Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect virus

Started by Rachavery , May 27 2009 02:07 PM

  • Please log in to reply

#1
Rachavery
Posted 27 May 2009 - 02:07 PM

Rachavery

    New Member

  • Member
  • Pip
  • 8 posts
Hi all,

I too have the google redirect virus. Here is my combo fix txt file:

ComboFix 09-05-26.05 - Rachelle 05/27/2009 12:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1726 [GMT -7:00]
Running from: c:\users\Rachelle\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-04-27 to 2009-05-27 )))))))))))))))))))))))))))))))
.

2009-05-27 19:58 . 2009-05-27 19:58 -------- d-----w c:\users\Rachelle\AppData\Local\temp
2009-05-27 16:28 . 2009-05-27 16:29 -------- d-----w c:\windows\system32\ca-ES
2009-05-27 16:28 . 2009-05-27 16:29 -------- d-----w c:\windows\system32\eu-ES
2009-05-27 16:28 . 2009-05-27 16:29 -------- d-----w c:\windows\system32\vi-VN
2009-05-27 16:12 . 2009-05-27 16:12 -------- d-----w c:\windows\system32\EventProviders
2009-05-27 16:08 . 2009-04-11 06:28 978432 ----a-w c:\windows\system32\drmv2clt.dll
2009-05-27 16:07 . 2009-04-11 06:28 29184 ----a-w c:\windows\system32\uxsms.dll
2009-05-27 07:28 . 2009-02-19 09:00 89104 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\NAVENG.SYS
2009-05-27 07:28 . 2009-02-19 09:00 876144 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\NAVEX15.SYS
2009-05-27 07:28 . 2009-02-19 09:00 177520 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\NAVENG32.DLL
2009-05-27 07:28 . 2009-02-19 09:00 1181040 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\NAVEX32A.DLL
2009-05-27 07:28 . 2009-02-25 09:00 371248 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\EECTRL.SYS
2009-05-27 07:28 . 2009-02-25 09:00 2414128 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\CCERASER.DLL
2009-05-27 07:28 . 2009-02-25 09:00 101936 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\ERASER.SYS
2009-05-27 07:28 . 2008-12-14 10:44 259368 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090526.041\ECMSVR32.DLL
2009-05-27 01:43 . 2009-05-27 01:44 116839 ----a-w c:\windows\hpqins00.dat
2009-05-20 20:40 . 2009-05-20 20:40 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-19 18:54 . 2009-03-16 20:03 533880 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
2009-05-19 18:54 . 2009-01-29 21:50 276344 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
2009-05-19 18:54 . 2009-01-29 21:50 292912 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
2009-05-19 18:54 . 2009-01-29 21:50 447864 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
2009-05-19 18:54 . 2009-01-29 21:50 396848 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
2009-05-16 13:33 . 2009-05-16 13:33 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-08 21:16 . 2009-03-16 20:03 533880 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\Scxpx86.dll
2009-05-08 21:16 . 2009-01-29 21:50 276344 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys
2009-05-08 21:16 . 2009-01-29 21:50 292912 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSvix86.sys
2009-05-08 21:16 . 2009-01-29 21:50 447864 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSxpx86.dll
2009-05-08 21:16 . 2009-01-29 21:50 396848 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSviA64.sys
2009-05-05 19:36 . 2009-05-26 01:20 -------- d-----w c:\users\Rachelle\Tracing
2009-05-05 19:15 . 2009-05-05 19:15 -------- d-----w c:\windows\Downloaded Installations
2009-05-05 18:49 . 2009-05-05 18:56 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-05 18:49 . 2009-05-05 18:49 -------- dc----w c:\windows\system32\DRVSTORE
2009-05-05 18:49 . 2009-02-07 01:08 55280 ----a-w c:\windows\system32\drivers\fssfltr.sys
2009-05-05 18:48 . 2006-11-29 20:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-05 18:48 . 2009-05-05 18:48 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-05 18:47 . 2009-05-05 18:47 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-05 18:46 . 2009-05-05 18:49 -------- d-----w c:\program files\Windows Live
2009-05-05 18:03 . 2009-05-05 18:03 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-05 18:02 . 2009-03-08 11:33 18944 ----a-w c:\windows\system32\corpol.dll
2009-05-05 18:02 . 2009-03-08 11:32 72704 ----a-w c:\windows\system32\admparse.dll
2009-05-05 18:02 . 2009-03-08 11:31 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-05-05 18:02 . 2009-03-08 11:22 156160 ----a-w c:\windows\system32\msls31.dll
2009-05-01 00:56 . 2009-02-19 09:00 89104 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\NAVENG.SYS
2009-05-01 00:56 . 2009-02-19 09:00 876144 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\NAVEX15.SYS
2009-05-01 00:56 . 2009-02-19 09:00 177520 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\NAVENG32.DLL
2009-05-01 00:56 . 2009-02-19 09:00 1181040 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\NAVEX32A.DLL
2009-05-01 00:56 . 2009-02-25 09:00 371248 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\EECTRL.SYS
2009-05-01 00:56 . 2009-02-25 09:00 2414128 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\CCERASER.DLL
2009-05-01 00:56 . 2009-02-25 09:00 101936 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\ERASER.SYS
2009-05-01 00:56 . 2008-12-14 10:44 259368 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090430.025\ECMSVR32.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-27 19:58 . 2008-09-14 02:40 -------- d-----w c:\users\Rachelle\AppData\Roaming\Skype
2009-05-27 19:41 . 2008-06-24 06:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-27 19:41 . 2008-06-24 06:50 -------- d-----w c:\program files\CyberLink
2009-05-27 16:51 . 2008-06-24 06:12 12 ----a-w c:\windows\bthservsdp.dat
2009-05-27 16:41 . 2008-09-14 02:42 -------- d-----w c:\users\Rachelle\AppData\Roaming\skypePM
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-05-27 16:29 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-05-27 16:29 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-05-27 16:28 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-05-27 01:50 . 2009-03-09 22:50 1890 --sha-w c:\programdata\KGyGaAvL.sys
2009-05-27 01:50 . 2009-03-09 22:50 1890 --sha-w c:\programdata\KGyGaAvL.sys
2009-05-21 03:24 . 2008-12-06 23:52 2598 ----a-w c:\users\Rachelle\AppData\Roaming\wklnhst.dat
2009-05-14 03:55 . 2008-06-24 07:11 -------- d-----w c:\programdata\Microsoft Help
2009-05-10 03:19 . 2008-06-24 07:05 -------- d-----w c:\program files\BigFix
2009-05-05 18:47 . 2009-02-13 20:43 -------- d-----w c:\program files\Microsoft
2009-05-05 16:09 . 2008-09-07 02:04 79512 ----a-w c:\users\Rachelle\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-12 18:08 . 2008-12-31 03:42 -------- d-----w c:\program files\DVO
2009-04-11 06:33 . 2009-05-27 16:08 986600 ----a-w c:\windows\system32\winload.exe
2009-04-11 06:33 . 2009-05-27 16:08 926184 ----a-w c:\windows\system32\winresume.exe
2009-04-11 06:33 . 2009-05-27 16:08 292840 ----a-w c:\windows\system32\drivers\volmgrx.sys
2009-04-11 06:33 . 2009-05-27 16:08 897000 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-04-11 06:33 . 2009-05-27 16:08 614376 ----a-w c:\windows\system32\ci.dll
2009-04-11 06:28 . 2009-05-27 16:08 56320 ----a-w c:\windows\system32\xmlfilter.dll
2009-04-11 06:27 . 2009-05-27 16:08 441344 ----a-w c:\windows\system32\SearchIndexer.exe
2009-04-11 06:22 . 2009-05-27 16:07 7168 ----a-w c:\windows\system32\f3ahvoas.dll
2009-04-11 06:21 . 2009-05-27 16:07 37376 ----a-w c:\windows\system32\cdd.dll
2009-04-11 05:42 . 2009-05-27 16:07 93696 ----a-w c:\windows\system32\drivers\bridge.sys
2009-04-11 05:03 . 2009-05-27 16:09 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-04-11 05:03 . 2009-05-27 16:09 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-04-11 04:57 . 2009-05-27 16:07 8147456 ----a-w c:\windows\system32\wmploc.DLL
2009-04-11 04:54 . 2009-05-27 16:07 2048 ----a-w c:\windows\system32\mferror.dll
2009-04-11 04:51 . 2009-05-27 16:07 180736 ----a-w c:\windows\system32\drivers\rdpwd.sys
2009-04-11 04:47 . 2009-05-27 16:07 273920 ----a-w c:\windows\system32\drivers\afd.sys
2009-04-11 04:46 . 2009-05-27 16:07 69120 ----a-w c:\windows\system32\drivers\rassstp.sys
2009-04-11 04:46 . 2009-05-27 16:07 121344 ----a-w c:\windows\system32\drivers\ndiswan.sys
2009-04-11 04:46 . 2009-05-27 16:07 41472 ----a-w c:\windows\system32\drivers\raspppoe.sys
2009-04-11 04:46 . 2009-05-27 16:07 15872 ----a-w c:\windows\system32\drivers\usb8023.sys
2009-04-11 04:46 . 2009-05-27 16:07 33280 ----a-w c:\windows\system32\drivers\RNDISMP.sys
2009-04-11 04:46 . 2009-05-27 16:07 30720 ----a-w c:\windows\system32\drivers\tcpipreg.sys
2009-04-11 04:45 . 2009-05-27 16:07 72192 ----a-w c:\windows\system32\drivers\tdx.sys
2009-04-11 04:45 . 2009-05-27 16:07 72192 ----a-w c:\windows\system32\drivers\pacer.sys
2009-04-11 04:45 . 2009-05-27 16:08 185856 ----a-w c:\windows\system32\drivers\netbt.sys
2009-04-11 04:45 . 2009-05-27 16:08 401408 ----a-w c:\windows\system32\drivers\http.sys
2009-04-11 04:45 . 2009-05-27 16:07 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-04-11 04:45 . 2009-05-27 16:07 66560 ----a-w c:\windows\system32\drivers\smb.sys
2009-04-11 04:43 . 2009-05-27 16:07 148480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-04-11 04:43 . 2009-05-27 16:08 196096 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-04-11 04:42 . 2009-05-27 16:08 226304 ----a-w c:\windows\system32\drivers\usbport.sys
2009-04-11 04:42 . 2009-05-27 16:07 25856 ----a-w c:\windows\system32\drivers\USBCAMD2.sys
2009-04-11 04:42 . 2009-05-27 16:07 25856 ----a-w c:\windows\system32\drivers\USBCAMD.sys
2009-04-11 04:42 . 2009-05-27 16:08 39936 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-04-11 04:42 . 2009-05-27 16:07 167936 ----a-w c:\windows\system32\drivers\portcls.sys
2009-04-11 04:42 . 2009-05-27 16:07 12800 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-11 04:42 . 2009-05-27 16:07 39424 ----a-w c:\windows\system32\drivers\hidclass.sys
2009-04-11 04:42 . 2009-05-27 16:07 52992 ----a-w c:\windows\system32\drivers\stream.sys
2009-04-11 04:42 . 2009-05-27 16:09 561152 ----a-w c:\windows\system32\drivers\hdaudbus.sys
2009-04-11 04:39 . 2009-05-27 16:07 16384 ----a-w c:\windows\system32\iscsilog.dll
2009-04-11 04:39 . 2009-05-27 16:07 67072 ----a-w c:\windows\system32\drivers\cdrom.sys
2009-04-11 04:39 . 2009-05-27 16:07 19456 ----a-w c:\windows\system32\drivers\Diskdump.sys
2009-04-11 04:38 . 2009-05-27 16:07 149504 ----a-w c:\windows\system32\drivers\ks.sys
2009-04-11 04:27 . 2009-05-27 16:07 2560 ----a-w c:\windows\system32\msimsg.dll
2009-04-11 04:24 . 2009-05-27 16:08 2034688 ----a-w c:\windows\system32\win32k.sys
2009-04-11 04:23 . 2009-05-27 16:08 626176 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-04-11 04:23 . 2009-05-27 16:07 76288 ----a-w c:\windows\system32\drivers\dxg.sys
2009-04-11 04:23 . 2009-05-27 16:07 289792 ----a-w c:\windows\system32\atmfd.dll
2009-04-11 04:22 . 2009-05-27 16:07 33280 ----a-w c:\windows\system32\drivers\watchdog.sys
2009-04-11 04:15 . 2009-05-27 16:08 288768 ----a-w c:\windows\system32\drivers\srv.sys
2009-04-11 04:15 . 2009-05-27 16:08 144896 ----a-w c:\windows\system32\drivers\srv2.sys
2009-04-11 04:15 . 2009-05-27 16:08 98816 ----a-w c:\windows\system32\drivers\srvnet.sys
2009-04-11 04:14 . 2009-05-27 16:08 114688 ----a-w c:\windows\system32\drivers\mrxdav.sys
2009-04-11 04:14 . 2009-05-27 16:08 212992 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-04-11 04:14 . 2009-05-27 16:08 225280 ----a-w c:\windows\system32\drivers\rdbss.sys
2009-04-11 04:14 . 2009-05-27 16:08 79360 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2009-04-11 04:14 . 2009-05-27 16:08 105984 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-04-11 04:14 . 2009-05-27 16:07 75264 ----a-w c:\windows\system32\drivers\dfsc.sys
2009-04-11 04:14 . 2009-05-27 16:07 35328 ----a-w c:\windows\system32\drivers\npfs.sys
2009-04-11 04:13 . 2009-05-27 16:07 226816 ----a-w c:\windows\system32\drivers\udfs.sys
2009-04-11 04:13 . 2009-05-27 16:07 136704 ----a-w c:\windows\system32\drivers\exfat.sys
2009-04-11 04:13 . 2009-05-27 16:07 142848 ----a-w c:\windows\system32\drivers\fastfat.sys
2009-04-11 04:12 . 2009-05-27 16:08 617984 ----a-w c:\windows\system32\adtschema.dll
2009-04-11 02:52 . 2009-05-27 16:09 684032 ----a-w c:\windows\system32\drivers\spsys.sys
2009-04-11 01:59 . 2009-05-27 16:08 107612 ----a-w c:\windows\system32\StructuredQuerySchema.bin
2009-03-30 04:42 . 2009-05-27 16:08 278848 ----a-w c:\windows\system32\mscoree.dll
2009-03-30 04:42 . 2009-05-27 16:08 93512 ----a-w c:\windows\system32\dfshim.dll
2009-03-30 04:42 . 2009-05-27 16:08 80720 ----a-w c:\windows\system32\mscories.dll
2009-03-30 04:42 . 2009-05-27 16:08 155456 ----a-w c:\windows\system32\mscorier.dll
2009-03-26 15:00 . 2009-03-26 15:00 64000 ----a-w c:\windows\system32\drivers\RTSTOR.sys
2009-03-18 14:45 . 2008-11-07 22:15 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-03-12 09:03 . 2008-11-07 22:16 25136 ----a-r c:\windows\system32\drivers\SymIMV.sys
2009-03-09 12:19 . 2008-12-13 02:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 11:34 . 2009-05-05 18:01 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-05 18:01 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-05 18:01 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-05 18:01 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-05 18:01 132608 ----a-w c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_CLASSES_ROOT\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
2009-04-11 06:28 114176 ----a-w c:\windows\System32\EhStorShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 865840]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-09-07 405504]

c:\users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a5,1b,e9,5d,e9,de,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24053270-385C-43E0-B161-2E33514C3AC6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27F82599-64F6-492B-9E99-9F410807217E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A3FC047-30CD-4A92-9976-4BB8075D000C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B351A978-56DA-4885-B0BE-0D73CC22795E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{9B157458-B28E-4D9C-A8F1-BC0F0D0FAB11}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{17C07F1F-B854-41D0-BCFE-511A94562144}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{F6107B51-9CE0-484A-83D6-5D8504557083}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{9F0C91D6-4F3C-4603-AF9A-A2596F6D578E}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{9801B349-64CB-48A2-B519-0EF5F171A16E}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{1903EBAA-80DA-4C02-B6D1-49CCEDB3607D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{34964754-BEBD-49E5-97B4-B2923F6C8540}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{248DD0C9-4EA2-4A16-904D-275BC56E8D79}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{F3DAFB87-F50F-435B-A0B1-69B45B444DAF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{7F824F66-6713-48FA-9A50-AEBF6C6804A5}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{537A16C0-C8E6-4356-AB07-50D0321BDF96}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{B5D4786B-0D0A-403C-89F2-F46A8084ACDF}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{6D2B37F1-7480-4BC4-9920-48A0D4F88CBA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{57F81B30-8D1E-4B63-8315-9EB57E310EFB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{8EB2542F-F8B3-446D-B888-DAB4EABD5DBF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{3CFB70D5-5816-4C8C-B610-BDB4D829E021}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{82F9E5E3-2AE2-4745-8984-BCA9E3A26344}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{DEE8429A-8931-4B7B-9DA9-EF3D7B6CD5A4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{65CE99DE-1318-481A-935E-D234D5761FFF}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{7C93C910-6FD1-49F2-8A3C-8253C1ED1B5C}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{DBCACC61-35B9-427F-9D12-EFC0F219E9C5}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{C48A3F5C-5C1D-47F3-9D82-E3EF5AB6A396}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{D980123E-66CB-4BE0-8406-CF2A55D50707}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{DC9E0C43-2777-464D-BD93-AED13B509182}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{54B1FA8D-BFEE-426B-8B5C-40A62017546D}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{E4E0D6E8-6B90-493B-9D5F-6CDAE41F8F69}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{11677E7C-2BD8-4E1C-829D-A80D41D354DC}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D73CB0FA-B4E9-46DA-A32F-30466446DC38}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [3/18/2009 7:45 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [3/18/2009 7:45 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [3/18/2009 7:45 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys [5/19/2009 11:54 AM 292912]
R2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [7/18/2008 3:16 AM 24576]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [3/18/2009 7:45 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 2:00 AM 101936]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 4:40 PM 3668480]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [3/18/2009 7:45 AM 39984]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [5/5/2009 11:49 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6881
IE: Copy to &Lightning Note - c:\program files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-27 12:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-27 13:00
ComboFix-quarantined-files.txt 2009-05-27 20:00

Pre-Run: 182,066,876,416 bytes free
Post-Run: 183,060,103,168 bytes free

297 --- E O F --- 2009-05-27 16:22
HELP!!!!
  • 0

Advertisements

#2
SpySentinel
Posted 09 June 2009 - 07:50 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi ,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Please do not run tools like ComboFix on your own. CF is a very powerful tool, that if not used under trained supervision, can cause harm to your computer.


Step #1

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here


Step #2

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Step #3

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
  • 0

#3
Rachavery
Posted 11 June 2009 - 11:41 AM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi SpySentinel,
I can not get the rooter.exe to run. Is it a vista compatible? It gives me the error that it did not load correctly and may not be compatible with my version of windows. Please advise and thanks!
  • 0

#4
SpySentinel
Posted 12 June 2009 - 02:11 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Rachavery, sorry for the delay.

There has been a new release for Rooter that makes it compatible with Vista now:

Please delete the old version then

Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here


All you have to do is click the "Scan" button.


Also please follow Steps #2 and #3 as well!

Edited by SpySentinel, 12 June 2009 - 02:44 PM.

  • 0

#5
Rachavery
Posted 13 June 2009 - 08:28 PM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Rooter log:
Rooter.exe (v1.0) by Eric_71
¨
Microsoft Windows Vista Home Edition (6.0.6002) Service Pack 2
32_bits - x86 Family 6 Model 15 Stepping 11, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:228233 Mo - Free:152157 Mo )
D:\ [CD_Rom]
¨
Scan : 19:25.41
Path : C:\Users\Rachelle\Desktop\Rooter.exe
User : Rachelle ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (496)
Locked csrss.exe (564)
Locked wininit.exe (608)
Locked csrss.exe (620)
Locked services.exe (652)
Locked lsass.exe (664)
Locked lsm.exe (672)
Locked winlogon.exe (784)
Locked svchost.exe (860)
Locked svchost.exe (920)
Locked svchost.exe (1052)
Locked svchost.exe (1084)
Locked svchost.exe (1116)
Locked audiodg.exe (1220)
Locked svchost.exe (1248)
Locked SLsvc.exe (1272)
Locked svchost.exe (1308)
Locked svchost.exe (1484)
Locked spoolsv.exe (1672)
Locked svchost.exe (1700)
Locked agrsmsvc.exe (1860)
Locked svchost.exe (1892)
Locked ETService.exe (1932)
Locked svchost.exe (224)
Locked IAANTmon.exe (376)
Locked svchost.exe (520)
Locked ccSvcHst.exe (644)
Locked svchost.exe (1296)
Locked svchost.exe (1412)
Locked PsiService_2.exe (1572)
Locked svchost.exe (1908)
Locked svchost.exe (2096)
Locked SearchIndexer.exe (2168)
Locked taskeng.exe (3008)
Locked ccSvcHst.exe (3156)
______ C:\Windows\system32\taskeng.exe (3216)
______ C:\Windows\system32\Dwm.exe (3252)
______ C:\Windows\Explorer.EXE (3324)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3656)
______ C:\Program Files\Windows Media Player\wmpnscfg.exe (3940)
______ C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (1244)
Locked wmpnetwk.exe (3188)
Locked SynTPEnh.exe (1696)
______ C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (3212)
______ C:\Windows\System32\hkcmd.exe (2776)
______ C:\Windows\System32\igfxpers.exe (2664)
______ C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (3004)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3848)
______ C:\Windows\sttray.exe (2828)
______ C:\Program Files\Skype\Phone\Skype.exe (2716)
______ C:\Windows\ehome\ehtray.exe (4104)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (4120)
______ C:\Windows\system32\igfxsrvc.exe (4192)
______ C:\Windows\ehome\ehmsas.exe (4256)
______ C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe (4492)
______ C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe (5328)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (5688)
______ C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (5744)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (6072)
______ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (4364)
______ C:\Program Files\Internet Explorer\iexplore.exe (4632)
______ C:\Program Files\Internet Explorer\iexplore.exe (5580)
Locked SearchProtocolHost.exe (4036)
______ C:\Program Files\Internet Explorer\iexplore.exe (5844)
Locked SearchFilterHost.exe (5720)
______ C:\Users\Rachelle\Desktop\Rooter.exe (2584)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:10737418240)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:10738466816 | Length:239320694784)
¨
----------------------\\ Scheduled Tasks
¨
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 19:25.46
¨
C:\Rooter$\Rooter_1.txt - (13/06/2009 | 19:25.46)
  • 0

#6
Rachavery
Posted 13 June 2009 - 08:34 PM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OTL txt file:

OTL logfile created on: 6/13/2009 7:29:01 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Rachelle\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 91.02% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 148.59 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RACHELLE-PC
Current User Name: Rachelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/12/10 21:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe
PRC - [2008/06/11 11:18:30 | 00,024,576 | ---- | M] () -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
PRC - [2007/07/12 16:36:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2009/03/12 02:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2007/07/24 12:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/03/12 02:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/07/12 16:36:10 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/20 19:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/10/15 14:55:10 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007/04/26 17:38:34 | 00,865,840 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/13 14:09:44 | 00,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2008/02/11 20:13:02 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/02/11 20:13:08 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/09/06 19:23:36 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2008/09/23 15:17:06 | 21,755,688 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/01/20 19:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/11 20:13:10 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxsrvc.exe
PRC - [2008/01/20 19:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/09/27 16:27:02 | 04,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2009/02/02 19:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/08/11 17:46:50 | 00,076,744 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2007/11/02 21:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/06/13 19:27:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Rachelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/12/10 21:15:04 | 00,012,800 | ---- | M] (Agere Systems) -- C:\Windows\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/11 11:18:30 | 00,024,576 | ---- | M] () -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe -- (ETService [Auto | Running])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/05/05 15:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2007/07/12 16:36:12 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/03/12 02:03:07 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -- (Norton Internet Security [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/07/24 12:15:14 | 00,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2 [Auto | Running])
SRV - [2008/01/29 16:09:02 | 00,394,704 | ---- | M] (Symantec, Inc.) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist [On_Demand | Stopped])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 19:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 19:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2008/02/29 01:13:38 | 01,202,560 | ---- | M] (Agere Systems) -- C:\Windows\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2006/11/02 02:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 19:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/03/12 02:03:54 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys -- (BHDrvx86 [System | Running])
DRV - [2006/11/02 01:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 01:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 01:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 01:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2009/03/18 07:45:03 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys -- (ccHP [System | Running])
DRV - [2008/01/20 19:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/02/25 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2008/01/20 19:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/02/25 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/02/06 18:08:52 | 00,055,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\fssfltr.sys -- (fssfltr [On_Demand | Stopped])
DRV - [2008/01/20 19:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/07/12 16:35:02 | 00,305,176 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2009/01/29 14:50:17 | 00,292,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090610.006\IDSvix86.sys -- (IDSVix86 [System | Running])
DRV - [2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 02:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/06/11 11:13:24 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Windows\system32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2006/11/02 02:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 02:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 19:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 19:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 02:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2009/02/19 02:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090613.023\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/19 02:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090613.023\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/10/31 18:36:32 | 02,252,800 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Stopped])
DRV - [2008/11/17 16:40:22 | 03,668,480 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw5v32.sys -- (NETw5v32 [On_Demand | Running])
DRV - [2006/11/02 02:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 00:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/01/20 19:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2009/03/06 09:06:02 | 00,140,800 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2009/03/26 08:00:02 | 00,064,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.SYS -- (RTSTOR [On_Demand | Running])
DRV - [2006/11/01 23:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 19:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2009/03/12 02:03:54 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP.SYS -- (SRTSP [On_Demand | Running])
DRV - [2009/03/12 02:03:54 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/09/06 19:26:04 | 00,330,240 | ---- | M] (IDT, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 02:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2009/03/12 02:03:54 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS -- (SymEFA [Boot | Running])
DRV - [2009/03/18 07:45:26 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2009/03/12 02:03:54 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW [On_Demand | Running])
DRV - [2009/03/12 02:03:08 | 00,025,136 | R--- | M] (Symantec Corporation) -- C:\Windows\system32\DRIVERS\SymIMv.sys -- (SymIM [System | Running])
DRV - [2009/03/12 02:03:54 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Running])
DRV - [2009/03/12 02:03:54 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/02 02:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 02:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/04/26 17:38:40 | 00,186,680 | ---- | M] (Synaptics, Inc.) -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008/01/20 19:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 02:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2007/05/23 17:37:40 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS -- (UVCFTR [On_Demand | Running])
DRV - [2008/01/20 19:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 19:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=M-6881
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/02 20:37:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\COREL\WORDPERFECT LIGHTNING\PROGRAMS\FIREFOXEXTENSION\ [2009/03/07 17:44:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2009/05/05 12:16:03 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" (Chicony)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/13 19:27:49 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\System32\*.tmp files]
[2009/06/13 19:27:44 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Rachelle\Desktop\OTL.exe
[2009/06/13 19:25:19 | 00,128,933 | ---- | C] (Eric_71) -- C:\Users\Rachelle\Desktop\Rooter.exe
[2009/06/13 19:24:32 | 00,000,104 | ---- | C] () -- C:\Users\Rachelle\Desktop\Recycle Bin - Shortcut.lnk
[2009/06/11 10:34:14 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/11 10:34:13 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/11 10:34:13 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/11 10:34:13 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/11 10:34:13 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/11 10:34:12 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/11 10:34:12 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/11 10:34:12 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/11 10:34:12 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/11 10:34:12 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/11 10:34:12 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/11 10:34:12 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/11 10:34:12 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/11 10:33:33 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/11 10:12:48 | 02,034,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 10:11:28 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 10:11:22 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/06 09:39:43 | 00,000,000 | ---D | C] -- C:\Users\Rachelle\Desktop\Zias graduation
[2009/05/27 12:59:28 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/05/27 12:54:29 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/05/27 12:54:29 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/05/27 12:54:29 | 00,154,624 | ---- | C] () -- C:\Windows\PEV.exe
[2009/05/27 12:54:29 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/05/27 12:54:29 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/05/27 12:54:29 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/05/27 12:54:29 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/05/27 12:54:29 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/05/27 12:54:06 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/27 12:53:48 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/27 09:28:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/05/27 09:28:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/05/27 09:28:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/05/27 09:12:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/05/27 09:09:15 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/05/27 09:09:12 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/05/27 09:09:12 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/05/27 09:09:10 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/05/27 09:09:10 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/05/27 09:09:09 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/05/27 09:09:07 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/05/27 09:09:06 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/05/27 09:09:06 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/05/27 09:09:05 | 01,257,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/05/27 09:09:05 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/27 09:09:05 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/05/27 09:09:04 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/05/27 09:09:04 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/05/27 09:09:04 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/05/27 09:09:03 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/05/27 09:09:03 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/05/27 09:09:02 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/05/27 09:09:02 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/05/27 09:09:02 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/05/27 09:09:02 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/05/27 09:09:02 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/05/27 09:09:01 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/27 09:09:00 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/05/27 09:09:00 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/05/27 09:09:00 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/05/27 09:08:59 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/05/27 09:08:59 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/05/27 09:08:59 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/05/27 09:08:58 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/05/27 09:08:57 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/05/27 09:08:57 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/05/27 09:08:57 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/05/27 09:08:57 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/05/27 09:08:56 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/05/27 09:08:56 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/05/27 09:08:56 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/27 09:08:55 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/05/27 09:08:55 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/05/27 09:08:55 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/05/27 09:08:55 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/05/27 09:08:54 | 03,601,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/05/27 09:08:54 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/05/27 09:08:54 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/05/27 09:08:53 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/05/27 09:08:53 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/05/27 09:08:53 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/05/27 09:08:53 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/05/27 09:08:53 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/05/27 09:08:53 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/05/27 09:08:52 | 10,624,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/05/27 09:08:52 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/05/27 09:08:52 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/05/27 09:08:52 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/05/27 09:08:52 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/05/27 09:08:52 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/27 09:08:51 | 03,549,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/05/27 09:08:51 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/05/27 09:08:51 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/05/27 09:08:51 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/05/27 09:08:50 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/05/27 09:08:50 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/05/27 09:08:50 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/05/27 09:08:50 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/05/27 09:08:49 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/05/27 09:08:49 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/05/27 09:08:49 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/05/27 09:08:49 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/05/27 09:08:49 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/05/27 09:08:48 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/05/27 09:08:48 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/05/27 09:08:48 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/05/27 09:08:48 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/05/27 09:08:48 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/05/27 09:08:48 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/05/27 09:08:48 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/05/27 09:08:48 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/05/27 09:08:47 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/05/27 09:08:47 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/05/27 09:08:47 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/05/27 09:08:47 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/05/27 09:08:47 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/05/27 09:08:46 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/05/27 09:08:46 | 00,897,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/05/27 09:08:46 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/05/27 09:08:46 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/05/27 09:08:46 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/05/27 09:08:45 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/05/27 09:08:45 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/05/27 09:08:45 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/05/27 09:08:45 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/05/27 09:08:45 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/05/27 09:08:45 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/05/27 09:08:44 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/05/27 09:08:43 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/05/27 09:08:43 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/05/27 09:08:43 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/05/27 09:08:43 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/05/27 09:08:43 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/27 09:08:42 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/05/27 09:08:42 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/05/27 09:08:42 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/05/27 09:08:41 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/05/27 09:08:41 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/05/27 09:08:41 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/05/27 09:08:41 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/05/27 09:08:40 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/05/27 09:08:40 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/05/27 09:08:40 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/05/27 09:08:40 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/05/27 09:08:40 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/05/27 09:08:40 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/05/27 09:08:40 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/05/27 09:08:40 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/05/27 09:08:39 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/05/27 09:08:39 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/05/27 09:08:39 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/05/27 09:08:39 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/05/27 09:08:38 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/05/27 09:08:38 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/05/27 09:08:38 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/05/27 09:08:38 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/05/27 09:08:38 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/05/27 09:08:38 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/27 09:08:38 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/05/27 09:08:38 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/05/27 09:08:38 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/05/27 09:08:37 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/05/27 09:08:37 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/05/27 09:08:37 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/05/27 09:08:37 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/05/27 09:08:37 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/05/27 09:08:36 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/05/27 09:08:36 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/05/27 09:08:36 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/05/27 09:08:36 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/05/27 09:08:35 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/05/27 09:08:35 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/05/27 09:08:35 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/05/27 09:08:35 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/05/27 09:08:35 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/27 09:08:35 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/05/27 09:08:35 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/05/27 09:08:34 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/05/27 09:08:34 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/05/27 09:08:34 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/05/27 09:08:34 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/05/27 09:08:34 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/05/27 09:08:33 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/05/27 09:08:33 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/05/27 09:08:32 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/05/27 09:08:32 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/05/27 09:08:32 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/05/27 09:08:32 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/05/27 09:08:32 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/05/27 09:08:32 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/05/27 09:08:32 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/05/27 09:08:31 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/05/27 09:08:31 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/05/27 09:08:31 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/05/27 09:08:31 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/05/27 09:08:31 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/05/27 09:08:31 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/05/27 09:08:31 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/05/27 09:08:31 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/05/27 09:08:31 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/05/27 09:08:31 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/05/27 09:08:30 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/05/27 09:08:30 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/05/27 09:08:30 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/05/27 09:08:30 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/05/27 09:08:30 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/05/27 09:08:30 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/05/27 09:08:30 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/05/27 09:08:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/05/27 09:08:29 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/05/27 09:08:29 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/05/27 09:08:29 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/05/27 09:08:29 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/05/27 09:08:29 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/05/27 09:08:29 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/05/27 09:08:29 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/05/27 09:08:29 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/05/27 09:08:29 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/05/27 09:08:28 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/05/27 09:08:28 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/05/27 09:08:28 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/05/27 09:08:28 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/05/27 09:08:28 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/05/27 09:08:27 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/05/27 09:08:27 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/05/27 09:08:27 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/05/27 09:08:27 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/05/27 09:08:27 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/05/27 09:08:26 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/05/27 09:08:26 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/05/27 09:08:26 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/05/27 09:08:25 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/05/27 09:08:25 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/05/27 09:08:25 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/05/27 09:08:25 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/05/27 09:08:24 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/05/27 09:08:24 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/05/27 09:08:24 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/05/27 09:08:24 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/05/27 09:08:24 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/05/27 09:08:24 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/05/27 09:08:24 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/05/27 09:08:24 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/05/27 09:08:24 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/05/27 09:08:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/05/27 09:08:23 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/05/27 09:08:23 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/05/27 09:08:23 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/05/27 09:08:23 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/05/27 09:08:23 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/05/27 09:08:23 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/05/27 09:08:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/05/27 09:08:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/05/27 09:08:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/05/27 09:08:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/05/27 09:08:23 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/05/27 09:08:22 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/05/27 09:08:22 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/05/27 09:08:22 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/05/27 09:08:22 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/05/27 09:08:22 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/05/27 09:08:22 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/05/27 09:08:22 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/05/27 09:08:22 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/05/27 09:08:22 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/05/27 09:08:22 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/05/27 09:08:21 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/05/27 09:08:21 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/05/27 09:08:21 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/05/27 09:08:21 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/05/27 09:08:21 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/05/27 09:08:21 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/05/27 09:08:21 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/05/27 09:08:21 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/05/27 09:08:21 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/05/27 09:08:21 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/05/27 09:08:21 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/05/27 09:08:21 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/05/27 09:08:21 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/05/27 09:08:21 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/05/27 09:08:21 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/05/27 09:08:21 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/05/27 09:08:21 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/27 09:08:20 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/05/27 09:08:20 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/05/27 09:08:20 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/05/27 09:08:20 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/05/27 09:08:20 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/05/27 09:08:20 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/05/27 09:08:20 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/05/27 09:08:20 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/05/27 09:08:20 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/05/27 09:08:20 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/05/27 09:08:19 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/05/27 09:08:19 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/05/27 09:08:19 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/05/27 09:08:19 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/05/27 09:08:19 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/05/27 09:08:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/05/27 09:08:19 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/05/27 09:08:19 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/05/27 09:08:19 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/05/27 09:08:19 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/05/27 09:08:19 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/27 09:08:19 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/27 09:08:19 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/05/27 09:08:18 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/05/27 09:08:18 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/05/27 09:08:18 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/05/27 09:08:18 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/05/27 09:08:18 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/05/27 09:08:18 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/05/27 09:08:18 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/05/27 09:08:17 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/05/27 09:08:17 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/05/27 09:08:17 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/05/27 09:08:17 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/05/27 09:08:17 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/05/27 09:08:16 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/05/27 09:08:16 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/05/27 09:08:16 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/05/27 09:08:16 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/27 09:08:15 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/05/27 09:08:15 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/05/27 09:08:15 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/05/27 09:08:15 | 00,439,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/05/27 09:08:15 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/05/27 09:08:15 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/05/27 09:08:15 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/05/27 09:08:15 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/05/27 09:08:15 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/05/27 09:08:15 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/05/27 09:08:15 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/05/27 09:08:15 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/05/27 09:08:15 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/05/27 09:08:15 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/05/27 09:08:15 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/05/27 09:08:15 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/05/27 09:08:14 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/05/27 09:08:14 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/05/27 09:08:14 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/05/27 09:08:14 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/05/27 09:08:14 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/05/27 09:08:14 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/05/27 09:08:14 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/05/27 09:08:14 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/05/27 09:08:13 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/05/27 09:08:13 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/05/27 09:08:13 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/05/27 09:08:13 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/05/27 09:08:13 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/05/27 09:08:13 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/05/27 09:08:13 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/05/27 09:08:13 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/05/27 09:08:13 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/05/27 09:08:13 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/05/27 09:08:13 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/05/27 09:08:13 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/05/27 09:08:13 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/05/27 09:08:12 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/05/27 09:08:12 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/05/27 09:08:12 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/05/27 09:08:12 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/05/27 09:08:12 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/05/27 09:08:12 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/05/27 09:08:12 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/05/27 09:08:11 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/05/27 09:08:11 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/05/27 09:08:11 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/05/27 09:08:11 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/05/27 09:08:11 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/05/27 09:08:11 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/05/27 09:08:11 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/05/27 09:08:11 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/05/27 09:08:10 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/05/27 09:08:10 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/05/27 09:08:10 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/05/27 09:08:09 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/05/27 09:08:09 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/05/27 09:08:09 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/05/27 09:08:09 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/05/27 09:08:09 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/05/27 09:08:09 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/05/27 09:08:09 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/05/27 09:08:09 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/05/27 09:08:09 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/05/27 09:08:08 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/05/27 09:08:08 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/05/27 09:08:08 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/05/27 09:08:08 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/05/27 09:08:08 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/05/27 09:08:08 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/05/27 09:08:08 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/05/27 09:08:08 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/05/27 09:08:08 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/05/27 09:08:08 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/05/27 09:08:08 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/05/27 09:08:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/05/27 09:08:07 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/05/27 09:08:07 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/05/27 09:08:07 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/05/27 09:08:07 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/05/27 09:08:07 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/05/27 09:08:07 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/05/27 09:08:07 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/05/27 09:08:07 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/05/27 09:08:06 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/05/27 09:08:06 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/05/27 09:08:06 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/05/27 09:08:06 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/05/27 09:08:06 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/05/27 09:08:06 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/05/27 09:08:06 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/05/27 09:08:06 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/05/27 09:08:06 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/05/27 09:08:06 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/05/27 09:08:06 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/05/27 09:08:06 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/05/27 09:08:06 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/05/27 09:08:06 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/05/27 09:08:06 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/05/27 09:08:06 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/05/27 09:08:05 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/05/27 09:08:05 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/05/27 09:08:05 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/05/27 09:08:05 | 00,514,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/05/27 09:08:05 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/05/27 09:08:05 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/05/27 09:08:05 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/05/27 09:08:05 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/05/27 09:08:05 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/05/27 09:08:05 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/05/27 09:08:05 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/05/27 09:08:05 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/05/27 09:08:05 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/05/27 09:08:05 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/05/27 09:08:05 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/05/27 09:08:04 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/05/27 09:08:04 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/05/27 09:08:04 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/05/27 09:08:04 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/05/27 09:08:04 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/05/27 09:08:04 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/05/27 09:08:04 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/05/27 09:08:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/05/27 09:08:04 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/05/27 09:08:03 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/27 09:08:03 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/05/27 09:08:03 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/05/27 09:08:02 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/05/27 09:08:02 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/05/27 09:08:02 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/05/27 09:08:02 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/05/27 09:08:02 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/05/27 09:08:01 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/05/27 09:08:01 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/05/27 09:08:01 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/05/27 09:08:01 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/05/27 09:08:00 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/05/27 09:08:00 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/05/27 09:08:00 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/05/27 09:07:59 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/05/27 09:07:59 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/05/27 09:07:59 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/05/27 09:07:59 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/05/27 09:07:59 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/05/27 09:07:59 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/05/27 09:07:59 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/05/27 09:07:59 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/05/27 09:07:59 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/05/27 09:07:59 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/05/27 09:07:59 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/05/27 09:07:59 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/05/27 09:07:59 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/05/27 09:07:59 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/05/27 09:07:58 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/05/27 09:07:58 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/05/27 09:07:58 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/05/27 09:07:58 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/05/27 09:07:58 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/05/27 09:07:57 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/05/27 09:07:57 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/05/27 09:07:57 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/05/27 09:07:57 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/05/27 09:07:57 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/05/27 09:07:57 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/05/27 09:07:57 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/05/27 09:07:57 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/05/27 09:07:57 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/05/27 09:07:57 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/05/27 09:07:56 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/05/27 09:07:56 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/05/27 09:07:56 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/05/27 09:07:56 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/05/27 09:07:56 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/05/27 09:07:56 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/05/27 09:07:56 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/05/27 09:07:56 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/05/27 09:07:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/05/27 09:07:55 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/05/27 09:07:55 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/05/27 09:07:55 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/05/27 09:07:55 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/05/27 09:07:55 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/05/27 09:07:55 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/05/27 09:07:55 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/05/27 09:07:55 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/05/27 09:07:55 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/05/27 09:07:55 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/05/27 09:07:55 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/05/27 09:07:55 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/05/27 09:07:55 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/05/27 09:07:55 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/05/27 09:07:55 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/05/27 09:07:55 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/05/27 09:07:55 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/05/27 09:07:55 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/05/27 09:07:55 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/05/27 09:07:54 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/05/27 09:07:54 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/05/27 09:07:54 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/05/27 09:07:54 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/05/27 09:07:54 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/05/27 09:07:54 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/05/27 09:07:54 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/05/27 09:07:54 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/05/27 09:07:54 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/05/27 09:07:54 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/05/27 09:07:54 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/05/27 09:07:54 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/05/27 09:07:54 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/05/27 09:07:54 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/05/27 09:07:54 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/05/27 09:07:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/05/27 09:07:53 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/05/27 09:07:53 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/05/27 09:07:53 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/05/27 09:07:53 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/05/27 09:07:53 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/05/27 09:07:53 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/05/27 09:07:53 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/05/27 09:07:53 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/05/27 09:07:53 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/05/27 09:07:53 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/05/27 09:07:53 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/05/27 09:07:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/05/27 09:07:53 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/05/27 09:07:53 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/05/27 09:07:52 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/05/27 09:07:52 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/05/27 09:07:52 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/05/27 09:07:52 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/05/27 09:07:52 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/05/27 09:07:52 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/05/27 09:07:52 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/05/27 09:07:52 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/05/27 09:07:52 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/05/27 09:07:52 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/05/27 09:07:52 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/05/27 09:07:52 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/05/27 09:07:52 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/05/27 09:07:52 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/05/27 09:07:52 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/05/27 09:07:51 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/05/27 09:07:51 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/05/27 09:07:51 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/05/27 09:07:51 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/05/27 09:07:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/05/27 09:07:51 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/05/27 09:07:51 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/05/27 09:07:50 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/05/27 09:07:50 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/05/27 09:07:50 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/05/27 09:07:50 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/05/27 09:07:49 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/05/27 09:07:49 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/05/27 09:07:49 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/05/27 09:07:49 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/05/27 09:07:49 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/05/27 09:07:48 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/05/27 09:07:48 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/05/27 09:07:48 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/05/27 09:07:48 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/05/27 09:07:48 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/05/27 09:07:48 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/05/27 09:07:48 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/05/27 09:07:48 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/05/27 09:07:48 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/05/27 09:07:47 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/05/27 09:07:47 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/05/27 09:07:47 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/05/27 09:07:47 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/05/27 09:07:47 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/05/27 09:07:47 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/05/27 09:07:47 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/05/27 09:07:47 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/05/27 09:07:47 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/05/27 09:07:47 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/05/27 09:07:47 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/05/27 09:07:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/05/27 09:07:47 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/05/27 09:07:46 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/05/27 09:07:46 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/05/27 09:07:46 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/05/27 09:07:46 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/05/27 09:07:46 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/05/27 09:07:46 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/05/27 09:07:46 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/05/27 09:07:46 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/05/27 09:07:46 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/05/27 09:07:46 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/05/27 09:07:46 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/05/27 09:07:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/05/27 09:07:46 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/05/27 09:07:46 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/05/27 09:07:46 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/05/27 09:07:46 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/05/27 09:07:46 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/05/27 09:07:46 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/05/27 09:07:46 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/05/27 09:07:46 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/05/27 09:07:45 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/05/27 09:07:45 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/05/27 09:07:45 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/05/27 09:07:45 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/05/27 09:07:45 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/05/27 09:07:45 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/05/27 09:07:45 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/05/27 09:07:45 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/05/27 09:07:45 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/05/27 09:07:45 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/05/27 09:07:45 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/05/27 09:07:45 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/05/27 09:07:45 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/05/27 09:07:45 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/05/27 09:07:45 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/05/27 09:07:45 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/05/27 09:07:45 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/05/27 09:07:44 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/05/27 09:07:44 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/05/27 09:07:44 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/05/27 09:07:44 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/05/27 09:07:44 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/05/27 09:07:44 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/05/27 09:07:44 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/05/27 09:07:44 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/05/27 09:07:44 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/05/27 09:07:44 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/05/27 09:07:44 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/05/27 09:07:44 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/05/27 09:07:44 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/05/27 09:07:44 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/05/27 09:07:44 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/05/27 09:07:44 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/05/27 09:07:44 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/05/27 09:07:44 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/05/27 09:07:44 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/05/27 09:07:43 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/05/27 09:07:43 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/05/27 09:07:43 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/05/27 09:07:43 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/05/27 09:07:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/05/27 09:07:43 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/05/27 09:07:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/05/27 09:07:43 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/05/27 09:07:43 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/05/27 09:07:43 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/05/27 09:07:43 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/05/27 09:07:43 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/05/27 09:07:43 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/05/27 09:07:43 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/05/27 09:07:43 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/05/27 09:07:43 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/05/27 09:07:42 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/05/27 09:07:42 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/05/27 09:07:42 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/05/27 09:07:42 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/05/27 09:07:42 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/05/27 09:07:41 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/05/27 09:07:41 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/05/27 09:07:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/05/27 09:07:41 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/05/27 09:07:41 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/05/27 09:07:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/05/27 09:07:41 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/05/27 09:07:41 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/05/27 09:07:40 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/05/27 09:07:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/05/27 09:07:40 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/05/27 09:07:39 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/05/27 09:07:39 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/05/27 09:07:39 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/05/27 09:07:39 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/05/27 09:07:39 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/05/27 09:07:39 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/05/27 09:07:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/05/27 09:07:39 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/05/27 09:07:39 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/05/27 09:07:38 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/05/27 09:07:37 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/05/27 09:07:26 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/05/27 09:07:23 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/05/27 09:07:23 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/05/27 09:07:09 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/05/26 18:43:15 | 00,116,839 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/26 21:46:43 | 00,000,132 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/30 20:46:28 | 00,000,415 | ---- | C] () -- C:\Windows\COOK'N5.INI
[2008/12/13 10:29:03 | 00,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2008/07/18 03:16:37 | 00,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008/06/24 00:04:45 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/06/24 00:04:39 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/24 00:04:39 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/24 00:04:39 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/24 00:04:39 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:23:31 | 00,000,204 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\System32\*.tmp files]
[2009/06/13 19:27:50 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Rachelle\Desktop\OTL.exe
[2009/06/13 19:25:20 | 00,128,933 | ---- | M] (Eric_71) -- C:\Users\Rachelle\Desktop\Rooter.exe
[2009/06/13 19:24:32 | 00,000,104 | ---- | M] () -- C:\Users\Rachelle\Desktop\Recycle Bin - Shortcut.lnk
[2009/06/13 17:47:56 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/13 17:47:56 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/13 13:53:47 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/13 13:53:47 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/13 13:53:47 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/13 13:47:59 | 00,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2009/06/13 13:47:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/13 13:47:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/13 13:47:53 | 32,111,90272 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/13 12:23:44 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/11 15:09:37 | 00,314,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/11 10:39:47 | 00,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2009/06/01 09:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/30 12:18:19 | 36,632,3947 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/27 12:58:27 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/05/26 18:44:38 | 00,116,839 | ---- | M] () -- C:\Windows\hpqins00.dat
[2009/05/26 18:43:43 | 00,001,974 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/05/24 16:01:49 | 00,154,624 | ---- | M] () -- C:\Windows\PEV.exe
[2009/05/20 20:24:45 | 00,002,598 | ---- | M] () -- C:\Users\Rachelle\AppData\Roaming\wklnhst.dat
< End of report >


OTL Extra txt:
OTL Extras logfile created on: 6/13/2009 7:29:01 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Rachelle\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 91.02% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 148.59 Gb Free Space | 66.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RACHELLE-PC
Current User Name: Rachelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
File not found -- Reg Error: Unknown registry data type
File not found -- Reg Error: Unknown registry data type
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{935ACE29-C16A-4EA7-B635-6566341E3FBF} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{DC7619FB-993B-475B-84D4-983DF7C27B9A} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |

========== Vista Active Application Exception List ==========

{11677E7C-2BD8-4E1C-829D-A80D41D354DC} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
{17C07F1F-B854-41D0-BCFE-511A94562144} = PROTOCOL=6 | DIR=IN | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{24053270-385C-43E0-B161-2E33514C3AC6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{27F82599-64F6-492B-9E99-9F410807217E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{2A3FC047-30CD-4A92-9976-4BB8075D000C} = DIR=IN | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{4063D641-0810-4A2F-9011-CFB9AD86DE86} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\WLCSDK.EXE |
{54B1FA8D-BFEE-426B-8B5C-40A62017546D} = PROTOCOL=17 | DIR=IN | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{9B157458-B28E-4D9C-A8F1-BC0F0D0FAB11} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{B351A978-56DA-4885-B0BE-0D73CC22795E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAMDATA\NEXONUS\NGM\NGM.EXE |
{D73CB0FA-B4E9-46DA-A32F-30466446DC38} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\SYNC\WINDOWSLIVESYNC.EXE |
{DC9E0C43-2777-464D-BD93-AED13B509182} = PROTOCOL=6 | DIR=IN | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{E4E0D6E8-6B90-493B-9D5F-6CDAE41F8F69} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\PANDO NETWORKS\MEDIA BOOSTER\PMB.EXE |
{F6107B51-9CE0-484A-83D6-5D8504557083} = PROTOCOL=17 | DIR=IN | APP=C:\NEXON\COMBAT ARMS\NMSERVICE.EXE |
{FA12459E-8B9A-4943-8914-9D2CF531D587} = DIR=IN | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{000AB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP MW
"{000AB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP MW
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins MW
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529043}" = WordPerfect Office X4 - IPM MediaWorks EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts MW
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN MW
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Combat Arms" = Combat Arms
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = HP OCR Software 8.0
"Mabinogi" = Mabinogi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"Shop for HP Supplies" = Shop for HP Supplies
"Stamps.com" = Stamps.com
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/29/2009 4:11:42 PM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 1:21:30 AM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 11:48:01 AM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2009 3:19:59 PM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 12:40:11 AM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 11:38:46 AM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2009 5:40:42 PM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/3/2009 6:56:53 PM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2009 9:53:08 AM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2009 3:34:27 PM | Computer Name = Rachelle-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/9/2009 10:42:48 AM | Computer Name = Rachelle-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/12/2009 9:03:31 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/12/2009 9:03:31 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/13/2009 12:01:47 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2009 12:01:47 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/13/2009 12:38:27 PM | Computer Name = Rachelle-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/13/2009 3:05:48 PM | Computer Name = Rachelle-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/13/2009 3:07:35 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2009 3:07:35 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 6/13/2009 4:49:37 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2009 4:49:37 PM | Computer Name = Rachelle-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
  • 0

#7
Rachavery
Posted 13 June 2009 - 08:36 PM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Goored log:
GooredFix v1.92 by jpshortstuff
Log created at 19:35 on 13/06/2009 running Option #1 (Rachelle)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
  • 0

#8
SpySentinel
Posted 16 June 2009 - 01:39 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#9
Rachavery
Posted 16 June 2009 - 01:53 PM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Malwarebytes' Anti-Malware 1.37
Database version: 2289
Windows 6.0.6002 Service Pack 2

6/16/2009 12:52:56 PM
mbam-log-2009-06-16 (12-52-56).txt

Scan type: Quick Scan
Objects scanned: 75925
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\Windows\downloaded program files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\downloaded program files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
  • 0

#10
SpySentinel
Posted 16 June 2009 - 07:42 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Rachavery,

Thanks for the MBAM Log. Kaspersky takes a while to scan
  • 0

#11
Rachavery
Posted 16 June 2009 - 09:26 PM

Rachavery

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Kaspersky said not malware found and did not give me a report?
  • 0

#12
SpySentinel
Posted 16 June 2009 - 11:25 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Yes, if there was no malware, I don't believe a report is given. That's good news.

How is your computer running?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP