14 13:38:46 | 00,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2009/11/14 13:38:45 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/11/14 13:38:44 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/11/14 13:38:44 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/11/14 13:38:44 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/11/14 13:38:44 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/11/14 13:38:43 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/11/14 13:38:43 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/11/14 13:38:43 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/11/14 13:38:42 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/11/14 13:38:42 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/11/14 13:38:42 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/11/14 13:38:42 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/11/14 13:38:42 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/11/14 13:38:42 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/11/14 13:38:41 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/11/14 13:38:41 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/11/14 13:38:41 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/11/14 13:38:40 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/11/14 13:38:39 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/11/14 13:38:39 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/11/14 13:38:39 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/11/14 13:38:39 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/11/14 13:38:38 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/11/14 13:38:38 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/11/14 13:38:38 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/11/14 13:38:38 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsquirt.exe
[2009/11/14 13:38:38 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/11/14 13:38:37 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/11/14 13:38:37 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/11/14 13:38:36 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/11/14 13:38:36 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2009/11/14 13:38:35 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/11/14 13:38:35 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/11/14 13:38:35 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/11/14 13:38:35 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/11/14 13:38:34 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/11/14 13:38:34 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/11/14 13:38:33 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/11/14 13:38:33 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/11/14 13:38:33 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/11/14 13:38:32 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/11/14 13:38:32 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/11/14 13:38:32 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/11/14 13:38:32 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/11/14 13:38:32 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/11/14 13:38:31 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/11/14 13:38:31 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/11/14 13:38:31 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/11/14 13:38:31 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/11/14 13:38:30 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/11/14 13:38:30 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/11/14 13:38:30 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/11/14 13:38:30 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/11/14 13:38:29 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/11/14 13:38:29 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/11/14 13:38:29 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/11/14 13:38:29 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/11/14 13:38:29 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/11/14 13:38:28 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/11/14 13:38:27 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/11/14 13:38:27 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/11/14 13:38:27 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/11/14 13:38:27 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/11/14 13:38:27 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/11/14 13:38:27 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/11/14 13:38:26 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/11/14 13:38:26 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/11/14 13:38:25 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/11/14 13:38:25 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/11/14 13:38:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/11/14 13:38:24 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/11/14 13:38:24 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/11/14 13:38:23 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/11/14 13:38:23 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/11/14 13:38:23 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/11/14 13:38:22 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/11/14 13:38:22 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/11/14 13:38:22 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/11/14 13:38:21 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/11/14 13:38:21 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/11/14 13:38:21 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/11/14 13:38:20 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/11/14 13:38:19 | 00,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2009/11/14 13:38:19 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/11/14 13:38:19 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/11/14 13:38:19 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/11/14 13:38:19 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/11/14 13:38:19 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/11/14 13:38:19 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/11/14 13:38:19 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/11/14 13:38:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/11/14 13:38:18 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/11/14 13:38:18 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/11/14 13:38:18 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/11/14 13:38:18 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/11/14 13:38:18 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/11/14 13:38:18 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/11/14 13:38:18 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/11/14 13:38:18 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/11/14 13:38:17 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/11/14 13:38:17 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/11/14 13:38:17 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/11/14 13:38:16 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/11/14 13:38:16 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/11/14 13:38:16 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/11/14 13:38:16 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/11/14 13:38:16 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/11/14 13:38:16 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/11/14 13:38:15 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/11/14 13:38:15 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/11/14 13:38:15 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/11/14 13:38:15 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/11/14 13:38:15 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/11/14 13:38:14 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/11/14 13:38:14 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/11/14 13:38:14 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/11/14 13:38:14 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/11/14 13:38:14 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/11/14 13:38:14 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/11/14 13:38:14 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/11/14 13:38:14 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/11/14 13:38:14 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/11/14 13:38:13 | 00,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2009/11/14 13:38:13 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/11/14 13:38:13 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/11/14 13:38:13 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/11/14 13:38:13 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/11/14 13:38:12 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/11/14 13:38:12 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/11/14 13:38:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/11/14 13:38:11 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/11/14 13:38:11 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/11/14 13:38:11 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/11/14 13:38:11 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/11/14 13:38:11 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/11/14 13:38:11 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/11/14 13:38:11 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/11/14 13:38:10 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/11/14 13:38:10 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/11/14 13:38:10 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/11/14 13:38:10 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/11/14 13:38:09 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/11/14 13:38:09 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/11/14 13:38:09 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/11/14 13:38:09 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/11/14 13:38:09 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/11/14 13:38:09 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/11/14 13:38:09 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/11/14 13:38:08 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/11/14 13:38:07 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/11/14 13:38:07 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/11/14 13:38:07 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/11/14 13:38:07 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/11/14 13:38:07 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/11/14 13:38:07 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/11/14 13:38:07 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/11/14 13:38:07 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/11/14 13:38:07 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/11/14 13:38:07 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/11/14 13:38:06 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/11/14 13:38:06 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/11/14 13:38:06 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/11/14 13:38:06 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/11/14 13:38:06 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/11/14 13:38:05 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/11/14 13:38:05 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/11/14 13:38:05 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/11/14 13:38:04 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/11/14 13:38:04 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/11/14 13:38:04 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/11/14 13:38:04 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/11/14 13:38:04 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/11/14 13:38:04 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/11/14 13:38:04 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/11/14 13:38:03 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/11/14 13:38:03 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/11/14 13:38:03 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/11/14 13:38:02 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/11/14 13:38:02 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/11/14 13:38:02 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/11/14 13:38:01 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/11/14 13:38:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/11/14 13:37:59 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/11/14 13:37:59 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/11/14 13:37:59 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/11/14 13:37:59 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/11/14 13:37:59 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/11/14 13:37:59 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/11/14 13:37:59 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/11/14 13:37:59 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/11/14 13:37:59 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/11/14 13:37:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/11/14 13:37:58 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/11/14 13:37:58 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/11/14 13:37:58 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/11/14 13:37:58 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/11/14 13:37:58 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/11/14 13:37:58 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/11/14 13:37:58 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/11/14 13:37:58 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/11/14 13:37:57 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/11/14 13:37:57 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/11/14 13:37:57 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/11/14 13:37:57 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/11/14 13:37:57 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/11/14 13:37:57 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/11/14 13:37:57 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/11/14 13:37:56 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/11/14 13:37:56 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/11/14 13:37:56 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/11/14 13:37:56 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/11/14 13:37:56 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/11/14 13:37:56 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/11/14 13:37:56 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/11/14 13:37:56 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/11/14 13:37:56 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/11/14 13:37:56 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/11/14 13:37:56 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/11/14 13:37:55 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/11/14 13:37:55 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/11/14 13:37:55 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/11/14 13:37:55 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/11/14 13:37:55 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/11/14 13:37:54 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/11/14 13:37:54 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/11/14 13:37:54 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/11/14 13:37:54 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/11/14 13:37:54 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/11/14 13:37:52 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/11/14 13:37:52 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/11/14 13:37:52 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/11/14 13:37:52 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/11/14 13:37:52 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/11/14 13:37:52 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/11/14 13:37:52 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/11/14 13:37:52 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/11/14 13:37:52 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/11/14 13:37:51 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/11/14 13:37:51 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/11/14 13:37:51 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/11/14 13:37:51 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/11/14 13:37:51 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/11/14 13:37:51 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/11/14 13:37:50 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/11/14 13:37:50 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/11/14 13:37:50 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/11/14 13:37:50 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/11/14 13:37:50 | 00,780,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveui.dll
[2009/11/14 13:37:50 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/11/14 13:37:49 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/11/14 13:37:49 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/11/14 13:37:49 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/11/14 13:37:49 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/11/14 13:37:49 | 00,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2009/11/14 13:37:49 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/11/14 13:37:48 | 00,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2009/11/14 13:37:48 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/11/14 13:37:48 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/11/14 13:37:48 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2009/11/14 13:37:48 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/11/14 13:37:48 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/11/14 13:37:48 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/11/14 13:37:48 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/11/14 13:37:47 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/11/14 13:37:47 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/11/14 13:37:47 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/11/14 13:37:47 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/11/14 13:37:47 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/11/14 13:37:47 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/11/14 13:37:47 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/11/14 13:37:47 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/11/14 13:37:47 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/11/14 13:37:47 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/11/14 13:37:47 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/11/14 13:37:46 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/11/14 13:37:46 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/11/14 13:37:46 | 00,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsUltimateExtrasCPL.dll
[2009/11/14 13:37:46 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/11/14 13:37:46 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/11/14 13:37:46 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/11/14 13:37:46 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/11/14 13:37:46 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/11/14 13:37:46 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/11/14 13:37:46 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/11/14 13:37:45 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/11/14 13:37:45 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/11/14 13:37:45 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/11/14 13:37:45 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/11/14 13:37:45 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/11/14 13:37:45 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/11/14 13:37:45 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/11/14 13:37:45 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/11/14 13:37:44 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/11/14 13:37:44 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/11/14 13:37:44 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/11/14 13:37:44 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/11/14 13:37:44 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/11/14 13:37:44 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/11/14 13:37:44 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/11/14 13:37:44 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/11/14 13:37:44 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/11/14 13:37:44 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/11/14 13:37:44 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/11/14 13:37:43 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/11/14 13:37:43 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/11/14 13:37:43 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/11/14 13:37:43 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/11/14 13:37:43 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/11/14 13:37:42 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/11/14 13:37:42 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/11/14 13:37:42 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/11/14 13:37:42 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/11/14 13:37:42 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/11/14 13:37:42 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/11/14 13:37:42 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/11/14 13:37:41 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/11/14 13:37:41 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/11/14 13:37:41 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/11/14 13:37:41 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/11/14 13:37:40 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/11/14 13:37:40 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/11/14 13:37:40 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/11/14 13:37:40 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/11/14 13:37:39 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/11/14 13:37:39 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/11/14 13:37:39 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/11/14 13:37:39 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2009/11/14 13:37:39 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/11/14 13:37:39 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2009/11/14 13:37:39 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/11/14 13:37:38 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/11/14 13:37:38 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/11/14 13:37:38 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/11/14 13:37:38 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/11/14 13:37:38 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/11/14 13:37:38 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/11/14 13:37:38 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/11/14 13:37:37 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/11/14 13:37:37 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/11/14 13:37:37 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/11/14 13:37:37 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/11/14 13:37:37 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/11/14 13:37:37 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/11/14 13:37:37 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/11/14 13:37:35 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/11/14 13:37:35 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/11/14 13:37:35 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2009/11/14 13:37:35 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/11/14 13:37:35 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/11/14 13:37:34 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/11/14 13:37:34 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/11/14 13:37:34 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/11/14 13:37:34 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2009/11/14 13:37:33 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/11/14 13:37:33 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/11/14 13:37:33 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/11/14 13:37:33 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/11/14 13:37:33 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/11/14 13:37:33 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/11/14 13:37:32 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/11/14 13:37:32 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/11/14 13:37:32 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/11/14 13:37:32 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2009/11/14 13:37:32 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/11/14 13:37:32 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/11/14 13:37:32 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/11/14 13:37:32 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/11/14 13:37:32 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/11/14 13:37:32 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/11/14 13:37:31 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/11/14 13:37:31 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/11/14 13:37:31 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/11/14 13:37:31 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/11/14 13:37:31 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/11/14 13:37:31 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/11/14 13:37:31 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/11/14 13:37:31 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/11/14 13:37:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/11/14 13:37:31 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2009/11/14 13:37:31 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/11/14 13:37:31 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/11/14 13:37:30 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/11/14 13:37:30 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/11/14 13:37:30 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/11/14 13:37:30 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/11/14 13:37:30 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/11/14 13:37:30 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/11/14 13:37:30 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/11/14 13:37:30 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/11/14 13:37:30 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/11/14 13:37:30 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/11/14 13:37:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2009/11/14 13:37:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/11/14 13:37:29 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/11/14 13:37:29 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2009/11/14 13:37:29 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2009/11/14 13:37:29 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2009/11/14 13:37:29 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/11/14 13:37:29 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/11/14 13:37:28 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/11/14 13:37:28 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/11/14 13:37:28 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/11/14 13:37:28 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2009/11/14 13:37:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2009/11/14 13:37:28 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2009/11/14 13:37:28 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2009/11/14 13:37:28 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/11/14 13:37:28 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/11/14 13:37:27 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/11/14 13:37:27 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/11/14 13:37:27 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2009/11/14 13:37:27 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2009/11/14 13:37:27 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2009/11/14 13:37:27 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2009/11/14 13:37:27 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/11/14 13:37:27 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/11/14 13:37:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2009/11/14 13:37:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/11/14 13:37:27 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2009/11/14 13:37:27 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2009/11/14 13:37:27 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/11/14 13:37:26 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/11/14 13:37:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/11/14 13:37:25 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/11/14 13:37:24 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/11/14 13:37:24 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/11/14 13:36:58 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/11/14 13:36:46 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/11/14 13:36:46 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/11/14 13:36:14 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/11/13 19:53:15 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/11/13 19:53:14 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/11/13 19:52:54 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/11/13 19:52:54 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/11/13 19:52:54 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/11/13 19:52:44 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/11/13 19:52:44 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/11/12 19:11:25 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/12 19:11:21 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/09 18:52:24 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\CyberLink
[2009/11/08 17:59:35 | 00,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc

========== Files - Modified Within 30 Days ==========

[2009/12/06 21:50:00 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5960BFD5-6153-445C-B8EA-06AA32BD3B68}.job
[2009/12/06 21:48:31 | 01,835,008 | -HS- | M] () -- C:\Users\user\NTUSER.DAT
[2009/12/06 21:34:00 | 00,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-320534519-2092302818-1520262176-1000UA.job
[2009/12/06 21:33:03 | 00,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/06 21:33:03 | 00,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/06 19:34:00 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-320534519-2092302818-1520262176-1000Core.job
[2009/12/06 14:29:44 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/06 11:39:06 | 01,459,114 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/06 11:39:06 | 00,652,548 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009/12/06 11:39:06 | 00,594,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/06 11:39:06 | 00,125,392 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009/12/06 11:39:06 | 00,100,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/06 11:33:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/06 11:33:08 | 00,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/12/06 11:32:58 | 31,817,60512 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 04:11:08 | 00,217,088 | ---- | M] ( ) -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe
[2009/12/06 02:00:32 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/12/06 02:00:30 | 00,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2009/12/06 02:00:30 | 00,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2009/12/06 02:00:27 | 01,912,222 | -H-- | M] () -- C:\Users\user\AppData\Local\IconCache.db
[2009/12/05 00:06:49 | 00,062,976 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/02 22:01:00 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/11/30 22:45:31 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/30 18:01:44 | 00,013,832 | ---- | M] () -- C:\Users\user\Desktop\CAT admit card.docx
[2009/11/27 22:59:29 | 00,104,944 | ---- | M] () -- C:\Users\user\Desktop\OgAAACT2V1kYooOagMTFsrEYhKL9jisDWIGASSxU2iqJyOH4sirZOSpS_O-4SC9C_gpCY6BTIQTq7YzzXWxrX7K6cP4Am1T1UCfXFpry6A1N4I6TgLfo2GmjuiR2.jpg
[2009/11/26 18:29:32 | 00,000,872 | ---- | M] () -- C:\Users\user\Desktop\WinAVI MP4 Converter.lnk
[2009/11/26 18:28:13 | 00,003,082 | ---- | M] () -- C:\Windows\System32\affv300053706p4now.sys
[2009/11/25 05:24:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/25 05:19:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/25 05:18:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/25 05:17:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/18 07:33:16 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/18 07:33:05 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/14 18:20:59 | 00,443,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/14 17:35:55 | 00,000,530 | ---- | M] () -- C:\Users\Public\Desktop\Medal of Honor Pacific Assault™.lnk
[2009/11/14 16:53:35 | 00,039,936 | ---- | M] () -- C:\Windows\System32\winlmk32.rom
[2009/11/13 22:41:36 | 00,184,320 | ---- | M] () -- C:\Windows\System32\miccyhook.dll
[2009/11/09 18:52:24 | 00,002,968 | ---- | M] () -- C:\Users\user\Documents\PDVD_MediaDisc.PlayList
[2009/11/08 17:56:47 | 00,000,104 | ---- | M] () -- C:\Users\user\Desktop\My Computer.lnk

========== Files Created - No Company Name ==========

[2009/11/30 22:45:31 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/11/27 22:59:29 | 00,104,944 | ---- | C] () -- C:\Users\user\Desktop\OgAAACT2V1kYooOagMTFsrEYhKL9jisDWIGASSxU2iqJyOH4sirZOSpS_O-4SC9C_gpCY6BTIQTq7YzzXWxrX7K6cP4Am1T1UCfXFpry6A1N4I6TgLfo2GmjuiR2.jpg
[2009/11/26 18:29:32 | 00,000,872 | ---- | C] () -- C:\Users\user\Desktop\WinAVI MP4 Converter.lnk
[2009/11/26 18:28:13 | 00,003,082 | ---- | C] () -- C:\Windows\System32\affv300053706p4now.sys
[2009/11/25 11:44:06 | 00,013,832 | ---- | C] () -- C:\Users\user\Desktop\CAT admit card.docx
[2009/11/19 10:35:49 | 00,004,684 | ---- | C] () -- C:\ProgramData\NCCD.log
[2009/11/18 07:33:16 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2009/11/18 07:33:05 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/14 17:35:55 | 00,000,530 | ---- | C] () -- C:\Users\Public\Desktop\Medal of Honor Pacific Assault™.lnk
[2009/11/14 16:53:35 | 00,039,936 | ---- | C] () -- C:\Windows\System32\winlmk32.rom
[2009/11/14 13:38:41 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/11/14 13:38:39 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/11/14 13:38:31 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/11/14 13:38:29 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/11/14 13:38:29 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/14 13:38:27 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/11/14 13:38:27 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/11/14 13:38:24 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/11/14 13:38:12 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/11/14 13:38:10 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/11/14 13:37:31 | 00,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/11/14 13:37:27 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/11/14 13:37:21 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/11/13 22:09:45 | 00,184,320 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2009/11/09 18:52:24 | 00,002,968 | ---- | C] () -- C:\Users\user\Documents\PDVD_MediaDisc.PlayList
[2009/11/08 17:56:47 | 00,000,104 | ---- | C] () -- C:\Users\user\Desktop\My Computer.lnk
[2009/10/27 21:17:30 | 00,034,308 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2009/10/23 18:44:59 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 23:57:00 | 00,062,976 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 12:36:07 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4990.dll
[2009/10/20 12:24:56 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/20 12:17:43 | 00,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2009/10/20 11:36:42 | 00,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2008/01/21 07:53:41 | 00,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006/11/02 18:04:20 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006/03/21 01:13:15 | 00,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/21 07:51:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 07:51:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 07:51:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 07:51:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 07:51:09 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 15:19:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 12:02:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 12:02:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 12:02:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 07:51:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 07:51:09 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 15:19:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 15:16:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 15:16:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 07:51:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 07:51:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 07:51:31 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 15:21:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 11:58:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 11:58:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 07:52:13 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 15:20:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 07:51:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 07:51:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 07:51:29 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 07:52:59 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 11:58:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 11:58:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-04 18:02:40
< End of report >

#5
Rorschach112

Posted 06 December 2009 - 03:30 PM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKCU..\Run: [google] File not found
O33 - MountPoints2\{00139e2b-c5dc-11de-8b58-0025645b22e8}\Shell\AutoRun\command - "" = rundll32.exe dx.dll,XxKOo
O33 - MountPoints2\{00139e2b-c5dc-11de-8b58-0025645b22e8}\Shell\open\Command - "" = rundll32.exe .\dx.dll,XxKOo
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\AutoRun\command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\explore\Command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3979baed-bd47-11de-b1a7-00265ee4f89d}\Shell\open\Command - "" = G:\k.com -- File not found
O33 - MountPoints2\{3f49f24a-d993-11de-8370-0025645b22e8}\Shell\AutoRun\command - "" = H:\Gardi\Tuxat\bov.exe -- File not found
O33 - MountPoints2\{3f49f24a-d993-11de-8370-0025645b22e8}\Shell\open\command - "" = H:\Gardi\Tuxat\bov.exe -- File not found
O33 - MountPoints2\{4a1ec2cf-dcc4-11de-8c5f-0025645b22e8}\Shell - "" = AutoRun
O33 - MountPoints2\{4a1ec2cf-dcc4-11de-8c5f-0025645b22e8}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c9ebab0f-bda5-11de-a156-0025645b22e8}\Shell - "" = AutoRun
O33 - MountPoints2\{c9ebab0f-bda5-11de-a156-0025645b22e8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d71f1ed2-bd3e-11de-9007-00265ee4f89d}\Shell\AutoRun\command - "" = H:\se12ydam.exe -- File not found
O33 - MountPoints2\{d71f1ed2-bd3e-11de-9007-00265ee4f89d}\Shell\open\Command - "" = H:\se12ydam.exe -- File not found
O33 - MountPoints2\{d71f1f87-bd3e-11de-9007-0025645b22e8}\Shell\AutoRun\command - "" = H:\nds0q.exe -- File not found
O33 - MountPoints2\{d71f1f87-bd3e-11de-9007-0025645b22e8}\Shell\open\Command - "" = H:\nds0q.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe -- File not found

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#6
antonjohn88

Posted 07 December 2009 - 07:56 AM

Member

Topic Starter
Member
13 posts

I had dwnloaded d COMBOFIX in ma desktop nd opened it... disabled ma antivirus b4 openin too.. There wuz a small PROGRESS bar wid COMBOFIX writtn above. Nd d process completd within seconds. however, no log file wuz to b found nywhere.. Neither wuz i asked NYHTIN else.. So, wats d nxt step 2 b done??

#7
Rorschach112

Posted 07 December 2009 - 09:53 AM

Ralphie

Retired Staff
47,710 posts

Can you type properly, its hard to read what you are saying

Rename combofix to svchost.com and run it in safe mode

#8
antonjohn88

Posted 07 December 2009 - 11:22 AM

Member

Topic Starter
Member
13 posts

Pardon me for my language. I thought you would understand my chat language.. Extremly sorry about that.. Well, here are the contents of the LOG file that was generated.

ComboFix 09-12-06.A3 - user 12/07/2009 22:33.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3034.1666 [GMT 5.5:30]
Running from: c:\users\user\Desktop\svchost.com.exe
AV: avast! antivirus 4.8.1201 [VPS 091103-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 091103-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\oem17.inf

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 17:11 . 2009-12-07 17:11 -------- d-----w- c:\users\user\AppData\Local\temp
2009-12-07 13:34 . 2009-12-07 13:34 -------- d-----w- C:\_OTL
2009-12-06 14:01 . 2009-12-06 14:01 79367 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-12-06 10:37 . 2009-12-05 22:41 217088 ----a-w- c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe
2009-12-05 04:29 . 2009-12-05 04:29 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-30 11:21 . 2009-11-30 11:21 -------- d-----w- c:\users\user\AppData\Roaming\Nokia Multimedia Player
2009-11-30 06:52 . 2009-11-30 06:53 -------- d-----w- C:\.mtvconvertertmp
2009-11-26 12:59 . 2009-11-26 12:59 4096 d-----w- c:\program files\WinAVI MP4 Converter
2009-11-26 12:58 . 2009-11-26 12:58 3082 ----a-w- c:\windows\system32\affv300053706p4now.sys
2009-11-25 07:10 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:02 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:02 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-19 17:04 . 2009-11-19 17:19 -------- d-----w- c:\users\user\AppData\Roaming\dvdcss
2009-11-19 07:59 . 2009-11-19 07:59 -------- d-----w- c:\program files\MSXML 4.0
2009-11-19 05:10 . 2009-11-19 05:51 -------- d-----w- c:\users\user\AppData\Roaming\Nokia
2009-11-19 05:09 . 2009-11-19 05:09 -------- d-----w- c:\users\user\AppData\Roaming\DataLayer
2009-11-19 05:09 . 2009-11-19 11:20 4096 d-----w- c:\users\user\Phone Browser
2009-11-19 05:05 . 2009-11-19 05:05 -------- d-----w- c:\users\user\AppData\Roaming\PC Suite
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-19 05:04 . 2009-11-19 05:04 4096 d-----w- c:\program files\Common Files\PCSuite
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\program files\Nokia
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\programdata\Downloaded Installations
2009-11-18 02:03 . 2009-11-18 02:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 01:27 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 01:27 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 01:27 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\ca-ES
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\eu-ES
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\vi-VN
2009-11-14 11:13 . 2009-11-14 11:13 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-14 09:26 . 2009-11-14 09:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-14 08:08 . 2009-04-11 06:28 291328 ----a-w- c:\windows\system32\WscEapPr.dll
2009-11-14 08:07 . 2009-04-11 06:28 29184 ----a-w- c:\windows\system32\wsepno.dll
2009-11-14 08:06 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-11-14 08:06 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-11-14 08:06 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-11-14 08:06 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-11-13 16:39 . 2009-11-13 17:11 184320 ----a-w- c:\windows\system32\miccyhook.dll
2009-11-13 14:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 14:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 14:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 14:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 14:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 14:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 14:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 14:22 . 2009-08-06 13:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 14:22 . 2009-08-06 13:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 13:41 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 13:41 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-09 13:22 . 2009-11-09 13:22 -------- d-----w- c:\users\user\AppData\Roaming\CyberLink
2009-11-08 12:29 . 2009-12-07 17:11 4096 d-----w- c:\users\user\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 13:42 . 2008-02-05 17:18 652548 ----a-w- c:\windows\system32\perfh019.dat
2009-12-07 13:42 . 2008-02-05 17:18 125392 ----a-w- c:\windows\system32\perfc019.dat
2009-12-07 13:36 . 2009-10-20 06:06 1356 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-12-07 13:36 . 2009-10-20 06:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-06 09:00 . 2009-10-23 13:09 4096 d-----w- c:\users\user\AppData\Roaming\Skype
2009-12-06 07:50 . 2009-10-23 13:14 -------- d-----w- c:\users\user\AppData\Roaming\skypePM
2009-11-24 23:54 . 2009-10-20 06:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-10-20 06:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-20 06:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-20 06:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 17:46 . 2009-10-20 06:44 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-18 02:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 02:03 . 2009-11-18 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 02:03 . 2009-11-18 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 12:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-14 12:47 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Journal
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Collaboration
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-09 13:15 . 2009-10-20 06:36 4096 d-----w- c:\users\user\AppData\Roaming\Ahead
2009-11-09 12:32 . 2009-10-20 06:28 4096 d-----w- c:\program files\Common Files\Adobe
2009-11-04 14:57 . 2009-11-04 15:23 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-11-04 12:07 . 2009-11-04 12:07 -------- d-----w- c:\program files\Google
2009-11-02 15:12 . 2009-10-29 13:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 08:16 . 2009-11-01 08:16 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-11-01 08:15 . 2009-11-01 08:15 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-28 11:03 . 2009-10-28 11:03 -------- d-----w- c:\users\user\AppData\Roaming\Microsoft Games
2009-10-27 12:16 . 2009-10-27 12:16 4096 d-----w- c:\program files\AGEIA Technologies
2009-10-26 12:27 . 2009-10-26 12:27 4096 d-----w- c:\program files\7-Zip
2009-10-23 13:14 . 2009-10-23 13:14 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----r- c:\program files\Skype
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----w- c:\program files\Common Files\Skype
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----w- c:\programdata\Skype
2009-10-22 16:29 . 2009-10-22 16:29 4096 d-----w- c:\program files\PowerISO
2009-10-22 16:28 . 2009-10-20 06:51 -------- d-----w- c:\program files\VideoLAN
2009-10-21 13:06 . 2009-10-21 13:06 32768 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{EC918800-3986-4359-A7F9-EFAA3BDF46A9}\_106C25005944_4363_90EA_4E4354C64618.exe
2009-10-21 13:06 . 2009-10-21 13:06 -------- d-----w- c:\program files\Transcend
2009-10-20 12:36 . 2009-10-20 12:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 08:08 . 2009-10-20 08:08 -------- d-----w- c:\programdata\GRETECH
2009-10-20 08:08 . 2009-10-20 08:08 -------- d-----w- c:\users\user\AppData\Roaming\GRETECH
2009-10-20 08:06 . 2009-10-20 08:06 -------- d-----w- c:\program files\GRETECH
2009-10-20 07:50 . 2009-10-20 07:42 -------- d-----w- c:\programdata\Autodesk
2009-10-20 07:50 . 2009-10-20 06:08 131432 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 07:49 . 2009-10-20 07:41 12288 d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-20 07:49 . 2009-10-20 07:42 196608 d-----w- c:\program files\AutoCAD 2008
2009-10-20 07:42 . 2009-10-20 07:42 -------- d-----w- c:\users\user\AppData\Roaming\Autodesk
2009-10-20 07:41 . 2009-10-20 06:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-20 07:41 . 2009-10-20 07:41 -------- d-----w- c:\program files\Autodesk
2009-10-20 07:21 . 2009-10-20 07:21 -------- d-----w- c:\programdata\Adobe Systems
2009-10-20 07:19 . 2009-10-20 07:19 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-20 07:15 . 2009-10-20 07:15 -------- d-----w- c:\programdata\CyberLink
2009-10-20 07:00 . 2009-10-20 07:00 -------- d-----w- c:\program files\IDT
2009-10-20 06:58 . 2009-10-20 06:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-20 06:54 . 2009-10-20 06:54 -------- d-----w- c:\program files\Realtek
2009-10-20 06:50 . 2009-10-20 06:50 -------- d-----w- c:\programdata\Yahoo!
2009-10-20 06:50 . 2009-10-20 06:50 -------- d-----w- c:\program files\Yahoo!
2009-10-20 06:44 . 2009-10-20 06:44 -------- d-----w- c:\program files\CyberLink
2009-10-20 06:43 . 2009-10-20 06:39 12288 d-----w- c:\programdata\Microsoft Help
2009-10-20 06:42 . 2009-10-20 06:42 4096 d-----w- c:\program files\Microsoft Works
2009-10-20 06:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-10-20 06:42 . 2009-10-20 06:42 -------- d-----w- c:\program files\Microsoft.NET
2009-10-20 06:40 . 2009-10-20 06:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-20 06:37 . 2009-10-20 06:36 4096 d-----w- c:\program files\Common Files\Ahead
2009-10-20 06:36 . 2009-10-20 06:36 -------- d-----w- c:\programdata\Nero
2009-10-20 06:36 . 2009-10-20 06:36 -------- d-----w- c:\program files\Nero
2009-10-20 06:34 . 2009-10-20 06:34 -------- d-----w- c:\program files\AskTBar
2009-10-20 06:30 . 2009-10-20 06:30 -------- d-----w- c:\program files\Alwil Software
2009-10-20 06:23 . 2009-10-20 06:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-20 06:23 . 2009-10-20 06:23 4096 d-----w- c:\program files\DellTPad
2009-10-20 06:21 . 2009-10-20 06:21 -------- d-----w- c:\program files\Intel
2009-10-20 06:19 . 2009-10-20 06:19 -------- d-----w- c:\program files\WIDCOMM
2009-10-01 01:02 . 2009-11-18 01:28 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 01:28 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 01:28 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 01:28 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 01:28 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 01:28 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 01:28 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 01:28 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 01:28 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 01:28 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 01:28 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 01:28 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 01:28 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 01:28 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 01:28 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 01:28 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 01:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 01:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 01:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 01:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 01:28 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 01:28 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 01:28 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 01:28 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 01:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 01:28 829440 ----a-w- c:\windows\system32\d3d10warp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-10-20 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 4621816]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-22 133104]
"MSSMSGS"="winlmk32.rom" [2009-11-14 39936]
"googletalk"="c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-06 483428]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
wmismqt.exe [2009-12-6 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,3b,26,7b,29,65,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-320534519-2092302818-1520262176-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/20/2009 12:00 PM 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [10/20/2009 12:30 PM 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/20/2009 12:00 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/20/2009 12:00 PM 53328]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\System32\drivers\OA013Ufd.sys [3/6/2009 7:30 AM 133632]
R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\System32\drivers\OA013Vid.sys [3/9/2009 5:00 PM 271712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [10/20/2009 11:49 AM 29736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 7:51 AM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {819F2528-65CF-442A-890D-20F69C558757} = 218.248.255.146 218.248.255.139
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Gears of War_is1 - .:\gears of war\unins000.exe
AddRemove-InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217} - c:\program files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 22:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-07 22:44
ComboFix-quarantined-files.txt 2009-12-07 17:14

Pre-Run: 63,801,069,568 bytes free
Post-Run: 64,453,423,104 bytes free

- - End Of File - - E86D14ACE25AB20D67ED36BAE8C0C271

#9
Rorschach112

Posted 07 December 2009 - 11:50 AM

Ralphie

Retired Staff
47,710 posts

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes

:Services

:Reg

:Files
C:\wmismqt.exe /s
:Commands
[purity]
[emptytemp]
[Reboot]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:file
c:\windows\system32\affv300053706p4now.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

#10
antonjohn88

Posted 07 December 2009 - 12:09 PM

Member

Topic Starter
Member
13 posts

COntents of SYSTEMLOOK

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 23:37 on 07/12/2009 by user (Administrator - Elevation successful)

========== file ==========

c:\windows\system32\affv300053706p4now.sys - File found and opened.
MD5: 2C82C078E2B757285FD72986D35CBA58
Created at 12:58 on 26/11/2009
Modified at 12:58 on 26/11/2009
Size: 3082 bytes
Attributes: --a---
No version information available.

-=End Of File=-

Contents Of Log file

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmismqt.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 267616 bytes
->Google Chrome cache emptied: 64046213 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.40 mb

OTM by OldTimer - Version 3.1.2.2 log created on 12072009_232831

Files moved on Reboot...

Registry entries deleted on Reboot...

#11
Rorschach112

Posted 07 December 2009 - 12:30 PM

Ralphie

Retired Staff
47,710 posts

do you know what this file is ?

c:\windows\system32\affv300053706p4now.sys

Make sure to use Internet Explorer for this
Please go to VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- c:\windows\system32\affv300053706p4now.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

#12
antonjohn88

Posted 07 December 2009 - 12:36 PM

Member

Topic Starter
Member
13 posts

VirSCAN.org Scanned Report :
Scanned time : 2009/06/05 10:01:50 (IST)
Scanner results: 79% Scanner(s) (30/38) found malware!
File Name : 1.html
File Size : 4037 byte
File Type : Sendmail frozen configuration - version body bgcolor=
MD5 : 4a2514195555a43458b4e087d29124be
SHA1 : e96f20c01c95b12a6cf9992b1e16deaac5ca025c
Online report : http://virscan.org/r...5aa9dfd4d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090604013225 2009-06-04 2.05 Virus.Win32.Killmbr.D!IK
AhnLab V3 2009.06.05.00 2009.06.05 2009-06-05 0.74 Win-Trojan/Dialer.712704.B
AntiVir 8.2.0.180 7.1.4.59 2009-06-04 0.55 KIT/GhostDial.1
Antiy 2.0.18 20090604.2498051 2009-06-04 0.15 Trojan/Win32.Dialer.gvg
Arcavir 2009 200906041608 2009-06-04 0.39 Dialer.Bib
Authentium 5.1.1 200906041652 2009-06-04 1.18 W32/Trojan2.DOJN (Exact)
AVAST! 4.7.4 090604-0 2009-06-04 0.05 Win32:Dialer-1314 [Trj]
AVG 8.5.286 270.12.53/2155 2009-06-05 0.37 Dialer.KNV
BitDefender 7.81008.3335505 7.25811 2009-06-05 0.75 Trojan.Generic.1004008
CA (VET) 9.0.0.143 31.6.6539 2009-06-05 9.17 -
ClamAV 0.95.1 9421 2009-06-05 0.18 Dialer-3765
Comodo 3.9 1259 2009-06-04 0.74 ApplicUnwnt.Win32.PornTool.Agent.fi
CP Secure 1.1.0.715 2009.06.03 2009-06-03 9.97 -
Dr.Web 4.44.0.9170 2009.06.05 2009-06-05 4.85 BackDoor.Pigeon.12989
F-Prot 4.4.4.56 20090604 2009-06-04 1.15 W32/Trojan2.DOJN (exact)
F-Secure 5.51.6100 2009.06.05.03 2009-06-05 5.79 -
Fortinet 2.81-3.117 10.466 2009-06-04 0.35 Suspicious
GData 19.5615/19.353 20090605 2009-06-05 4.39 Win32:Dialer-1313 [Trj] [Engine:B]
ViRobot 20090604 2009.06.04 2009-06-04 0.42 -
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 3.11 Virus.Win32.Killmbr.D
JiangMin 11.0.706 2009.06.03 2009-06-03 2.07 Trojan/Dialer.gnc
Kaspersky 5.5.10 2009.06.05 2009-06-05 0.08 not-a-virus:Porn-Dialer.Win32.Agent.fi
KingSoft 2009.2.5.15 2009.6.4.21 2009-06-04 0.51 Win32.Hack.ReSSDT.c.716800
McAfee 5.3.00 5636 2009-06-04 2.97 BackDoor-DSQ
Microsoft 1.4701 2009.06.04 2009-06-04 4.29 Backdoor:Win32/Farfli.J
mks_vir 2.01 2009.06.05 2009-06-05 3.35 -
Norman 6.01.05 6.01.00 2009-06-02 4.01 W32/Dialer.DHRP
Panda 9.05.01 2009.06.04 2009-06-04 1.86 -
Trend Micro 8.700-1004 6.170.08 2009-06-04 0.06 TROJ_DIAL.RHB
Quick Heal 10.00 2009.06.05 2009-06-05 1.37 -
Rising 20.0 21.32.34.00 2009-06-04 0.99 Backdoor.Win32.Drwolf.axh
Sophos 2.87.1 4.42 2009-06-05 2.44 Mal/Whybo-A
Sunbelt 5170 5170 2009-06-04 0.94 Porn-Dialer.Win32.Agent.fi
Symantec 1.3.0.24 20090604.002 2009-06-04 0.06 -
nProtect 20090604.01 4070376 2009-06-04 5.23 Trojan/W32.Dialer.712704
The Hacker 6.3.4.3 v00340 2009-06-04 0.63 Trojan/Dialer.Agent.fi
VBA32 3.12.10.6 20090604.1412 2009-06-04 1.96 Porn-Dialer.Win32.Agent.fi
VirusBuster 4.5.11.10 10.107.2/1575686 2009-06-04 1.90 Dialer.Agent.IFEU

#13
Rorschach112

Posted 07 December 2009 - 01:12 PM

Ralphie

Retired Staff
47,710 posts

hi

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...re-t260847.html

Collect::
c:\windows\system32\affv300053706p4now.sys

Suspect::

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

#14
antonjohn88

Posted 07 December 2009 - 01:45 PM

Member

Topic Starter
Member
13 posts

ComboFix 09-12-06.A3 - user 12/08/2009 0:50.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3034.1792 [GMT 5.5:30]
Running from: c:\users\user\Desktop\combofix.exe.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1201 [VPS 091103-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 091103-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\system32\affv300053706p4now.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\affv300053706p4now.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 19:31 . 2009-12-07 19:32 -------- d-----w- c:\users\user\AppData\Local\temp
2009-12-07 19:31 . 2009-12-07 19:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-07 19:31 . 2009-12-07 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-07 17:58 . 2009-12-07 17:58 -------- d-----w- C:\_OTM
2009-12-07 13:34 . 2009-12-07 13:34 -------- d-----w- C:\_OTL
2009-12-06 14:01 . 2009-12-06 14:01 79367 ----a-w- c:\users\user\AppData\Roaming\Google\Google Talk\uninstall.exe
2009-12-05 04:29 . 2009-12-05 04:29 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-30 11:21 . 2009-11-30 11:21 -------- d-----w- c:\users\user\AppData\Roaming\Nokia Multimedia Player
2009-11-30 06:52 . 2009-11-30 06:53 -------- d-----w- C:\.mtvconvertertmp
2009-11-26 12:59 . 2009-11-26 12:59 4096 d-----w- c:\program files\WinAVI MP4 Converter
2009-11-25 07:10 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:02 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:02 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-19 17:04 . 2009-11-19 17:19 -------- d-----w- c:\users\user\AppData\Roaming\dvdcss
2009-11-19 07:59 . 2009-11-19 07:59 -------- d-----w- c:\program files\MSXML 4.0
2009-11-19 05:10 . 2009-11-19 05:51 -------- d-----w- c:\users\user\AppData\Roaming\Nokia
2009-11-19 05:09 . 2009-11-19 05:09 -------- d-----w- c:\users\user\AppData\Roaming\DataLayer
2009-11-19 05:09 . 2009-11-19 11:20 4096 d-----w- c:\users\user\Phone Browser
2009-11-19 05:05 . 2009-11-19 05:05 -------- d-----w- c:\users\user\AppData\Roaming\PC Suite
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\program files\Common Files\Nokia
2009-11-19 05:04 . 2009-11-19 05:04 4096 d-----w- c:\program files\Common Files\PCSuite
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\program files\Nokia
2009-11-19 05:04 . 2009-11-19 05:04 -------- d-----w- c:\programdata\Downloaded Installations
2009-11-18 02:03 . 2009-11-18 02:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 01:27 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-18 01:27 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-18 01:27 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\ca-ES
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\eu-ES
2009-11-14 12:47 . 2009-11-14 12:47 -------- d-----w- c:\windows\system32\vi-VN
2009-11-14 11:13 . 2009-11-14 11:13 -------- d-----w- c:\program files\GameSpy Arcade
2009-11-14 09:26 . 2009-11-14 09:26 4096 d-----w- c:\windows\system32\EventProviders
2009-11-14 08:08 . 2009-04-11 06:28 291328 ----a-w- c:\windows\system32\WscEapPr.dll
2009-11-14 08:07 . 2009-04-11 06:28 29184 ----a-w- c:\windows\system32\wsepno.dll
2009-11-14 08:06 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-11-14 08:06 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-11-14 08:06 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-11-14 08:06 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-11-13 16:39 . 2009-11-13 17:11 184320 ----a-w- c:\windows\system32\miccyhook.dll
2009-11-13 14:23 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-13 14:23 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-13 14:23 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-13 14:23 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-13 14:22 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-13 14:22 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-13 14:22 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-13 14:22 . 2009-08-06 13:53 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-13 14:22 . 2009-08-06 13:14 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-12 13:41 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 13:41 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-09 13:22 . 2009-11-09 13:22 -------- d-----w- c:\users\user\AppData\Roaming\CyberLink
2009-11-08 12:29 . 2009-12-07 19:14 4096 d-----w- c:\users\user\AppData\Roaming\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 18:06 . 2008-02-05 17:18 652548 ----a-w- c:\windows\system32\perfh019.dat
2009-12-07 18:06 . 2008-02-05 17:18 125392 ----a-w- c:\windows\system32\perfc019.dat
2009-12-07 18:00 . 2009-10-20 06:06 1356 ----a-w- c:\users\user\AppData\Local\d3d9caps.dat
2009-12-07 17:59 . 2009-10-20 06:20 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-06 09:00 . 2009-10-23 13:09 4096 d-----w- c:\users\user\AppData\Roaming\Skype
2009-12-06 07:50 . 2009-10-23 13:14 -------- d-----w- c:\users\user\AppData\Roaming\skypePM
2009-11-24 23:54 . 2009-10-20 06:30 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-10-20 06:30 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-20 06:30 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-20 06:30 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-23 17:46 . 2009-10-20 06:44 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-18 02:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 02:03 . 2009-11-18 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-18 02:03 . 2009-11-18 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-14 12:47 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-11-14 12:47 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Journal
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Collaboration
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Photo Gallery
2009-11-14 12:47 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-11-09 13:15 . 2009-10-20 06:36 4096 d-----w- c:\users\user\AppData\Roaming\Ahead
2009-11-09 12:32 . 2009-10-20 06:28 4096 d-----w- c:\program files\Common Files\Adobe
2009-11-04 14:57 . 2009-11-04 15:23 4152184 ----a-w- c:\windows\system32\wgaer_m.exe
2009-11-04 12:07 . 2009-11-04 12:07 -------- d-----w- c:\program files\Google
2009-11-02 15:12 . 2009-10-29 13:23 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 08:16 . 2009-11-01 08:16 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-11-01 08:15 . 2009-11-01 08:15 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-10-30 00:29 . 2009-10-30 00:29 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-28 11:03 . 2009-10-28 11:03 -------- d-----w- c:\users\user\AppData\Roaming\Microsoft Games
2009-10-27 12:16 . 2009-10-27 12:16 4096 d-----w- c:\program files\AGEIA Technologies
2009-10-26 12:27 . 2009-10-26 12:27 4096 d-----w- c:\program files\7-Zip
2009-10-23 13:14 . 2009-10-23 13:14 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----r- c:\program files\Skype
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----w- c:\program files\Common Files\Skype
2009-10-23 13:09 . 2009-10-23 13:09 -------- d-----w- c:\programdata\Skype
2009-10-22 16:29 . 2009-10-22 16:29 4096 d-----w- c:\program files\PowerISO
2009-10-22 16:28 . 2009-10-20 06:51 -------- d-----w- c:\program files\VideoLAN
2009-10-21 13:06 . 2009-10-21 13:06 32768 ----a-r- c:\users\user\AppData\Roaming\Microsoft\Installer\{EC918800-3986-4359-A7F9-EFAA3BDF46A9}\_106C25005944_4363_90EA_4E4354C64618.exe
2009-10-21 13:06 . 2009-10-21 13:06 -------- d-----w- c:\program files\Transcend
2009-10-20 12:36 . 2009-10-20 12:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-20 08:08 . 2009-10-20 08:08 -------- d-----w- c:\programdata\GRETECH
2009-10-20 08:08 . 2009-10-20 08:08 -------- d-----w- c:\users\user\AppData\Roaming\GRETECH
2009-10-20 08:06 . 2009-10-20 08:06 -------- d-----w- c:\program files\GRETECH
2009-10-20 07:50 . 2009-10-20 07:42 -------- d-----w- c:\programdata\Autodesk
2009-10-20 07:50 . 2009-10-20 06:08 131432 ----a-w- c:\users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-20 07:49 . 2009-10-20 07:41 12288 d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-20 07:49 . 2009-10-20 07:42 196608 d-----w- c:\program files\AutoCAD 2008
2009-10-20 07:42 . 2009-10-20 07:42 -------- d-----w- c:\users\user\AppData\Roaming\Autodesk
2009-10-20 07:41 . 2009-10-20 06:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-20 07:41 . 2009-10-20 07:41 -------- d-----w- c:\program files\Autodesk
2009-10-20 07:21 . 2009-10-20 07:21 -------- d-----w- c:\programdata\Adobe Systems
2009-10-20 07:19 . 2009-10-20 07:19 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2009-10-20 07:15 . 2009-10-20 07:15 -------- d-----w- c:\programdata\CyberLink
2009-10-20 07:00 . 2009-10-20 07:00 -------- d-----w- c:\program files\IDT
2009-10-20 06:58 . 2009-10-20 06:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-10-20 06:54 . 2009-10-20 06:54 -------- d-----w- c:\program files\Realtek
2009-10-20 06:50 . 2009-10-20 06:50 -------- d-----w- c:\programdata\Yahoo!
2009-10-20 06:50 . 2009-10-20 06:50 -------- d-----w- c:\program files\Yahoo!
2009-10-20 06:44 . 2009-10-20 06:44 -------- d-----w- c:\program files\CyberLink
2009-10-20 06:43 . 2009-10-20 06:39 12288 d-----w- c:\programdata\Microsoft Help
2009-10-20 06:42 . 2009-10-20 06:42 4096 d-----w- c:\program files\Microsoft Works
2009-10-20 06:42 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-10-20 06:42 . 2009-10-20 06:42 -------- d-----w- c:\program files\Microsoft.NET
2009-10-20 06:40 . 2009-10-20 06:40 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-20 06:37 . 2009-10-20 06:36 4096 d-----w- c:\program files\Common Files\Ahead
2009-10-20 06:36 . 2009-10-20 06:36 -------- d-----w- c:\programdata\Nero
2009-10-20 06:36 . 2009-10-20 06:36 -------- d-----w- c:\program files\Nero
2009-10-20 06:34 . 2009-10-20 06:34 -------- d-----w- c:\program files\AskTBar
2009-10-20 06:30 . 2009-10-20 06:30 -------- d-----w- c:\program files\Alwil Software
2009-10-20 06:23 . 2009-10-20 06:23 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-10-20 06:23 . 2009-10-20 06:23 4096 d-----w- c:\program files\DellTPad
2009-10-20 06:21 . 2009-10-20 06:21 -------- d-----w- c:\program files\Intel
2009-10-20 06:19 . 2009-10-20 06:19 -------- d-----w- c:\program files\WIDCOMM
2009-10-01 01:02 . 2009-11-18 01:28 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 01:28 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 01:28 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 01:28 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 01:28 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 01:28 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 01:28 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 01:28 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 01:28 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 01:28 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 01:28 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 01:28 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-18 01:28 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-18 01:28 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-18 01:28 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-18 01:28 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-18 01:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 01:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 01:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 01:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 01:28 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 01:28 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 01:28 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 01:28 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 01:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 01:28 829440 ----a-w- c:\windows\system32\d3d10warp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-10-20 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-09-13 4621816]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-22 133104]
"MSSMSGS"="winlmk32.rom" [2009-11-14 39936]
"googletalk"="c:\users\user\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 217088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-06 483428]

c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):cf,3b,26,7b,29,65,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-320534519-2092302818-1520262176-1000]
"EnableNotificationsRef"=dword:00000001

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/20/2009 12:00 PM 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe [10/20/2009 12:30 PM 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/20/2009 12:00 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/20/2009 12:00 PM 53328]
R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;c:\windows\System32\drivers\OA013Ufd.sys [3/6/2009 7:30 AM 133632]
R3 OA013Vid;Creative Camera OA013 Function Driver;c:\windows\System32\drivers\OA013Vid.sys [3/9/2009 5:00 PM 271712]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [10/20/2009 11:49 AM 29736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/21/2008 7:51 AM 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 01:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-08 01:05
ComboFix-quarantined-files.txt 2009-12-07 19:35
ComboFix2.txt 2009-12-07 17:14

Pre-Run: 66,660,175,872 bytes free
Post-Run: 66,633,248,768 bytes free

- - End Of File - - CE71FA83FDDBADD85776D5707E8843BE
Upload was successful

#15
Rorschach112

Posted 07 December 2009 - 04:59 PM

Ralphie

Retired Staff
47,710 posts

hi

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.