Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Explorer vanishes

Started by skookum , May 29 2011 03:57 AM

This topic is locked

#1
skookum

Posted 29 May 2011 - 03:57 AM

Member

Member
43 posts

Windows Explorer will not let me look into folders, it vanishes when i open almost any folder.
At first it only happened every now and then, then i noticed when i went to certain folders like my AppData folder explorer vanished every time.
As of today any folder i open results with windows explorer vanishing, it does not crash it just vanishes into thin air.

I have scanned with various applications looking for virus/malware/rootkit problems, I have used Malwarebytes,Avast Antivirus,TDSSKiller,Drweb-Cureit but nothing appears to fix my problem. They have found problems but i think they fixed them.

Here is my OTL log

OTL logfile created on: 29/05/2011 10:30:33 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 274.14 Gb Total Space | 41.66 Gb Free Space | 15.20% Space Free | Partition Type: NTFS

Computer Name: DZ-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
PRC - [2011/05/14 10:08:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/04/20 03:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 03:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/04/19 22:17:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/02/23 18:38:34 | 003,656,704 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (SafeList) ==========

MOD - [2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
MOD - [2011/05/14 10:12:12 | 001,744,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\GdiPlus.dll
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/11/02 10:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Unknown | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/04/20 03:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/19 22:17:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/02/23 18:38:34 | 003,656,704 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2011/04/20 03:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 02:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/07 12:34:46 | 000,013,160 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV - [2011/04/07 12:34:44 | 000,014,568 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV - [2011/03/30 19:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/28 15:33:28 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/01/28 13:34:32 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/28 13:34:32 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/03 08:11:14 | 000,256,000 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2006/11/02 09:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2004/08/11 05:44:32 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2003/08/13 01:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Machnm32.sys -- (Machnm32)
DRV - [2003/08/09 18:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://seek.mk/Searc...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.7thcavalry.us/"
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56364
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/14 17:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/14 17:23:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/14 17:23:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/26 23:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 14:47:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 22:34:50 | 000,000,000 | ---D | M]

[2011/01/24 19:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/26 02:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a6nqwcbs.default\extensions
[2010/12/12 15:28:58 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a6nqwcbs.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/05/22 10:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 18:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/05 14:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/05/26 23:00:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A6NQWCBS.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A6NQWCBS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/14 10:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/05 14:24:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/11/13 00:58:43 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2011/05/21 11:13:26 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/29 03:55:12 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5b2f9000-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f9000-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5b2f900e-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f900e-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5b2f9013-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f9013-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{82b0228a-8328-11e0-881b-ba942b1c4b31}\Shell - "" = AutoRun
O33 - MountPoints2\{82b0228a-8328-11e0-881b-ba942b1c4b31}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{974982e0-86c6-11e0-906e-9494bde7c632}\Shell - "" = AutoRun
O33 - MountPoints2\{974982e0-86c6-11e0-906e-9494bde7c632}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{b99200a8-8175-11e0-98e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b99200a8-8175-11e0-98e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{db830792-65f0-11e0-b957-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{db830792-65f0-11e0-b957-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/29 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2011/05/29 03:36:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2011/05/28 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Additional Content
[2011/05/28 18:06:17 | 001,177,600 | ---- | C] (AD) -- C:\Windows\System32\SYNSOEMU.DLL
[2011/05/28 18:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2011/05/28 18:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Steinberg
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2011/05/28 17:11:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
[2011/05/28 16:38:30 | 000,014,568 | ---- | C] (MaxiVista) -- C:\Windows\System32\drivers\mvCmdemo.SYS
[2011/05/28 16:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiVista Demo Server
[2011/05/28 16:37:56 | 000,024,168 | ---- | C] (Maxivsta) -- C:\Windows\System32\mvvideodemo.dll
[2011/05/28 16:37:56 | 000,013,160 | ---- | C] (MaxiVista) -- C:\Windows\System32\drivers\mvvideodemo.sys
[2011/05/28 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\MaxiVista Demo Server
[2011/05/28 16:37:38 | 004,168,552 | ---- | C] (Bartels Media GmbH ) -- C:\Users\Administrator\Desktop\Maxivista_Setup_PrimaryPC.exe
[2011/05/28 12:33:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/05/28 00:53:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2011/05/28 00:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
[2011/05/28 00:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011/05/27 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-he
[2011/05/27 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
[2011/05/27 12:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2011/05/27 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Ableton
[2011/05/27 12:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/05/27 12:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Thinstall
[2011/05/27 03:35:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{05835455-7C7C-4AA0-A7A0-63D407FC9E17}
[2011/05/27 03:34:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}
[2011/05/27 00:56:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}
[2011/05/26 23:00:13 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/26 23:00:13 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/26 23:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/05/26 23:00:12 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/26 23:00:12 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/26 23:00:12 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/26 23:00:12 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/26 23:00:01 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/26 23:00:01 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/26 22:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/26 22:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/26 22:59:27 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/05/26 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/05/26 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/05/26 12:04:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5E4CAE11-3142-4132-BACC-8515F1910998}
[2011/05/26 12:01:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011/05/26 12:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011/05/25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/25 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
[2011/05/25 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
[2011/05/25 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Native Instruments
[2011/05/25 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Native Instruments
[2011/05/25 13:56:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Absynth Sounds Vol. 1
[2011/05/25 13:35:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Music Production
[2011/05/25 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{29CF7310-A1F2-43D3-9CA5-BAF68DCAEDC1}
[2011/05/25 10:01:25 | 000,911,856 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Administrator\Desktop\SPTDinst-v160-x86.exe
[2011/05/25 09:53:05 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/05/25 02:18:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Spectrasonics
[2011/05/25 01:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/05/25 01:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2011/05/24 20:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/05/24 20:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011/05/24 20:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/05/24 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/05/24 17:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/05/24 17:39:33 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/05/24 17:39:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011/05/24 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/05/24 17:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/05/24 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/05/24 13:34:27 | 000,000,000 | -H-D | C] -- C:\tempintfiles
[2011/05/24 10:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/24 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/21 23:37:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SH5
[2011/05/21 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Ubisoft Game Launcher
[2011/05/21 17:11:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Laconic Software
[2011/05/21 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Sexy Anime Girls
[2011/05/21 11:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beautiful Nature
[2011/05/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenSaverGift
[2011/05/21 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/21 10:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/05/21 00:48:25 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2011/05/21 00:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2011/05/21 00:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/21 00:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2011/05/20 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/05/20 13:30:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Sonalysts Combat Simulations
[2011/05/20 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Sonalysts Combat Simulations
[2011/05/20 13:11:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\GAME INSTALLS
[2011/05/20 11:04:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Mount&Blade With Fire and Sword
[2011/05/20 11:04:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/05/20 11:03:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2011/05/20 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2011/05/20 11:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mount&Blade With Fire and Sword
[2011/05/20 08:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sports Interactive
[2011/05/20 08:22:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/05/20 08:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2011/05/20 08:18:47 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\InstallAnywhere
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaaTec
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MaaTec
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\MaaTec
[2011/05/19 21:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/05/19 11:22:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Games
[2011/05/19 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Amnesia
[2011/05/19 08:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011/05/19 08:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Amnesia - The Dark Descent
[2011/05/18 20:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/05/18 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\microsoft
[2011/05/18 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/05/18 20:30:48 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011/05/18 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2011/05/18 20:30:43 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/05/18 20:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/05/18 20:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/05/18 20:28:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011/05/18 20:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/05/18 20:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2011/05/18 18:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/05/18 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DAEMON Tools Images
[2011/05/18 13:06:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
[2011/05/18 12:22:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/18 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/18 12:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/18 00:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/05/16 13:55:48 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/05/15 15:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/15 15:19:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/05/15 15:01:43 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/05/15 15:01:43 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/05/15 15:01:43 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/05/15 15:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/05/15 15:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/15 15:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/15 15:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/15 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PackageAware
[2011/05/15 10:22:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/15 09:10:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Activision
[2011/05/15 02:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/05/14 17:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/05/14 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2011/05/14 17:25:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\DDMSettings
[2011/05/14 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/14 17:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/14 17:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/05/14 17:18:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivX Plus Pro
[2011/05/14 17:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus Pro
[2011/05/14 17:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\DivX Plus Pro
[2011/05/14 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/05/14 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/14 17:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/14 16:32:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Vuze Downloads
[2011/05/14 16:22:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/05/14 16:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/05/14 16:21:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2011/05/14 10:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/14 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/14 10:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/12 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.thumbnails
[2011/05/08 21:02:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon
[2011/05/08 04:22:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\COD
[2011/05/07 15:08:01 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/05/07 15:08:01 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/05/07 15:08:01 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011/05/07 15:08:01 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/05/07 14:35:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Sounds
[2011/05/07 14:27:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\icons
[2011/05/07 01:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/05/07 01:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/05/07 01:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/05/07 01:43:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/05/06 12:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/05/06 12:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2011/05/05 15:18:06 | 002,277,376 | ---- | C] (Topala Software Solutions) -- C:\Users\Administrator\Desktop\siw.exe
[2011/05/05 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Scripts
[2011/05/05 11:11:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/05 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Lace Mamba Global
[2011/05/05 10:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/05 10:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/05/04 23:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/04 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2011/05/04 14:05:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\ATI Drivers
[2011/05/04 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/05/01 22:21:50 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011/05/01 22:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/05/01 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/05/01 17:19:03 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011/05/01 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2011/05/01 14:43:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\RadeonPro Benchmarks
[2011/04/29 19:48:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2011/04/29 19:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2011/04/29 19:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 10:30:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04BF8757-0A75-4F0E-9EAC-CEAD1E76BB4D}.job
[2011/05/29 10:02:55 | 000,623,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/29 10:02:55 | 000,107,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/29 09:58:04 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 09:58:03 | 000,003,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 09:57:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/29 09:57:49 | 2683,625,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/29 03:55:12 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/29 03:27:25 | 064,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\drweb-cureit.exe
[2011/05/28 18:00:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/05/28 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/05/28 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/05/28 18:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/05/28 18:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/05/28 17:47:47 | 000,001,939 | ---- | M] () -- C:\Users\Administrator\Desktop\Cubase 5.lnk
[2011/05/28 16:44:35 | 000,000,003 | ---- | M] () -- C:\Windows\System32\OutN64proc64.dll
[2011/05/28 16:44:35 | 000,000,003 | ---- | M] () -- C:\Windows\System32\InN64proc64.dll
[2011/05/28 16:38:07 | 000,000,936 | ---- | M] () -- C:\Users\Administrator\Desktop\MaxiVista Demo Server.lnk
[2011/05/28 16:33:24 | 004,168,552 | ---- | M] (Bartels Media GmbH ) -- C:\Users\Administrator\Desktop\Maxivista_Setup_PrimaryPC.exe
[2011/05/28 14:55:31 | 000,001,396 | ---- | M] () -- C:\Users\Administrator\Desktop\GETLAID-PC - Shortcut.lnk
[2011/05/28 00:53:26 | 000,001,027 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraSearch.lnk
[2011/05/28 00:53:26 | 000,001,003 | ---- | M] () -- C:\Users\Administrator\Desktop\UltraSearch.lnk
[2011/05/27 20:30:55 | 000,005,120 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/05/27 19:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/05/27 03:38:37 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
[2011/05/26 23:00:13 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/05/26 23:00:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/26 22:55:02 | 000,379,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/26 12:04:11 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Kontakt 4.lnk
[2011/05/26 12:01:32 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/05/25 14:41:49 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\Desktop\Absynth 4.lnk
[2011/05/25 14:09:34 | 000,000,504 | ---- | M] () -- C:\Users\Administrator\Desktop\Music Production - Shortcut.lnk
[2011/05/25 13:02:35 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2011/05/25 12:46:17 | 000,000,067 | ---- | M] () -- C:\Users\Administrator\Desktop\NIABS503.cue
[2011/05/25 10:00:51 | 000,911,856 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Administrator\Desktop\SPTDinst-v160-x86.exe
[2011/05/25 09:43:39 | 001,007,108 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/05/25 09:25:47 | 000,013,458 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\t2342bpnbb47w8
[2011/05/25 09:25:47 | 000,013,458 | -HS- | M] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/05/24 20:28:46 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
[2011/05/24 17:40:16 | 000,000,959 | ---- | M] () -- C:\Users\Administrator\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/05/24 17:39:32 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 10.lnk
[2011/05/24 13:15:59 | 000,000,865 | ---- | M] () -- C:\Users\Administrator\Desktop\Playerdata - Shortcut.lnk
[2011/05/24 13:15:02 | 000,000,629 | ---- | M] () -- C:\Users\Administrator\Desktop\MODS - Shortcut.lnk
[2011/05/24 13:14:33 | 000,000,611 | ---- | M] () -- C:\Users\Administrator\Desktop\Silent Hunter 5 Downloaded Mods - Shortcut.lnk
[2011/05/23 17:36:16 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\JSGME - Shortcut.lnk
[2011/05/23 17:36:08 | 000,000,700 | ---- | M] () -- C:\Users\Administrator\Desktop\sh5 - Shortcut.lnk
[2011/05/22 15:58:29 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/05/22 15:51:10 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\Generic Mod Enabler - Silent Hunter 5.lnk
[2011/05/22 10:16:18 | 000,002,660 | ---- | M] () -- C:\Users\Administrator\Documents\New.ncd
[2011/05/20 13:24:34 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\DARPA ACTUV Game.lnk
[2011/05/20 11:03:42 | 000,000,998 | ---- | M] () -- C:\Users\Administrator\Desktop\Mount&Blade With Fire and Sword.lnk
[2011/05/19 22:34:50 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/19 21:26:49 | 000,002,376 | ---- | M] () -- C:\Users\Administrator\Desktop\mumblecert.p12
[2011/05/19 21:10:22 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/05/18 20:30:43 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/05/18 14:14:06 | 1048,576,000 | ---- | M] () -- C:\RAMDisk.img
[2011/05/18 13:16:52 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
[2011/05/18 12:56:23 | 1048,576,000 | ---- | M] () -- C:\RAMDisk.img.bak
[2011/05/18 12:22:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 12:10:31 | 000,008,340 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 12:10:31 | 000,008,340 | -HS- | M] () -- C:\ProgramData\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 02:37:06 | 000,001,630 | ---- | M] () -- C:\Users\Administrator\Desktop\System Restore.lnk
[2011/05/18 02:14:29 | 000,008,468 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/18 02:14:29 | 000,008,468 | -HS- | M] () -- C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/18 01:43:11 | 000,000,510 | ---- | M] () -- C:\Users\Administrator\Desktop\Vuze Downloads - Shortcut.lnk
[2011/05/18 01:36:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/05/18 01:36:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/05/17 23:42:20 | 000,007,658 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110517_234210.reg
[2011/05/17 19:06:08 | 001,056,768 | ---- | M] () -- C:\Users\Administrator\defltbase.sdb
[2011/05/17 09:52:18 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\Device Manager - Shortcut.lnk
[2011/05/16 14:06:00 | 000,148,208 | ---- | M] () -- C:\wubildr
[2011/05/16 14:06:00 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/05/15 22:24:17 | 000,139,488 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/15 22:24:00 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/05/15 18:30:07 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/05/15 18:29:48 | 000,001,098 | ---- | M] () -- C:\Users\Administrator\Desktop\CoDWaWmp - Shortcut.lnk
[2011/05/15 18:28:18 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\System - Shortcut.lnk
[2011/05/15 17:07:27 | 000,001,086 | ---- | M] () -- C:\Users\Administrator\Desktop\CoDWaW -SP Shortcut.lnk
[2011/05/15 16:12:20 | 000,022,328 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011/05/15 16:11:55 | 000,682,280 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/05/15 15:01:44 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/05/15 14:47:10 | 000,000,870 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/15 09:54:17 | 000,007,152 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110515_095414.reg
[2011/05/15 02:49:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/05/14 17:23:11 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/05/14 17:23:11 | 000,001,404 | ---- | M] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2011/05/14 17:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/05/14 17:18:58 | 000,000,872 | ---- | M] () -- C:\Users\Administrator\Desktop\DivX Plus Pro.lnk
[2011/05/14 17:11:27 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/14 17:05:32 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/14 11:09:20 | 000,001,090 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110514_110915.reg
[2011/05/14 10:38:04 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/14 10:23:34 | 001,657,350 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/05/14 10:21:02 | 000,008,830 | ---- | M] () -- C:\Windows\System32\RacUR.xml
[2011/05/14 10:21:02 | 000,000,153 | ---- | M] () -- C:\Windows\System32\RacUREx.xml
[2011/05/12 11:36:49 | 000,008,798 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2011/05/07 15:04:25 | 000,001,283 | ---- | M] () -- C:\Users\Administrator\Desktop\Documents - Shortcut.lnk
[2011/05/07 14:59:33 | 000,039,560 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110507_145928.reg
[2011/05/07 14:22:07 | 000,000,510 | ---- | M] () -- C:\Users\Administrator\Desktop\Program Files - Shortcut.lnk
[2011/05/07 01:47:02 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/05/07 01:24:18 | 000,016,742 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110507_012357.reg
[2011/05/07 00:54:13 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/05/07 00:48:19 | 000,001,830 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile0.dat
[2011/05/07 00:48:19 | 000,001,828 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile1.dat
[2011/05/06 23:45:34 | 000,000,005 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.uniblue
[2011/05/06 23:45:25 | 000,000,005 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110506-234534.backup
[2011/05/06 23:45:16 | 000,000,005 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110506-234525.backup
[2011/05/05 15:10:48 | 000,000,650 | ---- | M] () -- C:\Users\Administrator\Desktop\AppData - Shortcut.lnk
[2011/05/05 15:10:23 | 000,000,686 | ---- | M] () -- C:\Users\Administrator\Desktop\Downloads - Shortcut.lnk
[2011/05/05 10:40:29 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/04 22:33:02 | 000,031,414 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20110504_223247.reg
[2011/05/04 14:54:51 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\Programs and Features - Shortcut.lnk
[2011/05/03 14:29:18 | 002,277,376 | ---- | M] (Topala Software Solutions) -- C:\Users\Administrator\Desktop\siw.exe
[2011/05/01 22:21:50 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/29 19:49:50 | 000,002,377 | ---- | M] () -- C:\Users\Administrator\Documents\MumbleAutomaticCertificateBackup.p12
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 09:57:49 | 2683,625,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/29 03:26:07 | 064,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\drweb-cureit.exe
[2011/05/28 17:47:47 | 000,001,939 | ---- | C] () -- C:\Users\Administrator\Desktop\Cubase 5.lnk
[2011/05/28 16:44:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll
[2011/05/28 16:44:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll
[2011/05/28 16:38:07 | 000,000,936 | ---- | C] () -- C:\Users\Administrator\Desktop\MaxiVista Demo Server.lnk
[2011/05/28 14:55:31 | 000,001,396 | ---- | C] () -- C:\Users\Administrator\Desktop\GETLAID-PC - Shortcut.lnk
[2011/05/28 00:53:25 | 000,001,027 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\UltraSearch.lnk
[2011/05/28 00:53:25 | 000,001,003 | ---- | C] () -- C:\Users\Administrator\Desktop\UltraSearch.lnk
[2011/05/27 19:58:13 | 000,005,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 03:38:37 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2011/05/26 23:00:13 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/05/26 12:04:11 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Kontakt 4.lnk
[2011/05/26 12:01:32 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2011/05/25 14:41:49 | 000,000,931 | ---- | C] () -- C:\Users\Administrator\Desktop\Absynth 4.lnk
[2011/05/25 14:09:34 | 000,000,504 | ---- | C] () -- C:\Users\Administrator\Desktop\Music Production - Shortcut.lnk
[2011/05/25 12:46:17 | 000,000,067 | ---- | C] () -- C:\Users\Administrator\Desktop\NIABS503.cue
[2011/05/25 09:43:38 | 001,007,108 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/05/25 08:30:24 | 000,013,458 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\t2342bpnbb47w8
[2011/05/25 08:30:24 | 000,013,458 | -HS- | C] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/24 20:28:46 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
[2011/05/24 17:40:16 | 000,000,959 | ---- | C] () -- C:\Users\Administrator\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/05/24 17:39:32 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 10.lnk
[2011/05/24 13:15:59 | 000,000,865 | ---- | C] () -- C:\Users\Administrator\Desktop\Playerdata - Shortcut.lnk
[2011/05/24 13:15:02 | 000,000,629 | ---- | C] () -- C:\Users\Administrator\Desktop\MODS - Shortcut.lnk
[2011/05/24 13:14:33 | 000,000,611 | ---- | C] () -- C:\Users\Administrator\Desktop\Silent Hunter 5 Downloaded Mods - Shortcut.lnk
[2011/05/23 17:36:16 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\JSGME - Shortcut.lnk
[2011/05/22 15:51:10 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\Generic Mod Enabler - Silent Hunter 5.lnk
[2011/05/22 10:12:37 | 000,002,660 | ---- | C] () -- C:\Users\Administrator\Documents\New.ncd
[2011/05/21 12:39:33 | 000,000,700 | ---- | C] () -- C:\Users\Administrator\Desktop\sh5 - Shortcut.lnk
[2011/05/21 00:32:20 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2011/05/20 13:24:34 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DARPA_ACTUVGame_INSTALLATION GUIDE.pdf.lnk
[2011/05/20 13:24:34 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DARPA ACTUV Game User Manual.pdf.lnk
[2011/05/20 13:24:34 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\DARPA ACTUV Game.lnk
[2011/05/20 13:24:34 | 000,001,960 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DARPA ACTUV Game.lnk
[2011/05/20 11:03:42 | 000,000,998 | ---- | C] () -- C:\Users\Administrator\Desktop\Mount&Blade With Fire and Sword.lnk
[2011/05/19 22:34:50 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/19 22:34:50 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/19 21:26:45 | 000,002,376 | ---- | C] () -- C:\Users\Administrator\Desktop\mumblecert.p12
[2011/05/19 21:10:22 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/05/18 13:16:52 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011/05/18 12:22:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 02:37:06 | 000,001,630 | ---- | C] () -- C:\Users\Administrator\Desktop\System Restore.lnk
[2011/05/18 02:14:29 | 000,008,340 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 02:14:29 | 000,008,340 | -HS- | C] () -- C:\ProgramData\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 01:54:55 | 000,008,468 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/18 01:54:55 | 000,008,468 | -HS- | C] () -- C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/18 01:43:11 | 000,000,510 | ---- | C] () -- C:\Users\Administrator\Desktop\Vuze Downloads - Shortcut.lnk
[2011/05/18 01:36:13 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2011/05/18 01:36:13 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2011/05/18 00:42:45 | 000,002,425 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/05/17 23:42:14 | 000,007,658 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110517_234210.reg
[2011/05/17 19:06:08 | 001,056,768 | ---- | C] () -- C:\Users\Administrator\defltbase.sdb
[2011/05/17 16:56:05 | 1048,576,000 | ---- | C] () -- C:\RAMDisk.img.bak
[2011/05/17 16:56:05 | 1048,576,000 | ---- | C] () -- C:\RAMDisk.img
[2011/05/17 09:52:18 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\Device Manager - Shortcut.lnk
[2011/05/16 14:06:00 | 000,148,208 | ---- | C] () -- C:\wubildr
[2011/05/16 14:06:00 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/05/15 18:29:48 | 000,001,098 | ---- | C] () -- C:\Users\Administrator\Desktop\CoDWaWmp - Shortcut.lnk
[2011/05/15 18:28:18 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\System - Shortcut.lnk
[2011/05/15 17:07:27 | 000,001,086 | ---- | C] () -- C:\Users\Administrator\Desktop\CoDWaW -SP Shortcut.lnk
[2011/05/15 16:12:20 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/15 16:11:56 | 000,270,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/15 16:11:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/05/15 15:51:34 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/15 15:28:31 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/05/15 15:28:30 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/05/15 15:28:30 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/05/15 15:28:30 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/05/15 15:28:29 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/05/15 15:01:44 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/05/15 15:01:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/05/15 14:47:10 | 000,000,870 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/15 09:54:15 | 000,007,152 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110515_095414.reg
[2011/05/15 02:49:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/05/14 17:48:48 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/05/14 17:48:46 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/05/14 17:48:46 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/05/14 17:48:45 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/05/14 17:48:44 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/05/14 17:23:11 | 000,001,404 | ---- | C] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2011/05/14 17:22:46 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/05/14 17:22:30 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/05/14 17:18:58 | 000,000,872 | ---- | C] () -- C:\Users\Administrator\Desktop\DivX Plus Pro.lnk
[2011/05/14 17:05:32 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/14 16:22:14 | 000,001,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/05/14 11:09:16 | 000,001,090 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110514_110915.reg
[2011/05/14 10:50:19 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/05/14 10:23:34 | 001,657,350 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/05/14 10:21:02 | 000,008,830 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/05/14 10:21:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/05/12 11:36:49 | 000,008,798 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011/05/07 14:59:31 | 000,039,560 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110507_145928.reg
[2011/05/07 14:22:07 | 000,000,510 | ---- | C] () -- C:\Users\Administrator\Desktop\Program Files - Shortcut.lnk
[2011/05/07 01:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/07 01:24:06 | 000,016,742 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110507_012357.reg
[2011/05/07 00:54:13 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/05/06 17:04:24 | 000,001,283 | ---- | C] () -- C:\Users\Administrator\Desktop\Documents - Shortcut.lnk
[2011/05/05 15:10:48 | 000,000,650 | ---- | C] () -- C:\Users\Administrator\Desktop\AppData - Shortcut.lnk
[2011/05/05 15:10:23 | 000,000,686 | ---- | C] () -- C:\Users\Administrator\Desktop\Downloads - Shortcut.lnk
[2011/05/05 10:40:29 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/04 22:32:55 | 000,031,414 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20110504_223247.reg
[2011/05/04 14:54:51 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\Programs and Features - Shortcut.lnk
[2011/05/04 00:22:57 | 000,001,828 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile1.dat
[2011/05/01 22:21:50 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/29 19:49:50 | 000,002,377 | ---- | C] () -- C:\Users\Administrator\Documents\MumbleAutomaticCertificateBackup.p12
[2011/04/08 12:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/04/06 02:20:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/05 22:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/16 22:54:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/15 23:08:45 | 000,000,498 | ---- | C] () -- C:\Windows\eZip.INI
[2011/02/13 18:46:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/04 16:20:25 | 000,001,830 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile0.dat
[2010/10/06 01:01:52 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2010/03/01 22:41:47 | 000,000,101 | ---- | C] () -- C:\Windows\CMMIXER.INI
[2010/03/01 15:11:42 | 001,743,872 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2007/08/25 20:23:40 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
[2007/08/25 12:17:21 | 000,008,138 | ---- | C] () -- C:\Windows\mozver.dat
[2007/08/07 22:49:30 | 000,274,432 | ---- | C] () -- C:\Windows\System32\ClassX.dll
[2007/08/07 22:49:30 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dtidb.dll
[2007/08/07 22:49:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\classxps.dll
[2007/08/07 22:49:24 | 000,073,728 | ---- | C] () -- C:\Windows\EasyZipp.exe
[2007/08/07 22:49:24 | 000,040,960 | ---- | C] () -- C:\Windows\EasyBar.exe
[2007/08/07 22:49:16 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2007/08/07 22:49:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2007/08/07 20:06:59 | 000,287,744 | ---- | C] () -- C:\Windows\System32\regsystem.dll
[2007/08/07 20:06:59 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2007/08/07 20:06:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\Machnm64.sys
[2007/08/07 20:06:59 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2007/08/07 18:42:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2007/08/07 18:40:37 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2007/08/07 18:39:07 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/04 20:14:47 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/29 22:51:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/04/24 17:22:14 | 000,022,328 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2007/04/24 17:21:58 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2007/04/24 16:57:52 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/03/31 22:09:48 | 000,000,671 | ---- | C] () -- C:\Windows\WININIT.INI
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/03/07 22:35:39 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/03/06 04:59:12 | 000,002,016 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys
[2007/03/06 04:59:12 | 000,001,888 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys
[2007/03/06 04:57:33 | 000,000,143 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/03/04 20:27:27 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,379,608 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,623,962 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,980 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/05/28 18:37:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/05/08 21:02:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010/10/06 01:01:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Copernic
[2011/05/29 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2011/05/12 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2011/05/28 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2011/05/21 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Laconic Software
[2011/05/19 22:29:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MaaTec
[2011/05/20 12:46:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/05/24 17:03:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2011/02/23 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NewSoft
[2010/12/17 03:49:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Osefre
[2011/05/15 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/05/20 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2011/05/28 17:58:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Steinberg
[2011/05/27 12:41:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/05/14 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2011/03/01 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ts3overlay
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/05/28 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/05/27 19:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/05/27 19:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/05/28 18:00:00 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/05/28 18:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/05/28 18:00:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/05/28 18:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/05/29 09:49:14 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/29 10:30:00 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{04BF8757-0A75-4F0E-9EAC-CEAD1E76BB4D}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#2
Render

Posted 30 May 2011 - 10:42 AM

Trusted Helper

Malware Removal
4,195 posts

Hi, skookum! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

I noticed you are using P2P programs (Vuze). Please either uninstall, or do not use them while we are working to clean your computer as P2P programs are known to bring malware to computer.

Step 1

Please temporally un-install following applications then reboot your system:

Daemon Tools
Alcohol 120%

How to unistall program in Windows Vista:

Open Programs and Features by clicking the Start button , clicking Control Panel, clicking Programs, and then clicking Programs and Features.
Select a program(s) listed above, and then click Uninstall. Some programs include the option to change or repair the program in addition to uninstalling it. But many simply offer the option to uninstall. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Step 2

We need to run an OTL Fix

Please right click on on your desktop and click on Run as administrator.
Under the Custom Scans/Fixes box copy and paste this in:

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 56364
FF - prefs.js..network.proxy.type: 0
[2011/05/25 09:25:47 | 000,013,458 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\t2342bpnbb47w8
[2011/05/25 09:25:47 | 000,013,458 | -HS- | M] () -- C:\ProgramData\t2342bpnbb47w8
[2011/05/18 12:10:31 | 000,008,340 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 12:10:31 | 000,008,340 | -HS- | M] () -- C:\ProgramData\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q
[2011/05/18 02:14:29 | 000,008,468 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/18 02:14:29 | 000,008,468 | -HS- | M] () -- C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm

:Files
C:\Windows\tasks\At*.job
ipconfig /flushdns /c

:Reg

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
Click on button.
OTL may ask to reboot the machine. Please do so if asked.
Click on button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3

Please download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 4

Posted Image

OTL Custom Scan

Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Stadard output is selected.
Select Scan all users
Under the Extra Registry section, check Use SafeList
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scans/Fixes box copy and paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:

OTL fix log
aswMBR log
OTL scan log
Extras log

#3
skookum

Posted 30 May 2011 - 12:31 PM

Member

Topic Starter
Member
43 posts

Fix Log

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 56364 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\Administrator\AppData\Local\t2342bpnbb47w8 moved successfully.
C:\ProgramData\t2342bpnbb47w8 moved successfully.
C:\Users\Administrator\AppData\Local\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q moved successfully.
C:\ProgramData\7q323ys0lix57774hbe1v4em53xmbre0320bn231w2d1q moved successfully.
C:\Users\Administrator\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm moved successfully.
C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm moved successfully.
========== FILES ==========
C:\Windows\tasks\At1.job moved successfully.
C:\Windows\tasks\At10.job moved successfully.
C:\Windows\tasks\At2.job moved successfully.
C:\Windows\tasks\At3.job moved successfully.
C:\Windows\tasks\At4.job moved successfully.
C:\Windows\tasks\At5.job moved successfully.
C:\Windows\tasks\At6.job moved successfully.
C:\Windows\tasks\At7.job moved successfully.
C:\Windows\tasks\At8.job moved successfully.
C:\Windows\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: acturaid
->Temp folder emptied: 144704 bytes
->Temporary Internet Files folder emptied: 33109 bytes
->FireFox cache emptied: 19005657 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 112179450 bytes
->Temporary Internet Files folder emptied: 32611191 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 81906458 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 10300 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dz
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33109 bytes
->FireFox cache emptied: 49867070 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17269069 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 300.00 mb

[EMPTYFLASH]

User: acturaid
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Dz
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05302011_185658

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aswMBR scan could not be started

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-30 19:02:15
-----------------------------
19:02:15.632 OS Version: Windows 6.0.6002 Service Pack 2
19:02:15.632 Number of processors: 2 586 0x4B02
19:02:15.634 ComputerName: DZ-PC UserName:
19:02:16.313 Initialze error C0000033 - driver not loaded
19:03:23.282 The log file has been saved successfully to "C:\Users\Administrator\Desktop\Geekstogo logs\aswMBR.txt"

OTL scan

OTL logfile created on: 30/05/2011 19:08:35 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 274.14 Gb Total Space | 39.82 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 696.67 Mb Free Space | 99.20% Space Free | Partition Type: UDF

Computer Name: DZ-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
PRC - [2011/04/20 03:04:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/04/20 03:04:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/04/19 22:17:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011/04/19 22:11:56 | 000,049,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
PRC - [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 15:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/02/23 01:39:24 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 08:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 18:38:34 | 003,656,704 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2008/01/19 08:33:11 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/12/03 11:21:42 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe
PRC - [2004/08/11 05:44:32 | 001,228,800 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\Windows\mixer.exe

========== Modules (SafeList) ==========

MOD - [2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
MOD - [2011/02/23 15:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/11/04 19:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/20 03:04:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/04/19 22:17:18 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/05 08:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2009/02/23 18:38:34 | 003,656,704 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

========== Driver Services (SafeList) ==========

DRV - [2011/04/20 03:43:40 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/04/20 02:22:08 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/07 12:34:46 | 000,013,160 | ---- | M] (MaxiVista) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV - [2011/04/07 12:34:44 | 000,014,568 | ---- | M] (MaxiVista) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV - [2011/03/30 19:46:24 | 000,097,808 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 02:57:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/02/18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010/01/28 15:33:28 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/01/28 13:34:32 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/28 13:34:32 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/12/03 11:21:30 | 000,297,992 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\deltaII.sys -- (DELTAII) Service for M-Audio Delta Driver (WDM)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/03 08:11:14 | 000,256,000 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2004/08/11 05:44:32 | 000,370,382 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2003/08/13 01:27:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Machnm32.sys -- (Machnm32)
DRV - [2003/08/09 18:32:14 | 000,014,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NetMotCM.sys -- (ndiscm)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://seek.mk/Searc...q={searchTerms}
IE - HKU\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-357686384-3270024895-2839793856-500\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-357686384-3270024895-2839793856-500\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.7thcavalry.us/"
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/14 17:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/26 23:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/30 08:21:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 08:21:42 | 000,000,000 | ---D | M]

[2011/01/24 19:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/05/26 02:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a6nqwcbs.default\extensions
[2010/12/12 15:28:58 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a6nqwcbs.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/05/22 10:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/02 18:49:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/05 14:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
File not found (No name found) --
[2011/05/26 23:00:02 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A6NQWCBS.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A6NQWCBS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/14 10:07:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/02/05 14:24:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/11/13 00:58:43 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2011/05/21 11:13:26 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/30 18:57:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKU\S-1-5-21-357686384-3270024895-2839793856-500\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-357686384-3270024895-2839793856-500\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-357686384-3270024895-2839793856-500\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [C-Media Mixer] C:\Windows\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5b2f9000-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f9000-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5b2f900e-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f900e-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{5b2f9013-78b2-11e0-97e5-dce7748fa803}\Shell - "" = AutoRun
O33 - MountPoints2\{5b2f9013-78b2-11e0-97e5-dce7748fa803}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{82b0228a-8328-11e0-881b-ba942b1c4b31}\Shell - "" = AutoRun
O33 - MountPoints2\{82b0228a-8328-11e0-881b-ba942b1c4b31}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{974982e0-86c6-11e0-906e-9494bde7c632}\Shell - "" = AutoRun
O33 - MountPoints2\{974982e0-86c6-11e0-906e-9494bde7c632}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{b99200a8-8175-11e0-98e1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b99200a8-8175-11e0-98e1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{db830792-65f0-11e0-b957-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{db830792-65f0-11e0-b957-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/30 18:59:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Geekstogo logs
[2011/05/30 18:56:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/30 18:56:21 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/30 18:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
[2011/05/30 16:31:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Sound Forge Batch Process Jobs
[2011/05/30 16:07:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2011/05/30 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sony
[2011/05/30 16:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2011/05/30 16:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2011/05/30 16:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/05/30 16:03:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony
[2011/05/30 14:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wavpack4Wavelab6
[2011/05/30 08:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/30 08:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/30 08:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/05/30 08:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/05/30 08:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2011/05/30 08:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2011/05/30 08:13:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Qmmander_0.1.0-b1-8_12272010
[2011/05/30 01:29:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VST3 Presets
[2011/05/30 00:13:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Ahead
[2011/05/30 00:12:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\UltraExplorer
[2011/05/30 00:12:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraExplorer
[2011/05/30 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\UltraExplorer
[2011/05/29 23:53:26 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/05/29 23:47:06 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/05/29 23:45:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/05/29 23:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/05/29 23:43:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/05/29 23:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/05/29 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2011/05/29 23:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2011/05/29 23:41:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Windows Live
[2011/05/29 23:41:02 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/05/29 23:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/05/29 23:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/05/29 23:19:46 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/05/29 23:19:45 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/05/29 23:19:45 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/05/29 23:17:51 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/05/29 23:17:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/05/29 23:17:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/05/29 23:17:47 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/05/29 23:17:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/05/29 23:17:46 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/05/29 23:17:46 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/05/29 23:17:46 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/05/29 23:17:46 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/05/29 23:17:46 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/05/29 23:17:46 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/05/29 23:17:45 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/05/29 23:15:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/05/29 23:15:34 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/05/29 23:12:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/29 23:12:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/29 23:11:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/29 23:11:59 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/29 23:11:59 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/29 23:11:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/29 23:11:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/29 23:11:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/29 23:11:55 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/29 23:11:55 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/29 23:11:55 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/29 23:11:54 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/29 23:11:54 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/29 23:11:54 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/29 23:11:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/29 23:11:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/29 23:11:54 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/29 23:11:54 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/29 23:11:53 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/29 23:11:53 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/29 23:11:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/29 23:11:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/29 23:11:52 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/29 23:11:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/29 23:11:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/29 23:11:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/29 23:11:51 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/29 23:11:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/29 23:11:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/29 23:11:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/29 23:11:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/29 23:11:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/29 23:11:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/29 23:11:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/29 23:11:50 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/29 23:11:50 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/29 23:11:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/29 23:11:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/29 23:11:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/29 23:10:52 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/29 23:10:52 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/29 23:10:51 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/29 23:10:51 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/29 23:10:51 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/29 23:10:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/29 23:10:50 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/29 23:10:47 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/29 23:10:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/29 23:10:46 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/29 23:10:46 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/29 23:10:46 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/29 23:10:46 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/29 23:10:46 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/29 23:10:46 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/29 23:10:46 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/29 23:10:46 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/29 23:10:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/29 23:10:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/29 23:10:45 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/29 23:10:45 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/29 23:10:09 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/05/29 23:10:09 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/05/29 23:10:09 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/05/29 23:10:09 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/05/29 23:10:09 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/05/29 23:10:09 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/05/29 23:07:23 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/05/29 23:07:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/05/29 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/05/29 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/05/29 22:46:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/05/29 22:29:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/05/29 22:28:42 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/05/29 22:28:39 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/05/29 22:28:37 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2011/05/29 22:28:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2011/05/29 22:28:36 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/05/29 22:28:34 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/05/29 22:28:33 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/05/29 22:28:33 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/05/29 22:28:32 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/05/29 22:28:31 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2011/05/29 22:28:30 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/05/29 22:28:29 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2011/05/29 22:28:29 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2011/05/29 22:28:28 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/05/29 22:28:27 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/05/29 22:28:26 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/05/29 22:28:26 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/05/29 22:28:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/05/29 22:28:25 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/05/29 22:28:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/05/29 22:28:23 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/05/29 22:28:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011/05/29 22:28:22 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/05/29 22:28:22 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/05/29 22:28:22 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/05/29 22:28:21 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/05/29 22:28:21 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/05/29 22:28:20 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/05/29 22:28:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2011/05/29 22:28:20 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2011/05/29 22:28:20 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/05/29 22:28:19 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2011/05/29 22:28:18 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/05/29 22:28:17 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/05/29 22:28:16 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/05/29 22:28:16 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/05/29 22:28:16 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2011/05/29 22:28:16 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/05/29 22:28:15 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/05/29 22:28:15 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/05/29 22:28:15 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/05/29 22:28:15 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/05/29 22:28:15 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/05/29 22:28:14 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/05/29 22:28:14 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/05/29 22:28:14 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2011/05/29 22:28:13 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/05/29 22:28:12 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/05/29 22:28:12 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/05/29 22:28:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/05/29 22:28:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2011/05/29 22:28:12 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/05/29 22:28:11 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/05/29 22:28:11 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/05/29 22:28:11 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011/05/29 22:28:11 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/05/29 22:28:10 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/05/29 22:28:09 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2011/05/29 22:28:09 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/05/29 22:28:09 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/05/29 22:28:09 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/05/29 22:28:08 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/05/29 22:28:08 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2011/05/29 22:28:08 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/05/29 22:28:08 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/05/29 22:28:08 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/05/29 22:28:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/05/29 22:28:07 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/05/29 22:28:06 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011/05/29 22:28:06 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/05/29 22:28:06 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/05/29 22:28:06 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/05/29 22:28:06 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/05/29 22:28:06 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/05/29 22:28:06 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/05/29 22:28:05 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/05/29 22:28:04 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/05/29 22:28:04 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/05/29 22:28:04 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/05/29 22:28:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/05/29 22:28:03 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/05/29 22:28:03 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/05/29 22:28:03 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/05/29 22:28:03 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/05/29 22:28:03 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2011/05/29 22:28:01 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/05/29 22:28:01 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/05/29 22:28:01 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/05/29 22:28:01 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/05/29 22:28:01 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2011/05/29 22:28:00 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/05/29 22:28:00 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2011/05/29 22:27:59 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2011/05/29 22:27:59 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/05/29 22:27:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/05/29 22:27:58 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/05/29 22:27:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/05/29 22:27:58 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2011/05/29 22:27:58 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/05/29 22:27:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/05/29 22:27:57 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/05/29 22:27:57 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/05/29 22:27:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/05/29 22:27:57 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/05/29 22:27:56 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/05/29 22:27:55 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/05/29 22:27:55 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/05/29 22:27:55 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/05/29 22:27:55 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2011/05/29 22:27:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/05/29 22:27:55 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2011/05/29 22:27:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/05/29 22:27:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2011/05/29 22:27:54 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/05/29 22:27:54 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/05/29 22:27:54 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/05/29 22:27:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/05/29 22:27:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/05/29 22:27:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/05/29 22:27:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/05/29 22:27:54 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/05/29 22:27:53 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2011/05/29 22:27:53 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/05/29 22:27:53 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/05/29 22:27:53 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/05/29 22:27:53 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/05/29 22:27:53 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/05/29 22:27:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/05/29 22:27:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2011/05/29 22:27:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/05/29 22:27:53 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/05/29 22:27:53 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/05/29 22:27:52 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/05/29 22:27:52 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/05/29 22:27:52 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/05/29 22:27:52 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/05/29 22:27:52 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/29 22:27:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/05/29 22:27:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/05/29 22:27:52 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/05/29 22:27:52 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/05/29 22:27:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/05/29 22:27:51 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/05/29 22:27:51 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/05/29 22:27:51 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/05/29 22:27:51 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/05/29 22:27:51 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/05/29 22:27:50 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/05/29 22:27:50 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/05/29 22:27:50 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/05/29 22:27:50 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/05/29 22:27:50 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/05/29 22:27:50 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/05/29 22:27:50 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/05/29 22:27:50 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/05/29 22:27:49 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/05/29 22:27:49 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/05/29 22:27:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/05/29 22:27:49 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/05/29 22:27:49 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/05/29 22:27:49 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/05/29 22:27:49 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/05/29 22:27:49 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/05/29 22:27:48 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/05/29 22:27:48 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/05/29 22:27:48 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/05/29 22:27:47 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/05/29 22:27:47 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/05/29 22:27:47 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/05/29 22:27:47 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/05/29 22:27:47 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/05/29 22:27:47 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/05/29 22:27:47 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/05/29 22:27:47 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/05/29 22:27:47 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/05/29 22:27:47 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011/05/29 22:27:47 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/05/29 22:27:46 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/05/29 22:27:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/05/29 22:27:46 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/05/29 22:27:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/05/29 22:27:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/05/29 22:27:46 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/05/29 22:27:46 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/05/29 22:27:46 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/05/29 22:27:45 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/05/29 22:27:45 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/05/29 22:27:45 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/05/29 22:27:45 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/05/29 22:27:45 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/05/29 22:27:45 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/05/29 22:27:45 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2011/05/29 22:27:45 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/05/29 22:27:45 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/05/29 22:27:45 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/05/29 22:27:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2011/05/29 22:27:44 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/05/29 22:27:44 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/05/29 22:27:44 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/05/29 22:27:44 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/05/29 22:27:44 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/05/29 22:27:44 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/05/29 22:27:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/05/29 22:27:44 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/05/29 22:27:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/05/29 22:27:43 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/05/29 22:27:43 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/05/29 22:27:43 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/05/29 22:27:43 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/05/29 22:27:43 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/05/29 22:27:43 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/05/29 22:27:43 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/05/29 22:27:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/05/29 22:27:43 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/05/29 22:27:43 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/05/29 22:27:43 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/05/29 22:27:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2011/05/29 22:27:42 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/05/29 22:27:42 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/05/29 22:27:42 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/05/29 22:27:42 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/05/29 22:27:42 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2011/05/29 22:27:42 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/05/29 22:27:42 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/05/29 22:27:42 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/05/29 22:27:42 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/05/29 22:27:42 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/05/29 22:27:42 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/05/29 22:27:42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/05/29 22:27:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/05/29 22:27:42 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/05/29 22:27:41 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/05/29 22:27:41 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/05/29 22:27:41 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/05/29 22:27:41 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/05/29 22:27:41 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2011/05/29 22:27:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/05/29 22:27:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/05/29 22:27:40 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/05/29 22:27:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/05/29 22:27:40 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/05/29 22:27:40 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/05/29 22:27:40 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/05/29 22:27:40 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2011/05/29 22:27:40 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2011/05/29 22:27:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/05/29 22:27:40 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/05/29 22:27:40 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/05/29 22:27:39 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/05/29 22:27:39 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/05/29 22:27:39 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/05/29 22:27:39 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/05/29 22:27:39 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/05/29 22:27:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2011/05/29 22:27:38 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/05/29 22:27:38 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/05/29 22:27:38 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/05/29 22:27:38 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/05/29 22:27:38 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/05/29 22:27:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/05/29 22:27:38 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2011/05/29 22:27:37 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/05/29 22:27:37 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/05/29 22:27:37 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/05/29 22:27:37 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/05/29 22:27:37 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/05/29 22:27:37 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/05/29 22:27:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/05/29 22:27:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/05/29 22:27:37 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/05/29 22:27:37 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/05/29 22:27:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/05/29 22:27:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/05/29 22:27:37 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/05/29 22:27:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/05/29 22:27:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/05/29 22:27:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/05/29 22:27:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/05/29 22:27:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/05/29 22:27:36 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/05/29 22:27:36 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/05/29 22:27:36 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/05/29 22:27:36 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/05/29 22:27:36 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/05/29 22:27:36 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/05/29 22:27:36 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/05/29 22:27:36 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/05/29 22:27:36 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/05/29 22:27:36 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/05/29 22:27:36 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/05/29 22:27:36 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2011/05/29 22:27:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/05/29 22:27:36 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2011/05/29 22:27:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2011/05/29 22:27:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2011/05/29 22:27:35 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/05/29 22:27:35 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/05/29 22:27:35 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/05/29 22:27:35 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/05/29 22:27:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/05/29 22:27:35 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/05/29 22:27:35 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/05/29 22:27:35 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/05/29 22:27:35 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/05/29 22:27:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2011/05/29 22:27:35 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/05/29 22:27:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/05/29 22:27:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/05/29 22:27:35 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/05/29 22:27:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/05/29 22:27:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/05/29 22:27:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/05/29 22:27:34 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/05/29 22:27:34 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/05/29 22:27:34 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/05/29 22:27:34 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/05/29 22:27:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011/05/29 22:27:34 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/05/29 22:27:34 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/05/29 22:27:34 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/05/29 22:27:34 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/05/29 22:27:34 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/05/29 22:27:34 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/05/29 22:27:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/05/29 22:27:33 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/05/29 22:27:33 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/05/29 22:27:33 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/05/29 22:27:33 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/05/29 22:27:33 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/05/29 22:27:33 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/05/29 22:27:33 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/05/29 22:27:33 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/05/29 22:27:33 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/05/29 22:27:32 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/05/29 22:27:32 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/05/29 22:27:32 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/05/29 22:27:32 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/05/29 22:27:32 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/05/29 22:27:32 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/05/29 22:27:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/05/29 22:27:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/05/29 22:27:32 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/05/29 22:27:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/05/29 22:27:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/05/29 22:27:32 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/05/29 22:27:32 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/05/29 22:27:31 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/05/29 22:27:31 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/05/29 22:27:31 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/05/29 22:27:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/05/29 22:27:31 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/05/29 22:27:31 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/05/29 22:27:31 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/05/29 22:27:31 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/05/29 22:27:31 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/05/29 22:27:31 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/05/29 22:27:31 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/05/29 22:27:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/05/29 22:27:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/05/29 22:27:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2011/05/29 22:27:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/05/29 22:27:31 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2011/05/29 22:27:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/05/29 22:27:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/05/29 22:27:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2011/05/29 22:27:30 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/05/29 22:27:30 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/05/29 22:27:30 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/05/29 22:27:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/05/29 22:27:30 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/05/29 22:27:30 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/05/29 22:27:30 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/05/29 22:27:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/05/29 22:27:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/05/29 22:27:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/05/29 22:27:30 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/05/29 22:27:30 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2011/05/29 22:27:30 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/05/29 22:27:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/05/29 22:27:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2011/05/29 22:27:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2011/05/29 22:27:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/05/29 22:27:29 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/05/29 22:27:29 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/05/29 22:27:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/05/29 22:27:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/05/29 22:27:29 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/05/29 22:27:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/05/29 22:27:29 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2011/05/29 22:27:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2011/05/29 22:27:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/05/29 22:27:29 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/05/29 22:27:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/05/29 22:27:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/05/29 22:27:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2011/05/29 22:27:28 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/05/29 22:27:28 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/05/29 22:27:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/05/29 22:27:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/05/29 22:27:28 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/29 22:27:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/05/29 22:27:28 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/05/29 22:27:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/05/29 22:27:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/05/29 22:27:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2011/05/29 22:27:21 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/05/29 22:27:20 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/05/29 22:27:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/05/29 22:27:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/05/29 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/05/29 21:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/05/29 21:19:32 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/05/29 21:19:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/05/29 20:31:34 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/05/29 20:28:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/05/29 20:28:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/05/29 20:27:55 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/05/29 20:27:55 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/05/29 20:27:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/05/29 20:27:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/05/29 20:27:55 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/05/29 20:27:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/05/29 20:27:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/05/29 20:27:54 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/05/29 20:27:54 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/05/29 20:27:54 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/05/29 20:27:51 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/05/29 20:27:51 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/05/29 20:27:51 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/05/29 20:27:51 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/05/29 20:27:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/05/29 20:27:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/05/29 20:27:27 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/05/29 20:27:12 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/05/29 20:27:01 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/29 20:27:00 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/29 20:26:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/05/29 20:26:48 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/05/29 20:26:43 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/05/29 20:26:41 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/05/29 20:26:40 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/05/29 20:26:25 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/05/29 20:26:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/05/29 20:26:24 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/05/29 20:26:24 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/05/29 20:26:18 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/29 20:26:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/05/29 20:26:17 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/05/29 20:26:15 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/05/29 20:26:14 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/05/29 20:26:13 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/05/29 20:26:12 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/05/29 20:26:12 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/05/29 20:26:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/05/29 20:26:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/05/29 20:26:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/05/29 20:26:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/05/29 20:26:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/05/29 20:25:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/05/29 20:25:12 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/05/29 20:25:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/05/29 20:25:11 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/05/29 20:25:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/05/29 20:20:53 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/05/29 19:51:52 | 002,513,432 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\pcifmdio.dll
[2011/05/29 19:51:52 | 000,727,560 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\DeltaIICpl.exe
[2011/05/29 19:51:52 | 000,297,992 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\drivers\deltaII.sys
[2011/05/29 19:51:52 | 000,026,632 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\DeltaII.cpl
[2011/05/29 19:51:52 | 000,025,096 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\deltaIIasio.dll
[2011/05/29 19:51:52 | 000,021,000 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\DeltaIIpnl.dll
[2011/05/29 19:51:52 | 000,012,296 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\deltaIICoIn.dll
[2011/05/29 19:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2011/05/29 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2011/05/29 19:51:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2011/05/29 18:34:38 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/05/29 18:12:05 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2011/05/29 18:11:53 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2011/05/29 18:11:50 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2011/05/29 18:11:50 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/05/29 18:11:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/05/29 18:11:47 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/05/29 18:11:46 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/05/29 18:11:44 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2011/05/29 18:11:40 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2011/05/29 18:11:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/05/29 18:11:38 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2011/05/29 18:11:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2011/05/29 18:11:36 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011/05/29 18:11:33 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/05/29 18:11:30 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/05/29 18:11:30 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2011/05/29 18:11:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2011/05/29 18:11:30 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2011/05/29 18:11:27 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2011/05/29 18:11:27 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2011/05/29 18:11:24 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2011/05/29 18:11:23 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2011/05/29 18:11:22 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/05/29 18:11:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2011/05/29 18:11:21 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/05/29 18:11:18 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/05/29 18:11:18 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2011/05/29 18:11:17 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/05/29 18:11:16 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2011/05/29 18:11:16 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2011/05/29 18:11:15 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011/05/29 18:11:15 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/05/29 18:11:14 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/05/29 18:11:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/05/29 18:11:14 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2011/05/29 18:11:13 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/05/29 18:11:12 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2011/05/29 18:11:12 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011/05/29 18:11:11 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011/05/29 18:11:11 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2011/05/29 18:11:10 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/05/29 18:11:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2011/05/29 18:11:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/05/29 18:11:09 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2011/05/29 18:11:09 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/05/29 18:11:08 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/05/29 18:11:07 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2011/05/29 18:11:06 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/05/29 18:11:06 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2011/05/29 18:11:04 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2011/05/29 18:11:03 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2011/05/29 18:11:03 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2011/05/29 18:11:02 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/05/29 18:11:01 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2011/05/29 18:11:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2011/05/29 18:11:01 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011/05/29 18:11:00 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/05/29 18:11:00 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/05/29 18:10:59 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/05/29 18:10:59 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/05/29 18:10:59 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2011/05/29 18:10:59 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2011/05/29 18:10:59 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2011/05/29 18:10:58 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/05/29 18:10:58 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/05/29 18:10:58 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/05/29 18:10:58 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetcfg.dll
[2011/05/29 18:10:58 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/05/29 18:10:57 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2011/05/29 18:10:57 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2011/05/29 18:10:57 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/05/29 18:10:57 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/05/29 18:10:56 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2011/05/29 18:10:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/05/29 18:10:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/05/29 18:10:56 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/05/29 18:10:56 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2011/05/29 18:10:55 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/05/29 18:10:55 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/05/29 18:10:55 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/05/29 18:10:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/05/29 18:10:54 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/05/29 18:10:54 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/05/29 18:10:54 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/05/29 18:10:53 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/05/29 18:10:53 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2011/05/29 18:10:53 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/05/29 18:10:53 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2011/05/29 18:10:52 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/05/29 18:10:52 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/05/29 18:10:51 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/05/29 18:10:51 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011/05/29 18:10:49 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/05/29 18:10:49 | 000,155,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
[2011/05/29 18:10:49 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/05/29 18:10:48 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2011/05/29 18:10:48 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2011/05/29 18:10:48 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011/05/29 18:10:48 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2011/05/29 18:10:48 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/05/29 18:10:47 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/05/29 18:10:47 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/05/29 18:10:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/05/29 18:10:46 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrvut.dll
[2011/05/29 18:10:46 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/05/29 18:10:46 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/05/29 18:10:45 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/05/29 18:10:45 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/05/29 18:10:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/05/29 18:10:44 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/05/29 18:10:44 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/05/29 18:10:43 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2011/05/29 18:10:43 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\catsrv.dll
[2011/05/29 18:10:43 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2011/05/29 18:10:43 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011/05/29 18:10:43 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/05/29 18:10:43 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/05/29 18:10:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2011/05/29 18:10:42 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/05/29 18:10:42 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/05/29 18:10:42 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/05/29 18:10:41 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/05/29 18:10:41 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/05/29 18:10:41 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2011/05/29 18:10:41 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/05/29 18:10:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
[2011/05/29 18:10:40 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2011/05/29 18:10:40 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2011/05/29 18:10:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011/05/29 18:10:39 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hhctrl.ocx
[2011/05/29 18:10:39 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/05/29 18:10:39 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/05/29 18:10:38 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2011/05/29 18:10:38 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2011/05/29 18:10:38 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2011/05/29 18:10:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/05/29 18:10:38 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/05/29 18:10:38 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2011/05/29 18:10:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2011/05/29 18:10:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/05/29 18:10:38 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
[2011/05/29 18:10:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2011/05/29 18:10:37 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/05/29 18:10:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2011/05/29 18:10:36 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2011/05/29 18:10:36 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/05/29 18:10:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/05/29 18:10:35 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/05/29 18:10:35 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2011/05/29 18:10:35 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/05/29 18:10:34 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2011/05/29 18:10:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/05/29 18:10:34 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbmon.dll
[2011/05/29 18:10:34 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2011/05/29 18:10:33 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2011/05/29 18:10:33 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/05/29 18:10:33 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2011/05/29 18:10:33 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/05/29 18:10:33 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2011/05/29 18:10:33 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2011/05/29 18:10:32 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/05/29 18:10:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
[2011/05/29 18:10:32 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2011/05/29 18:10:32 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxoci.dll
[2011/05/29 18:10:32 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/05/29 18:10:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/05/29 18:10:31 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/05/29 18:10:31 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/05/29 18:10:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/05/29 18:10:31 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2011/05/29 18:10:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2011/05/29 18:10:31 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2011/05/29 18:10:31 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2011/05/29 18:10:30 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2011/05/29 18:10:30 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2011/05/29 18:10:30 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
[2011/05/29 18:10:30 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2011/05/29 18:10:30 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/05/29 18:10:29 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
[2011/05/29 18:10:29 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2011/05/29 18:10:29 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2011/05/29 18:10:29 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasqec.dll
[2011/05/29 18:10:29 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncobjapi.dll
[2011/05/29 18:10:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011/05/29 18:10:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/05/29 18:10:28 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/05/29 18:10:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/05/29 18:10:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011/05/29 18:10:27 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2011/05/29 18:10:27 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/05/29 18:10:27 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/05/29 18:10:26 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2011/05/29 18:10:26 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/05/29 18:10:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/05/29 18:10:26 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2011/05/29 18:10:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2011/05/29 18:10:25 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/05/29 18:10:25 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2011/05/29 18:10:23 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2011/05/29 18:10:23 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2011/05/29 18:10:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2011/05/29 18:10:22 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2011/05/29 18:10:22 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2011/05/29 18:10:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2011/05/29 18:10:22 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/05/29 18:10:22 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/05/29 18:10:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/05/29 18:10:21 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2011/05/29 18:10:21 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2011/05/29 18:10:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2011/05/29 18:10:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
[2011/05/29 18:10:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/05/29 18:10:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2011/05/29 18:10:20 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/05/29 18:10:20 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2011/05/29 18:10:20 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2011/05/29 18:10:20 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2011/05/29 18:10:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/05/29 18:10:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/05/29 18:10:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2011/05/29 18:10:20 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/05/29 18:10:20 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/05/29 18:10:20 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/05/29 18:10:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011/05/29 18:10:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/05/29 18:10:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/05/29 18:10:19 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/05/29 18:10:19 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/05/29 18:10:19 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2011/05/29 18:10:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2011/05/29 18:10:19 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2011/05/29 18:10:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/05/29 18:10:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2011/05/29 18:10:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2011/05/29 18:10:18 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2011/05/29 18:10:18 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2011/05/29 18:10:18 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/05/29 18:10:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2011/05/29 18:10:18 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2011/05/29 18:10:17 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2011/05/29 18:10:17 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/05/29 18:10:17 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/05/29 18:10:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/05/29 18:10:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2011/05/29 18:10:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/05/29 18:10:17 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2011/05/29 18:10:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/05/29 18:10:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2011/05/29 18:10:16 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2011/05/29 18:10:16 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/05/29 18:10:16 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/05/29 18:10:16 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/05/29 18:10:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2011/05/29 18:10:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/05/29 18:10:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2011/05/29 18:10:16 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/05/29 18:10:16 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2011/05/29 18:10:16 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/05/29 18:10:16 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/05/29 18:10:16 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/05/29 18:10:16 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/05/29 18:10:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/05/29 18:10:15 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2011/05/29 18:10:15 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2011/05/29 18:10:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/05/29 18:10:15 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/05/29 18:10:15 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/05/29 18:10:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/05/29 18:10:15 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/05/29 18:10:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/05/29 18:10:14 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2011/05/29 18:10:14 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/05/29 18:10:14 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2011/05/29 18:10:14 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/05/29 18:10:14 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/05/29 18:10:14 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2011/05/29 18:10:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2011/05/29 18:10:14 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2011/05/29 18:10:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/05/29 18:10:14 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2011/05/29 18:10:14 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2011/05/29 18:10:14 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/05/29 18:10:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2011/05/29 18:10:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2011/05/29 18:10:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2011/05/29 18:10:13 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2011/05/29 18:10:13 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2011/05/29 18:10:13 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/05/29 18:10:13 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2011/05/29 18:10:13 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/05/29 18:10:13 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/05/29 18:10:13 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/05/29 18:10:13 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2011/05/29 18:10:13 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/05/29 18:10:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2011/05/29 18:10:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
[2011/05/29 18:10:13 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2011/05/29 18:10:13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/05/29 18:10:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/05/29 18:10:13 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2011/05/29 18:10:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/05/29 18:10:13 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/05/29 18:10:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2011/05/29 18:10:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2011/05/29 18:10:12 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/05/29 18:10:12 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/05/29 18:10:12 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/05/29 18:10:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2011/05/29 18:10:12 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2011/05/29 18:10:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/05/29 18:10:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/05/29 18:10:12 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2011/05/29 18:10:12 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2011/05/29 18:10:12 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2011/05/29 18:10:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2011/05/29 18:10:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2011/05/29 18:10:11 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2011/05/29 18:10:11 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2011/05/29 18:10:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2011/05/29 18:10:11 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2011/05/29 18:10:11 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/05/29 18:10:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2011/05/29 18:10:11 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011/05/29 18:10:11 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/05/29 18:10:11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2011/05/29 18:10:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2011/05/29 18:10:10 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2011/05/29 18:10:10 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2011/05/29 18:10:10 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2011/05/29 18:10:10 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/05/29 18:10:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/05/29 18:10:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/05/29 18:10:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/05/29 18:10:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2011/05/29 18:10:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2011/05/29 18:10:10 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/05/29 18:10:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2011/05/29 18:10:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2011/05/29 18:10:09 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2011/05/29 18:10:09 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/05/29 18:10:09 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/05/29 18:10:09 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2011/05/29 18:10:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/05/29 18:10:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/05/29 18:10:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/05/29 18:10:09 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2011/05/29 18:10:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2011/05/29 18:10:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/05/29 18:10:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2011/05/29 18:10:08 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2011/05/29 18:10:08 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2011/05/29 18:10:08 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2011/05/29 18:10:08 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2011/05/29 18:10:08 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/05/29 18:10:08 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2011/05/29 18:10:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colbact.dll
[2011/05/29 18:10:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2011/05/29 18:10:08 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/05/29 18:10:08 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2011/05/29 18:10:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/05/29 18:10:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2011/05/29 18:10:08 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/05/29 18:10:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/05/29 18:10:07 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/05/29 18:10:07 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2011/05/29 18:10:07 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/05/29 18:10:07 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/05/29 18:10:07 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2011/05/29 18:10:07 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2011/05/29 18:10:07 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2011/05/29 18:10:07 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/05/29 18:10:07 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/05/29 18:10:07 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/05/29 18:10:07 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/05/29 18:10:07 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2011/05/29 18:10:07 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2011/05/29 18:10:07 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/05/29 18:10:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2011/05/29 18:10:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/05/29 18:10:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/05/29 18:10:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/05/29 18:10:06 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/05/29 18:10:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/05/29 18:10:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/05/29 18:10:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/05/29 18:10:06 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2011/05/29 18:10:05 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/05/29 18:10:05 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2011/05/29 18:10:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/05/29 18:10:05 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2011/05/29 18:10:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/05/29 18:10:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2011/05/29 18:10:05 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2011/05/29 18:10:05 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/05/29 18:10:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2011/05/29 18:10:05 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2011/05/29 18:10:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2011/05/29 18:10:04 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/05/29 18:10:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2011/05/29 18:10:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/05/29 18:10:03 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2011/05/29 18:10:03 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/05/29 18:10:03 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2011/05/29 18:10:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2011/05/29 18:10:03 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/05/29 18:10:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2011/05/29 18:10:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2011/05/29 18:10:03 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/05/29 18:10:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/05/29 18:10:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/05/29 18:10:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/05/29 18:10:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2011/05/29 18:10:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2011/05/29 18:10:03 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2011/05/29 18:10:02 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2011/05/29 18:10:02 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2011/05/29 18:10:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2011/05/29 18:10:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/05/29 18:10:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/05/29 18:10:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2011/05/29 18:10:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/05/29 18:10:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2011/05/29 18:10:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/05/29 18:10:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/05/29 18:10:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/05/29 18:10:02 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2011/05/29 18:10:02 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/05/29 18:10:02 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2011/05/29 18:10:01 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2011/05/29 18:10:01 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2011/05/29 18:10:01 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2011/05/29 18:10:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/05/29 18:10:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/05/29 18:10:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2011/05/29 18:10:01 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2011/05/29 18:10:01 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2011/05/29 18:10:01 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3dlg.dll
[2011/05/29 18:10:01 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2011/05/29 18:10:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2011/05/29 18:10:01 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2011/05/29 18:10:01 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2011/05/29 18:10:01 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/05/29 18:10:01 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2011/05/29 18:10:01 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/05/29 18:10:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2011/05/29 18:10:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/05/29 18:10:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2011/05/29 18:10:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/05/29 18:10:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2011/05/29 18:10:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2011/05/29 18:10:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfcsubs.dll
[2011/05/29 18:09:59 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2011/05/29 18:09:59 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/05/29 18:09:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/05/29 18:09:59 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2011/05/29 18:09:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/05/29 18:09:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/05/29 18:09:59 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/05/29 18:09:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/05/29 18:09:59 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2011/05/29 18:09:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcbcp.dll
[2011/05/29 18:09:59 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/05/29 18:09:59 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2011/05/29 18:09:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
[2011/05/29 18:09:59 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2011/05/29 18:09:58 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/05/29 18:09:58 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2011/05/29 18:09:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2011/05/29 18:09:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2011/05/29 18:09:58 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2011/05/29 18:09:58 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2011/05/29 18:09:58 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psbase.dll
[2011/05/29 18:09:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2011/05/29 18:09:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2011/05/29 18:09:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/05/29 18:09:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/05/29 18:09:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/05/29 18:09:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/05/29 18:09:57 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/05/29 18:09:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2011/05/29 18:09:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2011/05/29 18:09:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/05/29 18:09:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2011/05/29 18:09:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2011/05/29 18:09:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/05/29 18:09:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
[2011/05/29 18:09:57 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2011/05/29 18:09:56 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/05/29 18:09:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/05/29 18:09:56 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/05/29 18:09:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2011/05/29 18:09:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2011/05/29 18:09:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/05/29 18:09:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011/05/29 18:09:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2011/05/29 18:09:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/05/29 18:09:56 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/05/29 18:09:56 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2011/05/29 18:09:55 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2011/05/29 18:09:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2011/05/29 18:09:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2011/05/29 18:09:54 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/05/29 18:09:54 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2011/05/29 18:09:54 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2011/05/29 18:09:54 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/05/29 18:09:54 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2011/05/29 18:09:53 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2011/05/29 18:09:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2011/05/29 18:09:52 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2011/05/29 18:09:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2011/05/29 18:09:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2011/05/29 18:09:51 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/05/29 18:09:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2011/05/29 18:09:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2011/05/29 18:09:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2011/05/29 18:09:50 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidle.dll
[2011/05/29 18:09:50 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/05/29 18:09:49 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2011/05/29 18:09:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2011/05/29 18:09:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2011/05/29 18:09:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2011/05/29 18:09:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2011/05/29 18:09:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2011/05/29 18:09:47 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2011/05/29 18:09:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2011/05/29 18:09:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2011/05/29 18:09:47 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2011/05/29 18:09:47 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/29 18:09:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2011/05/29 18:09:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/05/29 18:09:46 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2011/05/29 18:09:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2011/05/29 18:09:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2011/05/29 18:09:23 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/05/29 18:09:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2011/05/29 18:09:20 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/05/29 18:09:09 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2011/05/29 18:09:09 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/05/29 18:09:09 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspatcha.dll
[2011/05/29 11:05:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\iZotope
[2011/05/29 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2011/05/29 03:36:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2011/05/28 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Additional Content
[2011/05/28 18:06:17 | 002,395,648 | ---- | C] (AD © 2009) -- C:\Windows\System32\SYNSOEMU.DLL
[2011/05/28 18:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2011/05/28 18:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2011/05/28 17:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Steinberg
[2011/05/28 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2011/05/28 17:11:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iZotope
[2011/05/28 16:38:30 | 000,014,568 | ---- | C] (MaxiVista) -- C:\Windows\System32\drivers\mvCmdemo.SYS
[2011/05/28 16:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MaxiVista Demo Server
[2011/05/28 16:37:56 | 000,024,168 | ---- | C] (Maxivsta) -- C:\Windows\System32\mvvideodemo.dll
[2011/05/28 16:37:56 | 000,013,160 | ---- | C] (MaxiVista) -- C:\Windows\System32\drivers\mvvideodemo.sys
[2011/05/28 16:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\MaxiVista Demo Server
[2011/05/28 12:33:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/05/28 00:53:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2011/05/28 00:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\JAM Software
[2011/05/27 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\u-he
[2011/05/27 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\u-he
[2011/05/27 12:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2011/05/27 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Ableton
[2011/05/27 12:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/05/27 12:41:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Thinstall
[2011/05/27 03:35:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{05835455-7C7C-4AA0-A7A0-63D407FC9E17}
[2011/05/27 03:34:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}
[2011/05/27 00:56:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}
[2011/05/26 23:00:13 | 000,301,528 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/26 23:00:13 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/26 23:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011/05/26 23:00:12 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/26 23:00:12 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/26 23:00:12 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/26 23:00:12 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/26 23:00:01 | 000,190,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/26 23:00:01 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/26 22:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/26 22:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/26 22:59:27 | 000,000,000 | ---D | C] -- C:\TEMP
[2011/05/26 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2011/05/26 20:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Universal Extractor
[2011/05/26 12:04:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5E4CAE11-3142-4132-BACC-8515F1910998}
[2011/05/26 12:01:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2011/05/26 12:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2011/05/25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2011/05/25 14:41:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
[2011/05/25 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
[2011/05/25 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Native Instruments
[2011/05/25 14:21:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Native Instruments
[2011/05/25 13:56:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Absynth Sounds Vol. 1
[2011/05/25 13:35:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Music Production
[2011/05/25 13:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{29CF7310-A1F2-43D3-9CA5-BAF68DCAEDC1}
[2011/05/25 09:53:05 | 001,431,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/05/25 09:39:10 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Administrator\Desktop\ATF_Cleaner.exe
[2011/05/25 02:18:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Spectrasonics
[2011/05/25 01:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2011/05/25 01:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spectrasonics
[2011/05/24 20:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011/05/24 20:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011/05/24 20:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011/05/24 17:40:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2011/05/24 17:40:16 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2011/05/24 17:39:33 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2011/05/24 17:39:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Image-Line
[2011/05/24 17:39:23 | 001,554,944 | ---- | C] (HMS http://hp.vector.co....thors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2011/05/24 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2011/05/24 17:39:20 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2011/05/24 17:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2011/05/24 13:34:27 | 000,000,000 | -H-D | C] -- C:\tempintfiles
[2011/05/24 10:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/05/24 10:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/05/21 23:37:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\SH5
[2011/05/21 22:26:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Ubisoft Game Launcher
[2011/05/21 17:11:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Laconic Software
[2011/05/21 11:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Sexy Anime Girls
[2011/05/21 11:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beautiful Nature
[2011/05/21 11:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScreenSaverGift
[2011/05/21 10:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/05/21 10:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2011/05/21 00:48:25 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2011/05/21 00:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2011/05/21 00:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2011/05/21 00:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Franzis
[2011/05/20 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011/05/20 13:30:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Sonalysts Combat Simulations
[2011/05/20 13:11:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\GAME INSTALLS
[2011/05/20 11:04:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Mount&Blade With Fire and Sword
[2011/05/20 11:04:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/05/20 11:03:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2011/05/20 11:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade With Fire and Sword
[2011/05/20 11:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mount&Blade With Fire and Sword
[2011/05/20 08:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2011/05/20 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sports Interactive
[2011/05/20 08:22:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2011/05/20 08:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sports Interactive
[2011/05/20 08:18:47 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\InstallAnywhere
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaaTec
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MaaTec
[2011/05/19 22:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\MaaTec
[2011/05/19 21:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/05/19 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Amnesia
[2011/05/19 08:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent
[2011/05/19 08:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Amnesia - The Dark Descent
[2011/05/18 20:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011/05/18 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\microsoft
[2011/05/18 20:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011/05/18 20:30:49 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll
[2011/05/18 20:30:48 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011/05/18 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2011/05/18 20:30:43 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/05/18 20:30:43 | 000,109,144 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/05/18 20:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2011/05/18 20:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011/05/18 20:28:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011/05/18 20:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011/05/18 20:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2011/05/18 18:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Radialpoint
[2011/05/18 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DAEMON Tools Images
[2011/05/18 13:06:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
[2011/05/18 12:22:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/18 12:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/18 12:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/18 00:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2011/05/16 13:55:48 | 000,000,000 | ---D | C] -- C:\ubuntu
[2011/05/15 15:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2011/05/15 15:19:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/05/15 15:01:43 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2011/05/15 15:01:43 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2011/05/15 15:01:43 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2011/05/15 15:01:43 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2011/05/15 15:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011/05/15 15:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/05/15 15:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/05/15 15:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2011/05/15 12:23:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PackageAware
[2011/05/15 10:22:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/05/15 02:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/05/14 17:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011/05/14 17:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2011/05/14 17:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/14 17:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/05/14 17:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/05/14 17:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus Pro
[2011/05/14 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/05/14 17:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/05/14 17:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/14 16:32:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Vuze Downloads
[2011/05/14 16:22:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/05/14 16:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/05/14 16:21:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2011/05/14 10:50:19 | 000,758,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\cohelper.dll
[2011/05/14 10:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/05/14 10:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/05/14 10:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/05/14 10:29:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/05/14 10:26:45 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/05/14 10:26:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2011/05/14 10:25:18 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/05/14 10:25:18 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/05/14 10:25:18 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/05/14 10:25:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/05/14 10:25:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/05/14 10:25:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/05/14 10:25:18 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/05/14 10:23:32 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/05/14 10:23:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/05/14 10:23:31 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/05/14 10:23:31 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/05/14 10:23:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/05/14 10:22:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/05/14 10:22:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/05/14 10:20:35 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/05/14 10:20:34 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/05/14 10:20:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/05/14 10:20:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/05/14 10:14:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/05/14 10:14:56 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/05/14 10:13:36 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/05/14 10:11:26 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/05/14 10:09:17 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/05/14 10:07:19 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/05/14 10:05:38 | 001,793,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2011/05/14 10:05:37 | 001,808,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2011/05/14 10:05:37 | 001,782,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2011/05/14 10:05:37 | 001,558,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2011/05/14 10:05:37 | 001,411,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2011/05/14 10:05:37 | 001,236,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2011/05/14 10:05:36 | 007,964,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2011/05/14 10:05:36 | 005,499,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2011/05/14 10:05:36 | 002,136,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2011/05/14 10:05:35 | 006,224,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2011/05/14 10:05:35 | 005,791,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2011/05/14 10:05:34 | 004,981,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2011/05/14 10:05:34 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2011/05/14 10:05:34 | 003,331,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2011/05/14 10:05:34 | 002,466,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2011/05/14 10:05:33 | 006,781,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2011/05/14 10:05:32 | 011,722,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2011/05/14 10:05:32 | 004,164,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2011/05/14 10:05:32 | 001,452,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2011/05/14 10:05:30 | 004,093,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2011/05/14 10:05:30 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2011/05/14 10:05:30 | 001,702,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2011/05/14 10:05:29 | 006,014,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2011/05/14 10:05:29 | 004,045,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2011/05/14 10:05:29 | 001,972,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2011/05/14 10:05:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2011/05/14 10:05:28 | 006,585,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2011/05/14 10:05:28 | 006,346,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2011/05/14 10:05:27 | 009,892,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2011/05/14 10:05:27 | 006,237,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2011/05/14 10:05:26 | 005,654,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2011/05/14 10:05:26 | 001,722,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2011/05/14 10:05:25 | 004,616,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2011/05/14 10:05:24 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2011/05/14 10:05:24 | 005,031,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2011/05/14 10:05:23 | 007,042,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2011/05/14 10:05:23 | 005,071,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2011/05/14 10:05:23 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2011/05/14 10:05:21 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2011/05/14 10:05:21 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2011/05/14 10:05:21 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2011/05/14 10:05:21 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2011/05/14 10:05:20 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2011/05/14 10:05:20 | 003,466,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2011/05/14 10:05:20 | 002,657,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2011/05/14 10:05:20 | 001,966,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2011/05/14 10:05:19 | 004,497,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2011/05/14 10:05:19 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2011/05/14 10:05:19 | 001,523,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2011/05/14 10:05:18 | 004,875,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2011/05/14 10:05:18 | 002,599,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2011/05/14 10:05:18 | 002,243,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2011/05/14 10:05:18 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2011/05/14 10:05:18 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2011/05/14 10:05:16 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2011/05/14 10:05:16 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2011/05/14 10:05:16 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2011/05/14 10:05:16 | 001,801,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2011/05/14 10:05:15 | 009,847,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2011/05/14 10:05:15 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2011/05/14 10:05:14 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2011/05/14 10:05:14 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2011/05/14 10:05:14 | 002,643,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2011/05/14 10:05:14 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2011/05/14 10:05:14 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2011/05/14 10:05:13 | 004,495,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2011/05/14 10:05:13 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2011/05/14 10:05:12 | 006,917,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2011/05/14 10:05:12 | 001,965,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2011/05/14 10:03:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/05/14 10:02:45 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\telnet.exe
[2011/05/14 10:02:07 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/05/14 10:02:07 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/05/14 10:00:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/05/14 09:59:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/05/14 09:59:03 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/05/14 09:58:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/05/14 09:58:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/05/14 09:58:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/05/14 09:58:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/05/14 09:58:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/05/14 09:58:22 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/05/14 09:58:21 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/05/14 09:58:21 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/05/14 09:58:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/05/14 09:58:21 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/05/14 09:58:21 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/05/14 09:58:21 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/05/14 09:58:21 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/05/14 09:58:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/05/14 09:55:05 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/05/14 09:54:23 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/05/14 09:54:23 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/05/14 09:53:32 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/05/14 09:53:27 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/05/14 09:52:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/05/14 09:52:49 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/05/14 09:52:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/05/14 09:52:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/05/14 09:52:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/05/14 09:52:39 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/05/14 09:52:27 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/05/12 11:06:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.thumbnails
[2011/05/08 21:02:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon
[2011/05/08 04:22:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\COD
[2011/05/07 15:08:01 | 000,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/05/07 15:08:01 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/05/07 15:08:01 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011/05/07 15:08:01 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/05/07 01:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2011/05/07 01:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/05/07 01:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/05/07 01:43:32 | 000,000,000 | ---D | C] -- C:\ATI
[2011/05/07 00:58:56 | 000,097,792 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys
[2011/05/06 12:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2011/05/06 12:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2011/05/05 15:18:06 | 002,277,376 | ---- | C] (Topala Software Solutions) -- C:\Users\Administrator\Desktop\siw.exe
[2011/05/05 15:13:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Scripts
[2011/05/05 11:11:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/05 10:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/05 10:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/05/04 23:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/04 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\Phyxion.net
[2011/05/04 14:05:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\ATI Drivers
[2011/05/04 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phyxion.net
[2011/05/01 22:21:50 | 000,021,992 | ---- | C] (CPUID) -- C:\Windows\System32\drivers\cpuz135_x32.sys
[2011/05/01 22:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2011/05/01 22:21:50 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/05/01 17:19:03 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2011/05/01 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2011/05/01 15:03:53 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/05/01 15:03:53 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/05/01 15:03:53 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/05/01 15:00:40 | 000,037,944 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdiox86.sys
[2011/05/01 14:43:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\RadeonPro Benchmarks

========== Files - Modified Within 30 Days ==========

[2011/05/30 19:09:59 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{04BF8757-0A75-4F0E-9EAC-CEAD1E76BB4D}.job
[2011/05/30 19:06:19 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011/05/30 19:04:44 | 000,609,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/30 19:04:44 | 000,108,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/30 18:59:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 18:59:07 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/30 18:58:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/30 18:58:40 | 2683,625,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/30 18:57:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/05/30 18:25:03 | 000,001,003 | ---- | M] () -- C:\Users\Administrator\Desktop\UltraSearch.lnk
[2011/05/30 16:06:20 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2011/05/30 09:38:39 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2011/05/30 09:38:39 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2011/05/30 09:38:39 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2011/05/30 00:37:10 | 006,220,854 | ---- | M] () -- C:\Users\Administrator\Documents\screenShot.bmp
[2011/05/30 00:12:07 | 000,000,810 | ---- | M] () -- C:\Users\Administrator\Desktop\UltraExplorer.lnk
[2011/05/29 23:59:46 | 000,379,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/29 23:56:38 | 006,404,852 | ---- | M] () -- C:\Users\Administrator\Desktop\Qmmander_0.1.0-b1-8_12272010.zip
[2011/05/29 23:28:48 | 000,000,943 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/29 23:24:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/29 23:24:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/29 23:12:23 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/29 23:12:23 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/29 23:12:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/29 23:12:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/29 23:11:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/29 23:11:59 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/29 23:11:59 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/29 23:11:59 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/29 23:11:59 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/29 23:11:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/29 23:11:55 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/29 23:11:55 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/29 23:11:55 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/29 23:11:55 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/29 23:11:54 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/29 23:11:54 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/29 23:11:54 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/29 23:11:54 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/29 23:11:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/29 23:11:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/29 23:11:54 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/29 23:11:53 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/29 23:11:53 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/29 23:11:52 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/29 23:11:52 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/29 23:11:52 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/29 23:11:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/29 23:11:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/29 23:11:51 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/29 23:11:51 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/29 23:11:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/29 23:11:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/29 23:11:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/29 23:11:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/29 23:11:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/29 23:11:51 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/29 23:11:50 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/29 23:11:50 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/29 23:11:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/29 23:11:50 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/29 23:11:50 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/29 23:10:52 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/05/29 23:10:52 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/05/29 23:10:51 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/05/29 23:10:51 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/05/29 23:10:51 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/05/29 23:10:51 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/05/29 23:10:50 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/05/29 23:10:47 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/05/29 23:10:47 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/05/29 23:10:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/05/29 23:10:46 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/05/29 23:10:46 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/05/29 23:10:46 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/05/29 23:10:46 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/05/29 23:10:46 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/05/29 23:10:46 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/05/29 23:10:46 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/05/29 23:10:46 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/05/29 23:10:46 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/05/29 23:10:45 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/05/29 23:10:45 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/05/29 23:10:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2011/05/29 23:10:09 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/05/29 23:10:09 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/05/29 23:10:09 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/05/29 23:10:09 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/05/29 23:10:09 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/05/29 23:10:09 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/05/29 22:44:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/05/29 22:44:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/29 22:10:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/29 21:34:24 | 000,000,767 | ---- | M] () -- C:\Users\Administrator\Documents\My Sharing Folders.lnk
[2011/05/29 18:23:37 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/05/29 18:23:36 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/05/29 03:27:25 | 064,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\drweb-cureit.exe
[2011/05/28 17:47:47 | 000,001,939 | ---- | M] () -- C:\Users\Administrator\Desktop\Cubase 5.lnk
[2011/05/28 16:44:35 | 000,000,003 | ---- | M] () -- C:\Windows\System32\OutN64proc64.dll
[2011/05/28 16:44:35 | 000,000,003 | ---- | M] () -- C:\Windows\System32\InN64proc64.dll
[2011/05/28 16:38:07 | 000,000,936 | ---- | M] () -- C:\Users\Administrator\Desktop\MaxiVista Demo Server.lnk
[2011/05/28 14:55:31 | 000,001,396 | ---- | M] () -- C:\Users\Administrator\Desktop\GETLAID-PC - Shortcut.lnk
[2011/05/27 20:30:55 | 000,005,120 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 03:38:37 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Maschine.lnk
[2011/05/26 23:00:13 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/05/26 23:00:12 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/26 12:04:11 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Kontakt 4.lnk
[2011/05/25 14:41:49 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\Desktop\Absynth 4.lnk
[2011/05/25 14:09:34 | 000,000,504 | ---- | M] () -- C:\Users\Administrator\Desktop\Music Production - Shortcut.lnk
[2011/05/25 09:43:39 | 001,007,108 | ---- | M] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/05/25 09:30:52 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Administrator\Desktop\ATF_Cleaner.exe
[2011/05/25 07:10:16 | 001,431,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\TDSSKiller.exe
[2011/05/24 20:28:46 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
[2011/05/24 17:39:32 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Desktop\FL Studio 10.lnk
[2011/05/24 13:14:33 | 000,000,611 | ---- | M] () -- C:\Users\Administrator\Desktop\Silent Hunter 5 Downloaded Mods - Shortcut.lnk
[2011/05/23 17:36:08 | 000,000,700 | ---- | M] () -- C:\Users\Administrator\Desktop\sh5 - Shortcut.lnk
[2011/05/22 15:58:29 | 000,000,510 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/05/22 15:51:10 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\Generic Mod Enabler - Silent Hunter 5.lnk
[2011/05/22 10:16:18 | 000,002,660 | ---- | M] () -- C:\Users\Administrator\Documents\New.ncd
[2011/05/19 22:34:50 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/19 21:10:22 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/05/18 20:30:43 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011/05/18 20:30:43 | 000,109,144 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011/05/18 14:14:06 | 1048,576,000 | ---- | M] () -- C:\RAMDisk.img
[2011/05/18 13:16:52 | 000,080,384 | ---- | M] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011/05/18 13:06:37 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.com
[2011/05/18 12:56:23 | 1048,576,000 | ---- | M] () -- C:\RAMDisk.img.bak
[2011/05/18 12:22:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 02:37:06 | 000,001,630 | ---- | M] () -- C:\Users\Administrator\Desktop\System Restore.lnk
[2011/05/18 01:43:11 | 000,000,510 | ---- | M] () -- C:\Users\Administrator\Desktop\Vuze Downloads - Shortcut.lnk
[2011/05/18 01:36:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2011/05/18 01:36:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/05/17 19:06:08 | 001,056,768 | ---- | M] () -- C:\Users\Administrator\defltbase.sdb
[2011/05/17 09:52:18 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\Device Manager - Shortcut.lnk
[2011/05/16 14:06:00 | 000,148,208 | ---- | M] () -- C:\wubildr
[2011/05/16 14:06:00 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2011/05/15 22:24:17 | 000,139,488 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/15 22:24:00 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/05/15 18:30:07 | 000,270,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/05/15 18:29:48 | 000,001,098 | ---- | M] () -- C:\Users\Administrator\Desktop\CoDWaWmp - Shortcut.lnk
[2011/05/15 18:28:18 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\System - Shortcut.lnk
[2011/05/15 17:07:27 | 000,001,086 | ---- | M] () -- C:\Users\Administrator\Desktop\CoDWaW -SP Shortcut.lnk
[2011/05/15 16:12:20 | 000,022,328 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011/05/15 16:11:55 | 000,682,280 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2011/05/15 15:01:44 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/05/15 14:47:10 | 000,000,870 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/15 02:49:33 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/05/14 17:20:42 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2011/05/14 17:20:38 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2011/05/14 17:20:38 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2011/05/14 17:11:27 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011/05/14 17:05:32 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/14 10:47:40 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\http.sys.mui
[2011/05/14 10:29:24 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/05/14 10:26:45 | 000,272,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2011/05/14 10:26:45 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2011/05/14 10:25:18 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/05/14 10:25:18 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/05/14 10:25:18 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/05/14 10:25:18 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/05/14 10:25:18 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/05/14 10:25:18 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/05/14 10:25:18 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/05/14 10:23:32 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011/05/14 10:23:32 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/05/14 10:23:31 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/05/14 10:23:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/05/14 10:23:31 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2011/05/14 10:23:31 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2011/05/14 10:23:29 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/05/14 10:22:56 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2011/05/14 10:22:55 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2011/05/14 10:21:02 | 000,000,153 | ---- | M] () -- C:\Windows\System32\RacUREx.xml
[2011/05/14 10:20:35 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2011/05/14 10:20:34 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/05/14 10:20:34 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2011/05/14 10:20:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2011/05/14 10:14:56 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/05/14 10:14:56 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/05/14 10:13:36 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/05/14 10:11:26 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/05/14 10:09:17 | 000,623,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/05/14 10:07:19 | 001,259,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/05/14 10:05:38 | 001,808,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0046.dll
[2011/05/14 10:05:38 | 001,793,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0045.dll
[2011/05/14 10:05:37 | 001,782,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0039.dll
[2011/05/14 10:05:37 | 001,558,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0049.dll
[2011/05/14 10:05:37 | 001,411,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0047.dll
[2011/05/14 10:05:37 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0020.dll
[2011/05/14 10:05:36 | 007,964,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0024.dll
[2011/05/14 10:05:36 | 005,499,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0022.dll
[2011/05/14 10:05:36 | 002,136,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0021.dll
[2011/05/14 10:05:35 | 006,224,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0027.dll
[2011/05/14 10:05:35 | 005,791,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0026.dll
[2011/05/14 10:05:35 | 004,175,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0010.dll
[2011/05/14 10:05:34 | 004,981,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0013.dll
[2011/05/14 10:05:34 | 003,331,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0018.dll
[2011/05/14 10:05:34 | 002,466,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0011.dll
[2011/05/14 10:05:33 | 011,722,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0001.dll
[2011/05/14 10:05:33 | 006,781,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0019.dll
[2011/05/14 10:05:32 | 004,164,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0002.dll
[2011/05/14 10:05:32 | 001,452,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0003.dll
[2011/05/14 10:05:31 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004a.dll
[2011/05/14 10:05:30 | 004,093,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004c.dll
[2011/05/14 10:05:30 | 001,972,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004e.dll
[2011/05/14 10:05:30 | 001,702,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons004b.dll
[2011/05/14 10:05:29 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001a.dll
[2011/05/14 10:05:29 | 004,045,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons003e.dll
[2011/05/14 10:05:29 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons002a.dll
[2011/05/14 10:05:28 | 006,585,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001b.dll
[2011/05/14 10:05:28 | 006,346,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons001d.dll
[2011/05/14 10:05:27 | 009,892,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000a.dll
[2011/05/14 10:05:27 | 006,237,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000c.dll
[2011/05/14 10:05:26 | 005,654,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000f.dll
[2011/05/14 10:05:26 | 004,616,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0414.dll
[2011/05/14 10:05:26 | 001,722,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons000d.dll
[2011/05/14 10:05:25 | 005,090,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0416.dll
[2011/05/14 10:05:24 | 007,042,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons081a.dll
[2011/05/14 10:05:24 | 005,031,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0816.dll
[2011/05/14 10:05:23 | 005,071,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsModels0011.dll
[2011/05/14 10:05:23 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0046.dll
[2011/05/14 10:05:23 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0045.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0049.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0047.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0039.dll
[2011/05/14 10:05:22 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0020.dll
[2011/05/14 10:05:21 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0026.dll
[2011/05/14 10:05:21 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0024.dll
[2011/05/14 10:05:21 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0022.dll
[2011/05/14 10:05:21 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0021.dll
[2011/05/14 10:05:20 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0010.dll
[2011/05/14 10:05:20 | 003,466,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0013.dll
[2011/05/14 10:05:20 | 002,657,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0011.dll
[2011/05/14 10:05:20 | 001,966,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0027.dll
[2011/05/14 10:05:19 | 004,497,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0019.dll
[2011/05/14 10:05:19 | 002,599,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0001.dll
[2011/05/14 10:05:19 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0018.dll
[2011/05/14 10:05:19 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
[2011/05/14 10:05:18 | 004,875,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0009.dll
[2011/05/14 10:05:18 | 002,243,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0007.dll
[2011/05/14 10:05:18 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0003.dll
[2011/05/14 10:05:18 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0002.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004e.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004c.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004b.dll
[2011/05/14 10:05:17 | 003,104,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData004a.dll
[2011/05/14 10:05:16 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001d.dll
[2011/05/14 10:05:16 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001b.dll
[2011/05/14 10:05:16 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData001a.dll
[2011/05/14 10:05:16 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData003e.dll
[2011/05/14 10:05:16 | 001,801,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData002a.dll
[2011/05/14 10:05:15 | 009,847,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000a.dll
[2011/05/14 10:05:15 | 002,643,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000c.dll
[2011/05/14 10:05:14 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0416.dll
[2011/05/14 10:05:14 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0414.dll
[2011/05/14 10:05:14 | 002,342,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000d.dll
[2011/05/14 10:05:14 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData000f.dll
[2011/05/14 10:05:13 | 004,495,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0816.dll
[2011/05/14 10:05:13 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData081a.dll
[2011/05/14 10:05:12 | 006,917,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0c1a.dll
[2011/05/14 10:05:12 | 001,965,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0c1a.dll
[2011/05/14 10:03:26 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/05/14 10:02:45 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\telnet.exe
[2011/05/14 10:02:07 | 000,220,672 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2011/05/14 10:02:07 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/05/14 10:00:56 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/05/14 09:59:25 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2011/05/14 09:59:03 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wshrm.dll
[2011/05/14 09:58:48 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/05/14 09:58:48 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/05/14 09:58:46 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/05/14 09:58:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/05/14 09:58:22 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/05/14 09:58:21 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/05/14 09:58:21 | 000,518,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/05/14 09:58:21 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/05/14 09:58:21 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/05/14 09:58:21 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/05/14 09:58:21 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/05/14 09:58:21 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/05/14 09:58:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/05/14 09:55:05 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
[2011/05/14 09:54:23 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/05/14 09:54:23 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/05/14 09:53:32 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/05/14 09:53:27 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/05/14 09:52:49 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/05/14 09:52:49 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/05/14 09:52:49 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/05/14 09:52:49 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/05/14 09:52:40 | 000,604,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/05/14 09:52:27 | 000,310,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/05/12 11:36:49 | 000,008,798 | ---- | M] () -- C:\Users\Administrator\.recently-used.xbel
[2011/05/07 15:04:25 | 000,001,283 | ---- | M] () -- C:\Users\Administrator\Desktop\Documents - Shortcut.lnk
[2011/05/07 14:22:07 | 000,000,510 | ---- | M] () -- C:\Users\Administrator\Desktop\Program Files - Shortcut.lnk
[2011/05/07 01:47:02 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/05/07 00:54:13 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/05/07 00:48:19 | 000,001,830 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile0.dat
[2011/05/07 00:48:19 | 000,001,828 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile1.dat
[2011/05/06 23:45:34 | 000,000,005 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.uniblue
[2011/05/06 23:45:25 | 000,000,005 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110506-234534.backup
[2011/05/06 23:45:16 | 000,000,005 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110506-234525.backup
[2011/05/05 15:10:48 | 000,000,650 | ---- | M] () -- C:\Users\Administrator\Desktop\AppData - Shortcut.lnk
[2011/05/05 15:10:23 | 000,000,686 | ---- | M] () -- C:\Users\Administrator\Desktop\Downloads - Shortcut.lnk
[2011/05/05 10:40:29 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/04 14:54:51 | 000,000,134 | ---- | M] () -- C:\Users\Administrator\Desktop\Programs and Features - Shortcut.lnk
[2011/05/03 14:29:18 | 002,277,376 | ---- | M] (Topala Software Solutions) -- C:\Users\Administrator\Desktop\siw.exe
[2011/05/01 22:21:50 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/05/01 15:03:53 | 000,295,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/05/01 15:03:53 | 000,099,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/05/01 15:03:53 | 000,049,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

========== Files Created - No Company Name ==========

[2011/05/30 18:25:02 | 000,001,003 | ---- | C] () -- C:\Users\Administrator\Desktop\UltraSearch.lnk
[2011/05/30 16:06:20 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Sound Forge Pro 10.0.lnk
[2011/05/30 08:24:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss
[2011/05/30 08:24:16 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2011/05/30 08:24:16 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/05/30 08:21:10 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/30 08:20:38 | 000,000,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-RackS 3.lnk
[2011/05/30 00:37:10 | 006,220,854 | ---- | C] () -- C:\Users\Administrator\Documents\screenShot.bmp
[2011/05/30 00:12:07 | 000,000,810 | ---- | C] () -- C:\Users\Administrator\Desktop\UltraExplorer.lnk
[2011/05/30 00:10:43 | 006,404,852 | ---- | C] () -- C:\Users\Administrator\Desktop\Qmmander_0.1.0-b1-8_12272010.zip
[2011/05/29 23:45:24 | 000,001,168 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/29 23:44:51 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/29 23:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/05/29 23:24:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/29 23:11:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/29 22:44:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/05/29 22:44:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/05/29 22:28:14 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/05/29 22:28:12 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/05/29 22:28:05 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/05/29 22:28:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/29 22:28:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/29 22:28:01 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/05/29 22:27:58 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/05/29 22:27:50 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/05/29 22:27:49 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/05/29 22:27:28 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/05/29 21:34:24 | 000,000,767 | ---- | C] () -- C:\Users\Administrator\Documents\My Sharing Folders.lnk
[2011/05/29 20:41:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/29 20:41:32 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/05/29 20:27:51 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/05/29 20:27:51 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/05/29 20:27:51 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/05/29 19:51:52 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
[2011/05/29 18:42:59 | 000,000,949 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer
[2011/05/29 18:09:45 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011/05/29 18:09:45 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/05/29 18:09:43 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011/05/29 18:09:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011/05/29 09:57:49 | 2683,625,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/29 03:26:07 | 064,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\drweb-cureit.exe
[2011/05/28 17:47:47 | 000,001,939 | ---- | C] () -- C:\Users\Administrator\Desktop\Cubase 5.lnk
[2011/05/28 16:44:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll
[2011/05/28 16:44:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll
[2011/05/28 16:38:07 | 000,000,936 | ---- | C] () -- C:\Users\Administrator\Desktop\MaxiVista Demo Server.lnk
[2011/05/28 14:55:31 | 000,001,396 | ---- | C] () -- C:\Users\Administrator\Desktop\GETLAID-PC - Shortcut.lnk
[2011/05/27 19:58:13 | 000,005,120 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 03:38:37 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Maschine.lnk
[2011/05/26 23:00:13 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011/05/26 12:04:11 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Kontakt 4.lnk
[2011/05/25 14:41:49 | 000,000,931 | ---- | C] () -- C:\Users\Administrator\Desktop\Absynth 4.lnk
[2011/05/25 14:09:34 | 000,000,504 | ---- | C] () -- C:\Users\Administrator\Desktop\Music Production - Shortcut.lnk
[2011/05/25 09:43:38 | 001,007,108 | ---- | C] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/05/24 20:28:46 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
[2011/05/24 17:39:32 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Desktop\FL Studio 10.lnk
[2011/05/24 13:14:33 | 000,000,611 | ---- | C] () -- C:\Users\Administrator\Desktop\Silent Hunter 5 Downloaded Mods - Shortcut.lnk
[2011/05/22 15:51:10 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\Generic Mod Enabler - Silent Hunter 5.lnk
[2011/05/22 10:12:37 | 000,002,660 | ---- | C] () -- C:\Users\Administrator\Documents\New.ncd
[2011/05/21 12:39:33 | 000,000,700 | ---- | C] () -- C:\Users\Administrator\Desktop\sh5 - Shortcut.lnk
[2011/05/19 22:34:50 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/05/19 22:34:50 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/19 21:10:22 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/05/18 13:16:52 | 000,080,384 | ---- | C] () -- C:\Users\Administrator\Desktop\MBRCheck.exe
[2011/05/18 12:22:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/18 02:37:06 | 000,001,630 | ---- | C] () -- C:\Users\Administrator\Desktop\System Restore.lnk
[2011/05/18 01:43:11 | 000,000,510 | ---- | C] () -- C:\Users\Administrator\Desktop\Vuze Downloads - Shortcut.lnk
[2011/05/18 01:36:13 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2011/05/18 01:36:13 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2011/05/18 00:42:45 | 000,002,425 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/05/17 19:06:08 | 001,056,768 | ---- | C] () -- C:\Users\Administrator\defltbase.sdb
[2011/05/17 16:56:05 | 1048,576,000 | ---- | C] () -- C:\RAMDisk.img.bak
[2011/05/17 16:56:05 | 1048,576,000 | ---- | C] () -- C:\RAMDisk.img
[2011/05/17 09:52:18 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\Device Manager - Shortcut.lnk
[2011/05/16 14:06:00 | 000,148,208 | ---- | C] () -- C:\wubildr
[2011/05/16 14:06:00 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2011/05/15 18:29:48 | 000,001,098 | ---- | C] () -- C:\Users\Administrator\Desktop\CoDWaWmp - Shortcut.lnk
[2011/05/15 18:28:18 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\System - Shortcut.lnk
[2011/05/15 17:07:27 | 000,001,086 | ---- | C] () -- C:\Users\Administrator\Desktop\CoDWaW -SP Shortcut.lnk
[2011/05/15 16:12:20 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/15 16:11:56 | 000,270,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/05/15 16:11:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/05/15 15:51:34 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/15 15:01:44 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011/05/15 15:01:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2011/05/15 14:47:10 | 000,000,870 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/15 14:47:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/15 02:49:33 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2011/05/14 17:05:32 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2011/05/14 16:22:15 | 000,001,633 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/05/14 16:22:14 | 000,001,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/05/14 10:50:19 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/05/14 10:23:32 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/05/14 10:23:29 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/05/14 10:21:02 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/05/12 11:36:49 | 000,008,798 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2011/05/07 14:22:07 | 000,000,510 | ---- | C] () -- C:\Users\Administrator\Desktop\Program Files - Shortcut.lnk
[2011/05/07 01:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/07 00:54:13 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2011/05/06 17:04:24 | 000,001,283 | ---- | C] () -- C:\Users\Administrator\Desktop\Documents - Shortcut.lnk
[2011/05/05 15:10:48 | 000,000,650 | ---- | C] () -- C:\Users\Administrator\Desktop\AppData - Shortcut.lnk
[2011/05/05 15:10:23 | 000,000,686 | ---- | C] () -- C:\Users\Administrator\Desktop\Downloads - Shortcut.lnk
[2011/05/05 10:40:29 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/04 14:54:51 | 000,000,134 | ---- | C] () -- C:\Users\Administrator\Desktop\Programs and Features - Shortcut.lnk
[2011/05/04 00:22:57 | 000,001,828 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile1.dat
[2011/05/01 22:21:50 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2011/04/08 12:28:58 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011/04/06 02:20:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/04/05 22:09:48 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 22:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/02/16 22:54:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/02/15 23:08:45 | 000,000,498 | ---- | C] () -- C:\Windows\eZip.INI
[2011/02/13 18:46:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/04 16:20:25 | 000,001,830 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ImperatorProfile0.dat
[2010/10/06 01:01:52 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2010/03/01 22:41:47 | 000,000,101 | ---- | C] () -- C:\Windows\CMMIXER.INI
[2010/03/01 15:11:42 | 001,743,872 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2007/08/25 20:23:40 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI
[2007/08/25 12:17:21 | 000,008,138 | ---- | C] () -- C:\Windows\mozver.dat
[2007/08/07 22:49:30 | 000,274,432 | ---- | C] () -- C:\Windows\System32\ClassX.dll
[2007/08/07 22:49:30 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dtidb.dll
[2007/08/07 22:49:30 | 000,024,576 | ---- | C] () -- C:\Windows\System32\classxps.dll
[2007/08/07 22:49:24 | 000,073,728 | ---- | C] () -- C:\Windows\EasyZipp.exe
[2007/08/07 22:49:24 | 000,040,960 | ---- | C] () -- C:\Windows\EasyBar.exe
[2007/08/07 22:49:16 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2007/08/07 22:49:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2007/08/07 20:06:59 | 000,287,744 | ---- | C] () -- C:\Windows\System32\regsystem.dll
[2007/08/07 20:06:59 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2007/08/07 20:06:59 | 000,005,632 | ---- | C] () -- C:\Windows\System32\Machnm64.sys
[2007/08/07 20:06:59 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2007/08/07 18:42:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2007/08/07 18:40:37 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2007/08/07 18:39:07 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/04 20:14:47 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/07/29 22:51:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/04/24 17:22:14 | 000,022,328 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2007/04/24 17:21:58 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2007/04/24 16:57:52 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/03/31 22:09:48 | 000,000,671 | ---- | C] () -- C:\Windows\WININIT.INI
[2007/03/10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/03/07 22:35:39 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/03/06 05:02:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/03/06 04:59:12 | 000,002,016 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys
[2007/03/06 04:59:12 | 000,001,888 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys
[2007/03/06 04:57:33 | 000,000,143 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007/03/04 20:27:27 | 000,000,025 | ---- | C] () -- C:\Windows\mixerdef.ini
[2007/02/06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,379,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,609,816 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,108,126 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/02/25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== LOP Check ==========

[2011/05/30 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azureus
[2011/05/08 21:02:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010/10/06 01:01:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Copernic
[2011/05/29 10:10:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EurekaLog
[2011/05/12 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2011/05/29 11:05:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\iZotope
[2011/05/28 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\JAM Software
[2011/05/21 17:11:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Laconic Software
[2011/05/19 22:29:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MaaTec
[2011/05/20 12:46:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mount&Blade With Fire and Sword
[2011/05/24 17:03:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mumble
[2011/02/23 19:11:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NewSoft
[2010/12/17 03:49:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Osefre
[2011/05/30 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Publish Providers
[2011/05/15 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/05/30 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony
[2011/05/20 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sports Interactive
[2011/05/30 01:01:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Steinberg
[2011/05/27 12:41:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2011/05/14 21:38:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2011/03/01 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ts3overlay
[2011/05/30 15:01:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UltraExplorer
[2011/05/30 01:29:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VST3 Presets
[2011/05/17 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\Dz\AppData\Roaming\PeerNetworking
[2011/05/30 18:57:37 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/30 19:09:59 | 000,000,412 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{04BF8757-0A75-4F0E-9EAC-CEAD1E76BB4D}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2011/05/14 10:08:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/05/14 10:08:15 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/05/14 10:08:14 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/05/14 10:24:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/05/14 10:24:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/05/14 10:08:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/29 23:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/29 23:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/29 23:11:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

OTL Extras

OTL Extras logfile created on: 30/05/2011 19:08:35 - Run 5
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): c:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 274.14 Gb Total Space | 39.82 Gb Free Space | 14.53% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 696.67 Mb Free Space | 99.20% Space Free | Partition Type: UDF

Computer Name: DZ-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = e-Notetaker.Document] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10DC6D5F-3297-4D56-9D02-7B46325686B3}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{1119AB5E-CBD4-48B1-8EE4-9370D5737A37}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{1F6B9396-EE02-42E3-B1B0-8455CEE7D722}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{2278D057-EE41-4FD1-A83C-3D8F556DC091}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{34F3208F-13C8-4CFE-A32A-8E6E0F6D909A}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{39092D8D-0B34-4698-B7E9-E0BDF36B4045}" = rport=5357 | protocol=6 | dir=out | app=system |
"{42349330-84F6-4C6D-9FC0-FC8839BF4FD4}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{5261074D-46FE-42D6-981E-4452052B4339}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{75A9BBFC-DEE8-40A2-A653-6E3AADFE6C20}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7A023B4A-FEC1-4827-97DD-4DD6E69342D2}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7B1B3A4A-D0BC-4840-AD77-ADB3DE9F1006}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{83C10464-EC00-4FB1-AFF5-B3F78FEBD085}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{85430736-C103-48D5-A4D4-3DBD6AC0439A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{857A1F3F-CBD5-4707-8306-B7E43D0130F8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{8B432EC0-D136-4130-8816-64B0F9DB8A08}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{90EA574E-C0D2-4CB9-AE71-567AEA041168}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{9917DA7D-8DB9-4976-A02D-7E5D32E277BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2876460-8447-455C-AFF8-B55B0C4DBC98}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A367B309-15A9-48B8-8833-9B0C78434F76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9BEDE37-431D-440D-BD75-AAB633E885FA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{A9F5F0A1-32E6-4427-82D6-C03E9EBE20FE}" = lport=5357 | protocol=6 | dir=in | app=system |
"{B1F7BF20-81A5-4E48-BDAE-5FE1CC9CA6EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5FEAC7C-376F-4212-922B-4FCA1CD95479}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B87DCEDC-CC1D-4BA1-9362-4FE9CD1EBA54}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{BA4BB46D-E94A-45F1-A487-FA9344488613}" = rport=5358 | protocol=6 | dir=out | app=system |
"{CF4E1AAC-DF54-4A78-AF3F-53D5F98624DB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{D79E88C0-A9DD-418D-A606-FA437345DBCC}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DD7EAAD0-0455-4415-A0ED-61BBF0371AD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E558F2A3-F96C-41F7-9580-D07AE630946F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{ECED8356-E9C3-465B-B6BF-AE1AB93CB3BF}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{F1FE0265-B824-48AF-8015-632F1E6801C4}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0361E710-74FB-4168-AC9D-28CD904F4C4B}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{06081AA9-C811-4BC4-A7E9-7E13082C3BB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{0C4D6162-2FDA-4719-829E-0A844D1580DA}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{1795431F-BFD4-4348-B057-F4B6FEEB17D8}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{25F5D24B-035A-4629-8F8F-E8CFDB2D6013}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{2AA08EC2-8460-49A5-851D-88D59AE5E219}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe |
"{3435DE97-2951-4EB9-87B1-9A3E82688722}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{3D3CA94D-0686-4571-B2D4-0E83059FB009}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{3DC188EA-2357-4BDA-97DF-4EF6472F18A6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{3F1F0BEB-8AFB-4061-8884-1664170C1C82}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe |
"{468F1A13-5ED1-4045-A145-4B23C12E71EC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{49E58FA4-71E8-4657-BD9E-12074C10084A}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{4CE6F992-0E0B-4567-9FBD-C5821CE4FD0A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4DD9AEEB-CA35-4D20-8C89-E54572EC4A14}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4E1FC3B9-3F31-4280-9061-99D745AD4163}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{54B7DF2F-C86B-4AC7-BED1-C50DC0A5DE0D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{610CAE24-9783-4A38-B985-3302C3499A11}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6380C5D5-2A05-4C51-9C54-90C2DAA8B900}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{69DB809A-3E00-41B3-A99E-504781D2BD82}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{69EB96CA-9F42-4E97-9128-CC5BB97D4898}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{6D8F9BA2-3BEA-4CAD-9804-03C49EF42818}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{76A7B133-D220-48B6-B2B1-7EDC275B933A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{782705CA-D1B6-4D0E-B973-2E23FF0D4F3D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7E389A9F-A7C7-4057-8CAF-99C353089795}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{7F12BE2B-9327-41CD-811E-66AC3061B879}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{840362DB-83A4-4F7C-A8AC-38773A812852}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{855D0CD7-F8D3-4BD1-9810-55D40CDEEAA6}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{89DE8F52-CC90-4DC2-8ADC-DE075D9A4D4A}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{8A85BC93-05A5-4B4A-AE91-875C9E61488A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8F2B0C55-99B2-4AFC-B67A-7DD71C9EE508}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{921DBA00-4EC0-4A93-BAFB-1B5E42D0A614}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{940896BE-7B3D-4C6E-BCF3-850787D7F506}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe |
"{95F0F1A1-F9BF-43F3-AB30-AA27B9540A16}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{997CD7ED-7B75-469C-A75B-BB369DA0EC84}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{9AC608D0-D90B-479B-B069-8850F36B9338}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{9B60DF23-FAE1-4CA0-BCA9-BB667BA30640}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{9C36C13A-9A1F-4921-917F-2F4CE16BED3D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9F56F6A6-7092-4903-A904-ED10768C78BF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{A23CF034-E67C-4612-BA82-4ABF7960EBBE}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe |
"{A3C7D7AB-E5BD-4C59-9835-A39916BC50AB}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe |
"{A49ED40B-52D8-49D8-B6D5-C2984A5E8271}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{A75F75D9-9D47-4E01-BD43-F9A9EA96391B}" = protocol=17 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{AB7FCE8D-09D2-412C-ADAC-F76F266C5044}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC7DEC58-334C-4F91-BFAC-729E0F0B15EA}" = protocol=6 | dir=in | app=c:\ubisoft\silent hunter 5\sh5.exe |
"{ACF461AC-23F3-49C4-9F7E-145DC64A88B7}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{AF1B5428-825B-40E3-9C08-0B5C28A9DD06}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C45A35FA-749C-4BB3-A721-62DA7DB9565E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{C54F5209-6D0F-4E18-97E0-7C3294A08E35}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{D2971D63-506A-4FE9-9234-02B9B4D26179}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E5A15E49-3403-495D-AC7C-1FE9007841A9}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{EA9380BA-B788-432B-80C2-0C902049F82E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe |
"{F7B99B7E-2D98-4C03-802A-8DB23AD1DF56}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{F9ED7049-DDEF-4442-ADE1-D14E3755C610}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{FC9D430B-F1FC-4537-9445-F08E6145AE4A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"TCP Query User{00408DBE-DC87-457C-8B7F-5591E2B8CD84}C:\program files\mozilla.org\mozilla\mozilla.exe" = protocol=6 | dir=in | app=c:\program files\mozilla.org\mozilla\mozilla.exe |
"TCP Query User{03DFB6C8-6F0C-4E73-A6E5-D50800D6B776}C:\program files\mount&blade with fire and sword\mb_wfas.exe" = protocol=6 | dir=in | app=c:\program files\mount&blade with fire and sword\mb_wfas.exe |
"TCP Query User{06803B48-74D2-4CAA-B2D0-EEDC71908112}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{0715B78B-578C-4B1C-8EAE-6AA1B5852C03}C:\program files\activision\call of duty - world at war\mp_tool.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\mp_tool.exe |
"TCP Query User{1BC4C425-3A6C-4F8B-A9B3-BC2A984BFAF7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1E123AA6-E07D-4D80-9CD3-63D42D5BDEFF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{20E99BB3-C7BF-44C2-A371-CEE1895954C1}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe |
"TCP Query User{3543A70F-1E59-456B-8495-725292966B59}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{3B898F14-E731-41C8-840A-B7D24183AEB8}C:\users\administrator\appdata\local\temp\pyl658.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\temp\pyl658.tmp\pyrun.exe |
"TCP Query User{469ADC6A-5E43-47C1-AA6E-D4FF49CD8704}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{49D4E1D0-CDBA-43A3-A7F5-680E850195DD}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{4F3FD870-5A22-4E3F-9500-E6541B29F645}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe |
"TCP Query User{8787755F-8807-48AE-9584-37E3786A0D65}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{9435CE49-DEB4-47FF-8611-7CF2CB7B8FBF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A138979F-E494-4DA1-801C-55D31189D1D5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{ACAED31F-B985-445F-9119-4C9CFF8C8283}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C44EABD3-1B97-46CB-A3BF-E593DEC84EA3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{D172E3E8-8571-45E7-952E-EB5D319157F2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{06FF9C16-E40E-4A98-8B2F-37B83AE33CBC}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe |
"UDP Query User{0A6B99EC-FAB0-4B6D-BC3F-5D178B40E7AB}C:\program files\mount&blade with fire and sword\mb_wfas.exe" = protocol=17 | dir=in | app=c:\program files\mount&blade with fire and sword\mb_wfas.exe |
"UDP Query User{24897CA3-4968-4B48-A378-C300AF232F8A}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe |
"UDP Query User{29D84DBA-6060-490A-BE0A-B0D994FD10F2}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{3A941A04-4B9A-455A-9BD3-E824F9AE0920}C:\users\administrator\appdata\local\temp\pyl658.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\temp\pyl658.tmp\pyrun.exe |
"UDP Query User{6FD28311-B9E6-4112-AF79-663CEAB7AD42}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{7DF134A2-353A-4382-977A-9D89BD695DF1}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{86813CA3-659B-450B-9B3C-8D5C5746AEE3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{8D4692EE-7173-4D4B-A475-2A9CFE623051}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{9BF0F7BD-0B99-4619-9EF8-9F823FFE3C8C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{C620C4C0-BDEC-4F15-B09A-E7429AC2B5E4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{D4E5D600-1524-4A4B-937F-D42BD2FE1F63}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DCD03888-0942-40D5-BB71-899CFCF2F441}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E2159085-A8BA-41C7-8ECB-E53059FCF40D}C:\program files\activision\call of duty - world at war\mp_tool.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\mp_tool.exe |
"UDP Query User{E4F7F3C8-41C5-4621-BE10-5C2310C3C1D2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E680038F-1E3F-44AA-A00B-6AE36CD92A53}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F2491CCD-0A39-4810-8D6F-8861609D57B4}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"UDP Query User{FC13027E-BA6D-4B68-960E-EAF250EFE3B6}C:\program files\mozilla.org\mozilla\mozilla.exe" = protocol=17 | dir=in | app=c:\program files\mozilla.org\mozilla\mozilla.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01010016-0001-2010-1105-4D6161546563}" = MaaTec Network Analyzer
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Hardware Controller Support
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802" = CanoScan LiDE 600F
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.12
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{328420FA-7638-4AB1-81DF-E0FECEFF24E3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{520A8627-E1B7-4808-8F04-03A013CBBD10}" = Noise Reduction Plug-in 2.0i
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper version 3.0.0
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F577CD8-A997-2E11-83BC-4445DD2D4542}" = AMD VISION Engine Control Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{658DE1DF-D156-DD5A-800E-20C693806F65}" = Catalyst Control Center InstallProxy
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6844F85B-1AEE-093A-5FC9-235035B3A127}" = Catalyst Control Center Graphics Previews Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71790311-0C42-B5BC-AF01-97BFFEF2A30B}" = ATI Catalyst Install Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3A3C74-0163-F062-08D6-C8AC7430669E}" = ccc-utility
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A262095C-F03B-4611-AE87-7156859DC7F9}" = M-Audio Legacy Keyboard Driver 5.0.0 (x86)
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5668B8-1428-460F-AE02-999A598D6883}" = Wavpack4Wavelab6
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B045B608-4A47-4C77-9EAD-06C394503306}" = iTunes
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B7749EE2-5318-D255-F0EE-14D5845B0925}" = CCC Help English
"{B8A817D7-AE0F-42BA-AEB9-B5F1F3EFB7AF}" = Sound Forge Pro 10.0
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C1E544E5-EF3C-4103-A57B-3A499FD91033}" = Nero 7 Essentials
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D780B6D0-4A6B-4336-8CEF-B9F520EFA76B}" = CodeFinder
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D8B5C1BB-5951-422D-A4D5-451675614956}_is1" = Men of War: Assault Squad (Remove Only)
"{D8B5C1BB-5951-422D-A4D5-451675614956}_update1.81.2" = Update 1.81.2 for "Men of War: Assault Squad"
"{D8B5C1BB-5951-422D-A4D5-451675614956}_update1.85.1" = Update 1.85.1 for "Men of War: Assault Squad"
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E15E74CC-E9D1-9042-4481-BE3B573620BA}" = AMD Fuel
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F}" = Native Instruments Maschine
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Anagram Genius version 9" = Anagram Genius version 9
"Any Weblock_is1" = Any Weblock 1.1.0
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Pro Antivirus
"Avidemux 2.4" = Avidemux 2.4
"Canon iP4300 User Registration" = Canon iP4300 User Registration
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"Copernic Agent Basic" = Copernic Agent Basic
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"DPP" = Canon Utilities Digital Photo Professional 3.1
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"EOS Utility" = Canon Utilities EOS Utility
"FL Studio 10" = FL Studio 10
"Football Manager 2011" = Football Manager 2011
"Game Booster_is1" = Game Booster
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"IL Download Manager" = IL Download Manager
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Minimonsta" = GForce - Minimonsta
"Mount&Blade With Fire and Sword" = Mount&Blade With Fire and Sword
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Hardware Controller Support" = Native Instruments Hardware Controller Support
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Maschine" = Native Instruments Maschine
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Maschine Driver" = Native Instruments Maschine Driver
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"ODSK" = Canon Utilities Original Data Security Tools
"OpenAL" = OpenAL
"PCI Audio Driver" = PCI Audio Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PunkBusterSvc" = PunkBuster Services
"QSynergy" = QSynergy 0.9.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Soulseek2" = SoulSeek 157 NS 13e
"Steam App 64000" = Men of War: Assault Squad
"Synergy" = Synergy
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraExplorer_is1" = UltraExplorer 2.0.3.1
"UltraSearch_is1" = UltraSearch V1.4
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 1.1.9
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4
Render

Posted 30 May 2011 - 12:42 PM

Trusted Helper

Malware Removal
4,195 posts

Hi,

Please proceed with these steps:

Step 1

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 1 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

When completed the above, please post back the following in the order asked for:

Contents of the RKreport.txt
Rootkit Unhooker report

#5
skookum

Posted 30 May 2011 - 01:28 PM

Member

Topic Starter
Member
43 posts

RogueKiller V5.1.9 [05/29/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date : 05/30/2011 20:23:57

Bad processes: 1
[SUSP PATH] mixer.exe -- c:\windows\mixer.exe -> KILLED

Registry Entries: 13
[SUSP PATH] At1.job : c:\users\admini~1\appdata\local\temp\regedt32a.exe -> FOUND
[SUSP PATH] At10.job : c:\users\admini~1\appdata\local\temp\dvdupgrda.exe -> FOUND
[SUSP PATH] At2.job : c:\users\admini~1\appdata\local\temp\syskeyb.exe -> FOUND
[SUSP PATH] At3.job : c:\users\admini~1\appdata\local\temp\unregmp2a.exe -> FOUND
[SUSP PATH] At4.job : c:\users\admini~1\appdata\local\temp\upnpconta.exe -> FOUND
[SUSP PATH] At5.job : c:\users\admini~1\appdata\local\temp\wextractb.exe -> FOUND
[SUSP PATH] At6.job : c:\users\admini~1\appdata\local\temp\bdeunlockwizarda.exe -> FOUND
[SUSP PATH] At7.job : c:\users\admini~1\appdata\local\temp\dfdwizb.exe -> FOUND
[SUSP PATH] At8.job : c:\users\admini~1\appdata\local\temp\dialerb.exe -> FOUND
[SUSP PATH] At9.job : c:\users\admini~1\appdata\local\temp\diskraida.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
ÿþ1

Finished : << RKreport[1].txt >>
RKreport[1].txt

Rootkit Unhooker Log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0xCB409000 C:\Windows\system32\DRIVERS\atikmdag.sys 8093696 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0xE2E3B000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0xE2E3B000 PnpManager 3907584 bytes
0xE2E3B000 RAW 3907584 bytes
0xE2E3B000 WMIxWDM 3907584 bytes
0xD7040000 Win32k 2113536 bytes
0xD7040000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xC7803000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0xC747D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0xC7601000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0xC7068000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xCC253000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xCC000000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0xCB326000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xCBE09000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xC7148000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xC740C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xCC0B0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xCCE02000 C:\Windows\System32\Drivers\aswSnx.SYS 385024 bytes (AVAST Software, avast! Virtualization Driver)
0xCC204000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0xC729E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0xCCEF9000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xCD607000 C:\Windows\System32\Drivers\aswSP.SYS 294912 bytes (AVAST Software, avast! self protection module)
0xCB20F000 C:\Windows\system32\DRIVERS\deltaII.sys 294912 bytes (Avid Technology, Inc., M-Audio Delta PCI driver)
0xC7202000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0xCB2A0000 C:\Windows\system32\DRIVERS\nvmfdx32.sys 286720 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0xC7027000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0xC7350000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0xCB2E6000 C:\Windows\system32\DRIVERS\atikmpag.sys 262144 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0xC77A4000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xCCFAF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xC75B3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xCD692000 C:\Windows\system32\DRIVERS\udfs.sys 241664 bytes (Microsoft Corporation, UDF File System Driver)
0xCC18B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0xC7913000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xCD735000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0xCBFC0000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xE2E08000 ACPI_HAL 208896 bytes
0xE2E08000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xCC35E000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0xC7391000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xCCF46000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0xCBEB7000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0xCB3C6000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xC7588000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xCB257000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xCD788000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xCC1DC000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xC7963000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0xC7251000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xC73D3000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xCBF13000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xC799B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xCC14B000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xCBE96000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xCC16C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xC7315000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xCD6E4000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0xC7333000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce™ Sata Performance Driver)
0xCD7CF000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0xC76EB000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xCD71A000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xCBBDE000 C:\Windows\system32\drivers\AtihdLH3.sys 106496 bytes (Advanced Micro Devices, AMD High Definition Audio Function Driver)
0xC7776000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0xCC11D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0xCB281000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xCC1C4000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0xC7735000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0xC71D1000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0xCBEF1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xCD64F000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xCCF78000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0xCCEC5000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xCC136000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xCBF59000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xCBF45000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xCCEE5000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xC774D000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xCD7BC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0xCCF9C000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xC798A000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xCBBCD000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0xC700E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0xCBF99000 C:\Windows\system32\DRIVERS\amdiox86.sys 65536 bytes (Advanced Micro Devices, AMD IO Driver)
0xC771A000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0xC73C3000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0xCD671000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xCD778000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0xC72FD000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0xCBF6E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0xCBF8A000 C:\Windows\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xCD70B000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0xC7954000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xC7280000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0xCBF36000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xC77E2000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xC728F000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0xD7280000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0xCCF8E000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0xCCEAE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0xC72EF000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xCD6CD000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0xCBFA9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xC71C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xCC33B000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xCC352000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0xCCE87000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xCBBC1000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0xC772A000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xC7760000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0xC776B000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0xCCEA3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0xCBF08000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xCBEE6000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xCC347000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0xC7706000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xCCEDB000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xCD6DA000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0xCD701000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xCBFB6000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0xCBF80000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xCD7B2000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0xCCFEB000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xCC331000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xC7790000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xC779A000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xCD7EC000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xCCFF5000 C:\Windows\system32\drivers\cpuz135_x32.sys 36864 bytes (CPUID, CPUID Driver)
0xC79BC000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0xCCE60000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xCD668000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xCD689000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xCCE77000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xCCEBC000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xD7260000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xC7711000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xC7248000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xC730D000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xC701F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xCD681000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xC7278000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0xCCE93000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xCCE9B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xC794C000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xCCE70000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0xCB299000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0xCCE80000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xC7007000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xCCE69000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xCD7F5000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0xC72E8000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xCCF41000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xCD76D000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xCD7FD000 C:\Windows\System32\Drivers\mvCmdemo.SYS 8192 bytes (MaxiVista, MaxiVista demo video driver)
0xCC9FD000 C:\Windows\system32\DRIVERS\mvvideodemo.sys 8192 bytes (MaxiVista, MaxiVista demo video driver)
0xCC9FB000 C:\Windows\System32\Drivers\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 267.24 )
0xCBF7E000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xCD666000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xCD7FC000 C:\Windows\System32\Machnm32.sys 4096 bytes
==============================================
>Stealth
==============================================
0x03F30000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 102400 bytes
0x08330000 Hidden Image-->Microsoft.WindowsAPICodePack.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 102400 bytes
0x07510000 Hidden Image-->Branding.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 110592 bytes
0x00990000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 118784 bytes
0x01750000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 118784 bytes
0x06950000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 118784 bytes
0x07AE0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 1224704 bytes
0x08A70000 Hidden Image-->CLI.Aspect.User.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 1282048 bytes
0x06B20000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 143360 bytes
0x04D20000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 176128 bytes
0x07190000 Hidden Image-->Localization.Foundation.Implementation.default_Localization.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 184320 bytes
0x07990000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 184320 bytes
0x074B0000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 192512 bytes
0x08610000 Hidden Image-->CLI.Combined.Graphics.Aspects1.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 2068480 bytes
0x08810000 Hidden Image-->CLI.Combined.Graphics.Aspects2.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 2478080 bytes
0x06230000 Hidden Image-->CLI.Combined.Graphics.Aspects2.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 258048 bytes
0x07940000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 266240 bytes
0x07E80000 Hidden Image-->CLI.Foundation.Client.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 266240 bytes
0x07020000 Hidden Image-->LOCALIZATION.Foundation.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 282624 bytes
0x00AC0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 28672 bytes
0x01B00000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 28672 bytes
0x05E40000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x00A80000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x00AC0000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x03E00000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04090000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04920000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04900000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04910000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04A50000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04B90000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04BC0000 Hidden Image-->DEM.Graphics.I1010.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x04D00000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x053B0000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x05710000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x05E10000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06B00000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x05EF0000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06290000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x064C0000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x065D0000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x065F0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06C50000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06C20000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06C70000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06D00000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06D10000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06D30000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06D70000 Hidden Image-->DEM.Graphics.I1011.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06FC0000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06DF0000 Hidden Image-->atixclib.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x06FE0000 Hidden Image-->CLI.Caste.Fuel.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x071D0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x07240000 Hidden Image-->CLI.Aspect.WiFi.Fuel.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x072D0000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x07310000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x07370000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x07580000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x07730000 Hidden Image-->CLI.Caste.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x0A220000 Hidden Image-->CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 28672 bytes
0x05DA0000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 299008 bytes
0x03EA0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 36864 bytes
0x018E0000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x03F60000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x05EE0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x05F00000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06610000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06980000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06970000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06C60000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06FB0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06FF0000 Hidden Image-->Fuel.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x07250000 Hidden Image-->CLI.Aspect.CPUPStates.Fuel.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x07230000 Hidden Image-->CLI.Aspect.DPPE.Fuel.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x07220000 Hidden Image-->CLI.Aspect.Fets.Fuel.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x072B0000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 36864 bytes
0x06B70000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 397312 bytes
0x073A0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 397312 bytes
0x00A10000 Hidden Image-->unknown_code_page [ EPROCESS 0xC62D89B0 ] PID: 5184, 4096 bytes
0x07430000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 430080 bytes
0x009C0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 45056 bytes
0x009E0000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 45056 bytes
0x03E90000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 45056 bytes
0x00A50000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x00A70000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x00B00000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x03E10000 Hidden Image-->ATICCCom.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x05EB0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x06600000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x06BE0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x06B50000 Hidden Image-->CLI.Aspect.AMDHome.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x06EF0000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x06FD0000 Hidden Image-->CLI.Caste.Fuel.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x07380000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x079C0000 Hidden Image-->CLI.Aspect.Fets.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x079D0000 Hidden Image-->CLI.Aspect.WiFi.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 45056 bytes
0x080D0000 Hidden Image-->Microsoft.WindowsAPICodePack.Shell.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 512000 bytes
0x03DC0000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x03F50000 Hidden Image-->AEM.Server.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x04940000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x06220000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x069F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x06C30000 Hidden Image-->CLI.Aspect.UpdateNotification.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x06C40000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x07C30000 Hidden Image-->CLI.Aspect.CPUPStates.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 53248 bytes
0x0A840000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 536576 bytes
0x018F0000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x040A0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x064B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x06990000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x06B10000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x06C80000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x07000000 Hidden Image-->Fuel.Implementation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x07360000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 61440 bytes
0x00AA0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 69632 bytes
0x03DE0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 69632 bytes
0x06CB0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 69632 bytes
0x07C10000 Hidden Image-->CLI.Aspect.DPPE.Fuel.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 69632 bytes
0x009F0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0xC62A94C8 ] PID: 5632, 77824 bytes
0x00AD0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 77824 bytes
0x06270000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 77824 bytes
0x069A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 77824 bytes
0x06CD0000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 77824 bytes
0x08260000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 782336 bytes
0x06620000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 86016 bytes
0x07290000 Hidden Image-->APM.Server.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 86016 bytes
0x07FF0000 Hidden Image-->CLI.Component.Dashboard.ProfileManager2.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 86016 bytes
0x069C0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 94208 bytes
0x071E0000 Hidden Image-->CLI.Combined.Fusion.Aspects.Runtime.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 94208 bytes
0x06E00000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0xC4D83340 ] PID: 3736, 978944 bytes

#6
Render

Posted 30 May 2011 - 01:39 PM

Trusted Helper

Malware Removal
4,195 posts

OK. Now do the following:

Step 1

Quit all running programs and run RogueKiller once again.

For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 2 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Step 2

Double click the aswMBR.exe to run it once again.
Click the Scan button to start scan.
On completion of the scan click Save log, save it to your desktop and post in your next reply.

When completed the above, please post back the following in the order asked for:

Contents of the RKreport.txt
Fresh aswMBR log

#7
skookum

Posted 30 May 2011 - 01:59 PM

Member

Topic Starter
Member
43 posts

Right clicking to run as admin crashes explorer.
Left clicking to run i can do.

Here is the log

RogueKiller V5.1.9 [05/29/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 05/30/2011 20:53:16

Bad processes: 0

Registry Entries: 13
[SUSP PATH] At1.job : c:\users\admini~1\appdata\local\temp\regedt32a.exe -> DELETED
[SUSP PATH] At10.job : c:\users\admini~1\appdata\local\temp\dvdupgrda.exe -> DELETED
[SUSP PATH] At2.job : c:\users\admini~1\appdata\local\temp\syskeyb.exe -> DELETED
[SUSP PATH] At3.job : c:\users\admini~1\appdata\local\temp\unregmp2a.exe -> DELETED
[SUSP PATH] At4.job : c:\users\admini~1\appdata\local\temp\upnpconta.exe -> DELETED
[SUSP PATH] At5.job : c:\users\admini~1\appdata\local\temp\wextractb.exe -> DELETED
[SUSP PATH] At6.job : c:\users\admini~1\appdata\local\temp\bdeunlockwizarda.exe -> DELETED
[SUSP PATH] At7.job : c:\users\admini~1\appdata\local\temp\dfdwizb.exe -> DELETED
[SUSP PATH] At8.job : c:\users\admini~1\appdata\local\temp\dialerb.exe -> DELETED
[SUSP PATH] At9.job : c:\users\admini~1\appdata\local\temp\diskraida.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
ÿþ1

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

aswMBR still wont let me do a scan, same error as last time.

#8
Render

Posted 30 May 2011 - 02:16 PM

Trusted Helper

Malware Removal
4,195 posts

Please tell me if you have your original Windows Vista CD/DVD available. Also have you access to some other malware free computer?

The steps that I am about to suggest can render your system unbootable.

#9
skookum

Posted 30 May 2011 - 02:36 PM

Member

Topic Starter
Member
43 posts

I do have access to a Windows Vista Home Basic SP1 disk, i also have a laptop which is clean.

#10
Render

Posted 30 May 2011 - 02:38 PM

Trusted Helper

Malware Removal
4,195 posts

OK. Then please try with this:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

#11
skookum

Posted 30 May 2011 - 02:55 PM

Member

Topic Starter
Member
43 posts

I have solved my issue relating to right clicking Roguekiller which would crash explorer.
I had some software from years ago still on my pc, E-press One software, it has been a nightmare to get it off my pc, recently i almost managed to clear it all out, but 5 .dll files refused to budge from folder.
I have just followed a youtube video regarding windows explorer crashes and using Autoruns prog i noticed E-press One had an entry in HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers, i disabled it rebooted went to the E-press folder and was able to clear it out for good.
Now i can right click again and not crash explorer.
I can also use my UltraSearch program and right click on result and "open contaning folder" without it crashing.

Now my only problem is when i go into my AppData folder Windows Explorer Vanishes.

#12
skookum

Posted 30 May 2011 - 03:06 PM

Member

Topic Starter
Member
43 posts

2011/05/30 22:04:38.0644 2592 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 22:04:38.0801 2592 ================================================================================
2011/05/30 22:04:38.0801 2592 SystemInfo:
2011/05/30 22:04:38.0801 2592
2011/05/30 22:04:38.0801 2592 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/30 22:04:38.0801 2592 Product type: Workstation
2011/05/30 22:04:38.0801 2592 ComputerName: DZ-PC
2011/05/30 22:04:38.0801 2592 UserName: Administrator
2011/05/30 22:04:38.0801 2592 Windows directory: C:\Windows
2011/05/30 22:04:38.0801 2592 System windows directory: C:\Windows
2011/05/30 22:04:38.0801 2592 Processor architecture: Intel x86
2011/05/30 22:04:38.0801 2592 Number of processors: 2
2011/05/30 22:04:38.0801 2592 Page size: 0x1000
2011/05/30 22:04:38.0801 2592 Boot type: Normal boot
2011/05/30 22:04:38.0801 2592 ================================================================================
2011/05/30 22:04:39.0051 2592 Initialize success
2011/05/30 22:04:44.0535 5672 ================================================================================
2011/05/30 22:04:44.0535 5672 Scan started
2011/05/30 22:04:44.0535 5672 Mode: Manual;
2011/05/30 22:04:44.0535 5672 ================================================================================
2011/05/30 22:04:44.0863 5672 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/30 22:04:44.0973 5672 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/30 22:04:45.0051 5672 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/30 22:04:45.0098 5672 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/30 22:04:45.0144 5672 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/30 22:04:45.0238 5672 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/30 22:04:45.0316 5672 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/30 22:04:45.0363 5672 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/30 22:04:45.0394 5672 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/30 22:04:45.0473 5672 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/30 22:04:45.0504 5672 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/30 22:04:45.0566 5672 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
2011/05/30 22:04:45.0660 5672 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/30 22:04:45.0723 5672 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/30 22:04:45.0988 5672 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/30 22:04:46.0160 5672 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/30 22:04:46.0254 5672 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/05/30 22:04:46.0332 5672 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/30 22:04:46.0410 5672 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/30 22:04:46.0488 5672 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/05/30 22:04:46.0613 5672 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/05/30 22:04:46.0691 5672 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/05/30 22:04:46.0785 5672 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/05/30 22:04:46.0816 5672 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/05/30 22:04:46.0894 5672 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/05/30 22:04:46.0973 5672 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 22:04:47.0019 5672 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/30 22:04:47.0113 5672 AtiHDAudioService (1af3b5f04cc572daffcb6b5528c63134) C:\Windows\system32\drivers\AtihdLH3.sys
2011/05/30 22:04:47.0176 5672 AtiHdmiService (ede8a5714cfc1168979e57e00f8a6bf5) C:\Windows\system32\drivers\AtiHdmi.sys
2011/05/30 22:04:47.0285 5672 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/30 22:04:47.0394 5672 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 22:04:47.0473 5672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/30 22:04:47.0535 5672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/30 22:04:47.0613 5672 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/30 22:04:47.0660 5672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/30 22:04:47.0707 5672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/30 22:04:47.0785 5672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/30 22:04:47.0863 5672 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/30 22:04:47.0941 5672 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 22:04:48.0019 5672 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 22:04:48.0098 5672 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/30 22:04:48.0160 5672 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/30 22:04:48.0238 5672 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/30 22:04:48.0348 5672 cmpci (21d32a883613739d206166ec1ae561f1) C:\Windows\system32\drivers\cmaudio.sys
2011/05/30 22:04:48.0394 5672 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/05/30 22:04:48.0488 5672 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/05/30 22:04:48.0566 5672 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/30 22:04:48.0613 5672 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/30 22:04:48.0801 5672 DELTAII (6f779ef09a753def31c8cb2833480676) C:\Windows\system32\DRIVERS\deltaII.sys
2011/05/30 22:04:48.0848 5672 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 22:04:48.0988 5672 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/30 22:04:49.0098 5672 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 22:04:49.0223 5672 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 22:04:49.0285 5672 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/30 22:04:49.0363 5672 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/30 22:04:49.0504 5672 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/30 22:04:49.0676 5672 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/30 22:04:49.0738 5672 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 22:04:49.0832 5672 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 22:04:49.0957 5672 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 22:04:50.0019 5672 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 22:04:50.0066 5672 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 22:04:50.0113 5672 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 22:04:50.0191 5672 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 22:04:50.0238 5672 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/30 22:04:50.0332 5672 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/05/30 22:04:50.0426 5672 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 22:04:50.0488 5672 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 22:04:50.0551 5672 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/30 22:04:50.0629 5672 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/30 22:04:50.0723 5672 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 22:04:50.0785 5672 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/30 22:04:50.0894 5672 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 22:04:50.0988 5672 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/30 22:04:51.0066 5672 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/05/30 22:04:51.0191 5672 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/30 22:04:51.0269 5672 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 22:04:51.0332 5672 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/30 22:04:51.0441 5672 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/30 22:04:51.0519 5672 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/30 22:04:51.0582 5672 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 22:04:51.0644 5672 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 22:04:51.0769 5672 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/30 22:04:51.0848 5672 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/30 22:04:51.0941 5672 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 22:04:52.0035 5672 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/30 22:04:52.0098 5672 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 22:04:52.0144 5672 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/30 22:04:52.0223 5672 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/30 22:04:52.0316 5672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 22:04:52.0379 5672 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/30 22:04:52.0457 5672 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 22:04:52.0566 5672 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 22:04:52.0644 5672 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/30 22:04:52.0707 5672 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/30 22:04:52.0754 5672 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/30 22:04:52.0801 5672 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/30 22:04:52.0879 5672 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\Windows\System32\Machnm32.sys
2011/05/30 22:04:53.0113 5672 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/30 22:04:53.0191 5672 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/30 22:04:53.0238 5672 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 22:04:53.0316 5672 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 22:04:53.0379 5672 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 22:04:53.0426 5672 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 22:04:53.0519 5672 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/30 22:04:53.0582 5672 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 22:04:53.0676 5672 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/30 22:04:53.0738 5672 MRV6X32P (7e7370bf64462a09d5e82fcf4a481d78) C:\Windows\system32\DRIVERS\MRVW13B.sys
2011/05/30 22:04:53.0801 5672 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 22:04:53.0863 5672 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 22:04:53.0910 5672 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 22:04:53.0941 5672 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 22:04:53.0988 5672 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/30 22:04:54.0051 5672 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/30 22:04:54.0191 5672 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 22:04:54.0269 5672 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/30 22:04:54.0348 5672 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 22:04:54.0394 5672 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 22:04:54.0441 5672 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 22:04:54.0488 5672 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 22:04:54.0535 5672 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 22:04:54.0613 5672 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 22:04:54.0660 5672 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/30 22:04:54.0738 5672 mvCmdemo (5a8f961b30ffccd21bd0fe05c9712044) C:\Windows\system32\Drivers\mvCmdemo.SYS
2011/05/30 22:04:54.0816 5672 mvvideodemo (d52aedb0ecb78a94dfa925a9cfbed540) C:\Windows\system32\DRIVERS\mvvideodemo.sys
2011/05/30 22:04:54.0910 5672 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 22:04:55.0035 5672 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/30 22:04:55.0113 5672 ndiscm (33c0ba2979df266e67f5e632f41591bb) C:\Windows\system32\DRIVERS\NetMotCM.sys
2011/05/30 22:04:55.0191 5672 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 22:04:55.0238 5672 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 22:04:55.0285 5672 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 22:04:55.0348 5672 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 22:04:55.0426 5672 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 22:04:55.0488 5672 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 22:04:55.0629 5672 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/30 22:04:55.0691 5672 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 22:04:55.0754 5672 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 22:04:55.0848 5672 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 22:04:55.0941 5672 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/30 22:04:56.0051 5672 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/05/30 22:04:56.0082 5672 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/30 22:04:56.0176 5672 NVENETFD (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/30 22:04:56.0488 5672 nvlddmkm (6ef47521dce982602a25afb41dd13d4f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 22:04:56.0676 5672 NVNET (1efec38a852ab35883bfff3427b92b3f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/05/30 22:04:56.0738 5672 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/30 22:04:56.0785 5672 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/30 22:04:56.0848 5672 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/05/30 22:04:56.0926 5672 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/30 22:04:57.0129 5672 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/30 22:04:57.0238 5672 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/05/30 22:04:57.0301 5672 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 22:04:57.0394 5672 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/30 22:04:57.0488 5672 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/30 22:04:57.0582 5672 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/30 22:04:57.0644 5672 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/30 22:04:57.0723 5672 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/30 22:04:57.0879 5672 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 22:04:57.0910 5672 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/30 22:04:58.0066 5672 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 22:04:58.0191 5672 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/30 22:04:58.0269 5672 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/30 22:04:58.0363 5672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 22:04:58.0473 5672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 22:04:58.0551 5672 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 22:04:58.0613 5672 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 22:04:58.0676 5672 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 22:04:58.0723 5672 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 22:04:58.0769 5672 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 22:04:58.0832 5672 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/30 22:04:58.0894 5672 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 22:04:58.0941 5672 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 22:04:59.0066 5672 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 22:04:59.0160 5672 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/30 22:04:59.0285 5672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 22:04:59.0394 5672 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/30 22:04:59.0473 5672 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/05/30 22:04:59.0551 5672 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/30 22:04:59.0910 5672 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/30 22:05:00.0004 5672 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/30 22:05:00.0051 5672 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/30 22:05:00.0098 5672 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/30 22:05:00.0176 5672 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/30 22:05:00.0238 5672 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/30 22:05:00.0269 5672 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/30 22:05:00.0348 5672 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 22:05:00.0473 5672 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/30 22:05:00.0535 5672 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 22:05:00.0629 5672 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 22:05:00.0676 5672 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 22:05:00.0832 5672 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 22:05:00.0894 5672 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/30 22:05:00.0973 5672 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/30 22:05:01.0019 5672 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/30 22:05:01.0160 5672 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 22:05:01.0254 5672 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 22:05:01.0316 5672 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 22:05:01.0394 5672 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 22:05:01.0410 5672 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 22:05:01.0473 5672 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 22:05:01.0535 5672 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 22:05:01.0691 5672 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 22:05:01.0769 5672 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/30 22:05:01.0832 5672 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 22:05:01.0894 5672 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/30 22:05:01.0941 5672 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 22:05:02.0035 5672 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/30 22:05:02.0098 5672 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/30 22:05:02.0129 5672 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/30 22:05:02.0191 5672 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/30 22:05:02.0254 5672 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 22:05:02.0363 5672 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/30 22:05:02.0441 5672 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 22:05:02.0488 5672 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/30 22:05:02.0582 5672 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 22:05:02.0613 5672 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 22:05:02.0660 5672 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/30 22:05:02.0723 5672 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/30 22:05:02.0754 5672 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/30 22:05:02.0816 5672 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 22:05:02.0863 5672 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 22:05:02.0941 5672 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 22:05:02.0988 5672 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/30 22:05:03.0035 5672 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/30 22:05:03.0082 5672 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/30 22:05:03.0113 5672 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/30 22:05:03.0176 5672 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/30 22:05:03.0223 5672 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 22:05:03.0301 5672 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/30 22:05:03.0379 5672 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/30 22:05:03.0473 5672 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/30 22:05:03.0566 5672 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:05:03.0598 5672 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:05:03.0691 5672 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/30 22:05:03.0769 5672 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 22:05:04.0035 5672 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/30 22:05:04.0129 5672 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/30 22:05:04.0254 5672 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/30 22:05:04.0332 5672 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 22:05:04.0426 5672 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 22:05:04.0488 5672 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/30 22:05:04.0504 5672 ================================================================================
2011/05/30 22:05:04.0504 5672 Scan finished
2011/05/30 22:05:04.0504 5672 ================================================================================
2011/05/30 22:05:04.0535 1400 Detected object count: 0
2011/05/30 22:05:04.0535 1400 Actual detected object count: 0
2011/05/30 22:05:16.0549 3424 Deinitialize success

#13
Render

Posted 30 May 2011 - 03:10 PM

Trusted Helper

Malware Removal
4,195 posts

OK. We will deal with those orphaned dll's and other files when will be sure that your system is not infected. Please proceed with this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.

#14
skookum

Posted 30 May 2011 - 03:57 PM

Member

Topic Starter
Member
43 posts

ComboFix 11-05-30.06 - Administrator 30/05/2011 22:43:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2558.1639 [GMT 1:00]
Running from: C:\Users\Administrator\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
* Created a new restore point
* Resident AV is active

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Install.exe
C:\Program Files\Steam\Steam.exe
C:\Users\Administrator\AppData\Roaming\EurekaLog
C:\Users\Administrator\AppData\Roaming\EurekaLog\EurekaLog.ini
C:\Windows\system32\InN64proc64.dll
C:\Windows\system32\msvcsv60.dll
C:\Windows\system32\OutN64proc64.dll
C:\Windows\system32\win.ini

((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))

2011-05-30 21:52:54 . 2011-05-30 21:52:54 -------- d-----w- C:\Users\Dz\AppData\Local\temp
2011-05-30 21:52:54 . 2011-05-30 21:52:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-05-30 21:52:54 . 2011-05-30 21:52:54 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2011-05-30 21:52:54 . 2011-05-30 21:52:54 -------- d-----w- C:\Users\acturaid\AppData\Local\temp
2011-05-30 17:56:58 . 2011-05-30 17:56:58 -------- d-----w- C:\_OTL
2011-05-30 15:07:25 . 2011-05-30 15:07:25 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Publish Providers
2011-05-30 15:07:16 . 2011-05-30 15:07:17 -------- d-----w- C:\Users\Administrator\AppData\Local\Sony
2011-05-30 15:06:11 . 2011-05-30 15:06:11 -------- d-----w- C:\ProgramData\Sony
2011-05-30 15:06:00 . 2011-05-30 15:06:57 -------- d-----w- C:\Program Files\Sony
2011-05-30 15:03:40 . 2011-05-30 15:07:29 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Sony
2011-05-30 07:20:33 . 2011-05-30 07:20:33 -------- d-----w- C:\Program Files\IK Multimedia
2011-05-30 00:29:32 . 2011-05-30 00:29:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\VST3 Presets
2011-05-29 23:13:00 . 2011-05-29 23:13:00 -------- d-----w- C:\Users\Administrator\AppData\Local\Ahead
2011-05-29 23:12:09 . 2011-05-30 20:50:35 -------- d-----w- C:\Users\Administrator\AppData\Roaming\UltraExplorer
2011-05-29 23:12:06 . 2011-05-29 23:28:24 -------- d-----w- C:\Program Files\UltraExplorer
2011-05-29 22:53:26 . 2011-03-12 21:55:52 876032 ----a-w- C:\Windows\system32\XpsPrint.dll
2011-05-29 22:47:06 . 2011-05-29 22:47:06 -------- d-----w- C:\Windows\en
2011-05-29 22:44:28 . 2011-05-29 22:44:28 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2011-05-29 22:43:45 . 2011-05-29 22:43:45 -------- d-----w- C:\Windows\PCHEALTH
2011-05-29 22:43:27 . 2011-05-29 22:47:55 -------- d-----w- C:\Program Files\Windows Live
2011-05-29 22:43:02 . 2011-05-29 22:43:02 -------- d-----w- C:\Program Files\MSN Toolbar
2011-05-29 22:42:56 . 2011-05-29 22:43:19 -------- d-----w- C:\Program Files\Bing Bar Installer
2011-05-29 22:41:30 . 2011-05-29 22:41:30 -------- d-----w- C:\Users\Administrator\AppData\Local\Windows Live
2011-05-29 22:41:02 . 2009-08-04 08:02:24 754688 ----a-w- C:\Windows\system32\webservices.dll
2011-05-29 22:24:58 . 2011-05-29 22:24:58 -------- d-----w- C:\Program Files\Windows Portable Devices
2011-05-29 22:19:46 . 2009-09-10 02:00:36 92672 ----a-w- C:\Windows\system32\UIAnimation.dll
2011-05-29 22:19:45 . 2009-09-10 02:01:02 3023360 ----a-w- C:\Windows\system32\UIRibbon.dll
2011-05-29 22:19:45 . 2009-09-10 02:00:54 1164800 ----a-w- C:\Windows\system32\UIRibbonRes.dll
2011-05-29 22:15:35 . 2009-10-08 21:08:01 234496 ----a-w- C:\Windows\system32\oleacc.dll
2011-05-29 22:15:35 . 2009-10-08 21:07:59 4096 ----a-w- C:\Windows\system32\oleaccrc.dll
2011-05-29 22:15:34 . 2009-10-08 21:08:01 555520 ----a-w- C:\Windows\system32\UIAutomationCore.dll
2011-05-29 22:12:01 . 2011-05-29 22:12:01 161792 ----a-w- C:\Windows\system32\msls31.dll
2011-05-29 22:12:00 . 2011-05-29 22:12:01 1126912 ----a-w- C:\Windows\system32\wininet.dll
2011-05-29 22:12:00 . 2011-05-29 22:12:00 307200 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe
2011-05-29 22:12:00 . 2011-05-29 22:12:00 107008 ----a-w- C:\Program Files\Internet Explorer\iecleanup.exe
2011-05-29 22:10:52 . 2011-05-29 22:10:52 979456 ----a-w- C:\Windows\system32\MFH264Dec.dll
2011-05-29 22:07:23 . 2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2011-05-29 22:07:23 . 2011-02-22 13:33:09 797696 ----a-w- C:\Windows\system32\FntCache.dll
2011-05-29 22:07:22 . 2011-02-22 14:13:01 288768 ----a-w- C:\Windows\system32\XpsGdiConverter.dll
2011-05-29 21:46:13 . 2011-05-29 21:46:22 -------- d-----w- C:\Windows\system32\ca-ES
2011-05-29 21:46:13 . 2011-05-29 21:46:21 -------- d-----w- C:\Windows\system32\vi-VN
2011-05-29 21:46:13 . 2011-05-29 21:46:21 -------- d-----w- C:\Windows\system32\eu-ES
2011-05-29 21:29:17 . 2011-05-29 21:29:17 -------- d-----w- C:\Windows\system32\EventProviders
2011-05-29 21:27:59 . 2009-04-11 06:32:46 223208 ----a-w- C:\Windows\system32\drivers\netio.sys
2011-05-29 20:33:55 . 2011-05-29 20:33:55 -------- d-----w- C:\Program Files\Microsoft
2011-05-29 20:25:36 . 2011-05-29 20:25:36 -------- d-----w- C:\Program Files\Common Files\Windows Live
2011-05-29 20:19:32 . 2011-03-03 15:40:13 28672 ----a-w- C:\Windows\system32\Apphlpdm.dll
2011-05-29 20:19:32 . 2011-03-03 13:35:36 4240384 ----a-w- C:\Windows\system32\GameUXLegacyGDFs.dll
2011-05-29 19:41:35 . 2008-05-27 04:59:40 18904 ----a-w- C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2011-05-29 19:32:09 . 2010-10-19 04:27:49 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-05-29 19:31:32 . 2009-01-08 01:20:17 265720 ----a-w- C:\Program Files\Internet Explorer\msdbg2.dll
2011-05-29 19:31:31 . 2009-01-08 01:20:17 355832 ----a-w- C:\Program Files\Internet Explorer\pdm.dll
2011-05-29 19:28:01 . 2009-10-09 21:56:07 2048 ----a-w- C:\Windows\system32\winrsmgr.dll
2011-05-29 19:26:59 . 2010-10-15 13:48:59 1205080 ----a-w- C:\Windows\system32\ntdll.dll
2011-05-29 19:25:20 . 2010-10-18 13:37:35 81920 ----a-w- C:\Windows\system32\consent.exe
2011-05-29 19:25:13 . 2010-06-16 16:04:57 905088 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2011-05-29 19:25:12 . 2010-11-04 18:55:38 352768 ----a-w- C:\Windows\system32\taskschd.dll
2011-05-29 19:25:12 . 2010-11-04 18:55:12 601600 ----a-w- C:\Windows\system32\schedsvc.dll
2011-05-29 19:25:11 . 2010-11-04 18:56:07 345600 ----a-w- C:\Windows\system32\wmicmiplugin.dll
2011-05-29 19:25:11 . 2010-11-04 18:55:38 270336 ----a-w- C:\Windows\system32\taskcomp.dll
2011-05-29 19:25:11 . 2010-11-04 16:34:06 171520 ----a-w- C:\Windows\system32\taskeng.exe
2011-05-29 19:25:03 . 2010-10-28 13:20:12 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-05-29 19:20:53 . 2010-12-17 15:45:10 2067968 ----a-w- C:\Windows\system32\mstscax.dll
2011-05-29 19:20:53 . 2010-12-17 13:54:03 677888 ----a-w- C:\Windows\system32\mstsc.exe
2011-05-29 19:20:53 . 2009-04-11 06:28:07 63488 ----a-w- C:\Windows\system32\tscupgrd.exe
2011-05-29 19:19:00 . 2010-08-31 15:44:31 531968 ----a-w- C:\Windows\system32\comctl32.dll
2011-05-29 18:51:52 . 2007-12-03 10:21:44 2513432 ----a-w- C:\Windows\system32\pcifmdio.dll
2011-05-29 18:51:52 . 2007-12-03 10:21:42 236040 ----a-w- C:\Windows\system32\DeltaIITray.exe
2011-05-29 18:51:52 . 2007-12-03 10:21:42 21000 ----a-w- C:\Windows\system32\DeltaIIpnl.dll
2011-05-29 18:51:52 . 2007-12-03 10:21:40 727560 ----a-w- C:\Windows\system32\DeltaIICpl.exe
2011-05-29 18:51:52 . 2007-12-03 10:21:40 12296 ----a-w- C:\Windows\system32\deltaIICoIn.dll
2011-05-29 18:51:52 . 2007-12-03 10:21:38 25096 ----a-w- C:\Windows\system32\deltaIIasio.dll
2011-05-29 18:51:52 . 2007-12-03 10:21:30 297992 ----a-w- C:\Windows\system32\drivers\deltaII.sys
2011-05-29 18:51:52 . 2007-12-03 10:21:28 26632 ----a-w- C:\Windows\system32\DeltaII.cpl
2011-05-29 18:51:16 . 2011-05-29 23:19:31 -------- d-----w- C:\Program Files\M-Audio
2011-05-29 18:51:14 . 2011-05-29 18:51:14 -------- d-----w- C:\Users\Administrator\AppData\Roaming\InstallShield
2011-05-29 17:34:38 . 2011-05-29 17:34:38 -------- d-----w- C:\PerfLogs
2011-05-29 17:12:05 . 2008-01-19 07:29:08 705536 ----a-w- C:\Windows\system32\imagesp1.dll
2011-05-29 17:12:02 . 2008-01-19 07:36:36 116736 ----a-w- C:\Windows\system32\sstpsvc.dll
2011-05-29 17:10:59 . 2008-01-19 07:37:12 305152 ----a-w- C:\Windows\system32\WUDFx.dll
2011-05-29 17:09:59 . 2008-01-19 07:37:11 15360 ----a-w- C:\Windows\system32\wsock32.dll
2011-05-29 10:05:02 . 2011-05-29 10:05:02 -------- d-----w- C:\Users\Administrator\AppData\Roaming\iZotope
2011-05-29 02:36:43 . 2011-05-29 02:55:11 -------- d-----w- C:\Users\Administrator\DoctorWeb
2011-05-28 17:06:17 . 2009-12-19 10:18:14 2395648 ----a-w- C:\Windows\system32\SYNSOEMU.DLL
2011-05-28 17:06:09 . 2011-05-28 17:06:09 -------- d-----w- C:\Program Files\Common Files\VST3
2011-05-28 17:03:58 . 2011-05-28 17:03:58 -------- d-----w- C:\ProgramData\VST3 Presets
2011-05-28 16:55:43 . 2011-05-28 16:55:43 -------- d-----w- C:\ProgramData\Steinberg
2011-05-28 16:55:43 . 2011-05-28 16:55:43 -------- d-----w- C:\Program Files\Common Files\Steinberg
2011-05-28 16:47:11 . 2011-05-30 14:41:36 -------- d-----w- C:\Program Files\Steinberg
2011-05-28 16:47:11 . 2011-05-30 00:01:52 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Steinberg
2011-05-28 15:38:30 . 2011-04-07 11:34:44 14568 ----a-w- C:\Windows\system32\drivers\mvCmdemo.SYS
2011-05-28 15:37:56 . 2011-04-07 11:34:46 13160 ----a-w- C:\Windows\system32\drivers\mvvideodemo.sys
2011-05-28 15:37:56 . 2011-04-07 11:34:44 24168 ----a-w- C:\Windows\system32\mvvideodemo.dll
2011-05-28 15:37:55 . 2011-05-28 15:38:06 -------- d-----w- C:\Program Files\MaxiVista Demo Server
2011-05-27 23:53:32 . 2011-05-27 23:53:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\JAM Software
2011-05-27 23:53:24 . 2011-05-27 23:53:24 -------- d-----w- C:\Program Files\JAM Software
2011-05-27 11:43:06 . 2011-05-27 11:43:06 -------- d-----w- C:\ProgramData\Ableton
2011-05-27 11:41:54 . 2011-05-27 11:41:54 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Thinstall
2011-05-27 11:41:54 . 2011-05-27 11:41:54 -------- d-----w- C:\Users\Administrator\AppData\Local\Thinstall
2011-05-27 02:35:31 . 2011-05-27 02:35:33 -------- dc-h--w- C:\ProgramData\{05835455-7C7C-4AA0-A7A0-63D407FC9E17}
2011-05-27 02:34:44 . 2011-05-27 02:34:45 -------- dc-h--w- C:\ProgramData\{2B0AD088-31DC-4A62-9BFF-8A02B70C0942}
2011-05-26 23:56:19 . 2011-05-27 02:38:49 -------- dc-h--w- C:\ProgramData\{63212DDB-3722-4A80-B4BE-CF435DDAD17C}
2011-05-26 22:00:13 . 2011-02-23 13:56:45 301528 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-05-26 22:00:13 . 2011-02-23 13:54:55 19544 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-05-26 22:00:12 . 2011-02-23 13:56:55 371544 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-05-26 22:00:12 . 2011-02-23 13:55:49 49240 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-05-26 22:00:12 . 2011-02-23 13:55:10 25432 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-05-26 22:00:12 . 2011-02-23 13:55:03 53592 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-05-26 22:00:01 . 2011-02-23 14:04:21 40648 ----a-w- C:\Windows\avastSS.scr
2011-05-26 22:00:01 . 2011-02-23 14:04:17 190016 ----a-w- C:\Windows\system32\aswBoot.exe
2011-05-26 21:59:51 . 2011-05-26 21:59:51 -------- d-----w- C:\ProgramData\AVAST Software
2011-05-26 21:59:51 . 2011-05-26 21:59:51 -------- d-----w- C:\Program Files\AVAST Software
2011-05-26 21:59:27 . 2011-05-30 14:39:02 -------- d-----w- C:\TEMP
2011-05-26 19:42:52 . 2011-05-26 19:42:57 -------- d-----w- C:\Program Files\Universal Extractor
2011-05-26 11:04:23 . 2011-05-26 22:11:57 -------- dc-h--w- C:\ProgramData\{5E4CAE11-3142-4132-BACC-8515F1910998}
2011-05-26 11:01:33 . 2011-05-26 11:01:40 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-05-26 11:01:27 . 2011-05-26 23:37:34 -------- d-----w- C:\ProgramData\Native Instruments
2011-05-25 22:15:47 . 2011-05-25 22:15:47 -------- d-----w- C:\Users\Administrator\AppData\Local\Adobe
2011-05-25 13:21:49 . 2011-05-27 00:27:23 -------- d-----w- C:\Users\Administrator\AppData\Local\Native Instruments
2011-05-25 12:35:52 . 2011-05-29 10:13:25 -------- d-----w- C:\Users\Administrator\Music Production
2011-05-25 12:05:19 . 2011-05-25 12:05:19 -------- dc----w- C:\ProgramData\{29CF7310-A1F2-43D3-9CA5-BAF68DCAEDC1}
2011-05-25 01:18:18 . 2011-05-25 01:18:18 -------- d-----w- C:\Users\Administrator\AppData\Local\Spectrasonics
2011-05-25 00:57:01 . 2011-05-25 00:57:01 -------- d-----w- C:\Program Files\Common Files\Digidesign
2011-05-25 00:56:52 . 2011-05-25 01:15:17 -------- d-----w- C:\ProgramData\Spectrasonics
2011-05-24 19:24:38 . 2011-05-27 09:03:40 -------- d-----w- C:\Program Files\Common Files\Native Instruments

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-05-29 22:43:37 . 2010-06-24 10:33:56 18328 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-29 22:10:10 . 2011-05-29 22:10:10 4096 ----a-w- C:\Windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-05-29 17:23:37 . 2006-11-02 10:32:57 101888 ----a-w- C:\Windows\system32\ifxcardm.dll
2011-05-29 17:23:36 . 2006-11-02 10:32:57 82432 ----a-w- C:\Windows\system32\axaltocm.dll
2011-05-15 21:24:00 . 2007-04-24 16:30:19 270776 ----a-w- C:\Windows\system32\PnkBstrB.xtr
2011-05-15 17:30:07 . 2007-04-24 16:22:00 270776 ----a-w- C:\Windows\system32\PnkBstrB.ex0
2011-05-15 15:12:20 . 2007-04-24 16:22:14 22328 ----a-w- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
2011-05-14 16:20:35 . 2007-08-07 21:48:36 499712 ----a-w- C:\Windows\system32\msvcp71.dll
2011-05-14 09:47:40 . 2011-05-14 09:47:40 36864 ----a-w- C:\Windows\system32\drivers\en-US\http.sys.mui
2011-05-14 08:56:14 . 2011-05-14 08:56:14 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2011-04-20 02:43:40 . 2011-04-20 02:43:40 7772160 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2011-04-20 02:09:18 . 2011-04-20 02:09:18 151552 ----a-w- C:\Windows\system32\atiapfxx.exe
2011-04-20 02:09:04 . 2011-04-06 02:03:14 676864 ----a-w- C:\Windows\system32\aticfx32.dll
2011-04-20 02:07:02 . 2011-04-20 02:07:02 17693184 ----a-w- C:\Windows\system32\atioglxx.dll
2011-04-20 02:05:08 . 2011-04-20 02:05:08 462848 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2011-04-20 02:04:36 . 2011-04-20 02:04:36 393216 ----a-w- C:\Windows\system32\atieclxx.exe
2011-04-20 02:04:06 . 2011-04-20 02:04:06 176128 ----a-w- C:\Windows\system32\atiesrxx.exe
2011-04-20 02:02:56 . 2011-04-20 02:02:56 159744 ----a-w- C:\Windows\system32\atitmmxx.dll
2011-04-20 02:02:42 . 2011-04-20 02:02:42 356352 ----a-w- C:\Windows\system32\atipdlxx.dll
2011-04-20 02:02:30 . 2011-04-20 02:02:30 278528 ----a-w- C:\Windows\system32\Oemdspif.dll
2011-04-20 02:02:22 . 2011-04-20 02:02:22 15872 ----a-w- C:\Windows\system32\atimuixx.dll
2011-04-20 02:02:16 . 2011-04-20 02:02:16 43520 ----a-w- C:\Windows\system32\ati2edxx.dll
2011-04-20 01:59:20 . 2011-04-20 01:59:20 4161536 ----a-w- C:\Windows\system32\atidxx32.dll
2011-04-20 01:46:14 . 2011-04-20 01:46:14 46080 ----a-w- C:\Windows\system32\aticalrt.dll
2011-04-20 01:46:02 . 2011-04-20 01:46:02 44032 ----a-w- C:\Windows\system32\aticalcl.dll
2011-04-20 01:42:04 . 2011-04-20 01:42:04 6389760 ----a-w- C:\Windows\system32\aticaldd.dll
2011-04-20 01:40:14 . 2011-04-20 01:40:14 1923584 ----a-w- C:\Windows\system32\atiumdmv.dll
2011-04-20 01:38:04 . 2011-04-06 01:35:00 4286464 ----a-w- C:\Windows\system32\atiumdag.dll
2011-04-20 01:30:36 . 2011-04-20 01:30:36 4056576 ----a-w- C:\Windows\system32\atiumdva.dll
2011-04-20 01:26:58 . 2010-10-27 02:14:58 52736 ----a-w- C:\Windows\system32\coinst.dll
2011-04-20 01:23:04 . 2011-04-20 01:23:04 262144 ----a-w- C:\Windows\system32\atiadlxx.dll
2011-04-20 01:22:52 . 2011-04-20 01:22:52 12800 ----a-w- C:\Windows\system32\atiglpxx.dll
2011-04-20 01:22:40 . 2011-04-20 01:22:40 32768 ----a-w- C:\Windows\system32\atigktxx.dll
2011-04-20 01:22:08 . 2011-04-20 01:22:08 243712 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2011-04-20 01:21:38 . 2011-04-20 01:21:38 31232 ----a-w- C:\Windows\system32\atiuxpag.dll
2011-04-20 01:21:24 . 2011-04-06 01:20:38 29184 ----a-w- C:\Windows\system32\atiu9pag.dll
2011-04-20 01:21:00 . 2011-04-06 01:20:16 37376 ----a-w- C:\Windows\system32\atitmpxx.dll
2011-04-20 01:20:50 . 2011-04-20 01:20:50 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2011-04-20 01:13:28 . 2011-04-20 01:13:28 52736 ----a-w- C:\Windows\system32\atimpc32.dll
2011-04-20 01:13:28 . 2011-04-20 01:13:28 52736 ----a-w- C:\Windows\system32\amdpcom32.dll
2011-04-08 11:28:58 . 2011-04-08 11:28:58 41872 ----a-w- C:\Windows\system32\xfcodec.dll
2011-04-05 21:09:48 . 2011-04-05 21:09:48 59904 ----a-w- C:\Windows\system32\OVDecode.dll
2011-04-05 21:09:08 . 2011-04-05 21:09:08 12385280 ----a-w- C:\Windows\system32\amdocl.dll
2011-03-30 18:46:24 . 2011-03-30 18:46:24 97808 ----a-w- C:\Windows\system32\drivers\AtihdLH3.sys
2011-03-03 15:40:07 . 2011-05-29 20:19:32 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 . 2011-05-29 20:19:32 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 . 2011-05-29 20:19:32 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 . 2011-05-29 20:19:33 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-04-14 16:26:02 . 2011-05-15 13:47:09 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04:11 122512 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Razer Imperator Driver"="C:\Program Files\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 13:15:28 2787224]
"SSDMonitor"="C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 07:46:02 104408]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 11:49:34 932288]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 21:11:22 336384]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2011-02-23 14:04:20 3451496]
"M-Audio Taskbar Icon"="C:\Windows\System32\DeltaIITray.exe" [2007-12-03 10:21:42 236040]
"DeltaIITaskbarApp"="C:\Windows\system32\DeltaIITray.exe" [2007-12-03 10:21:42 236040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 09:45:00 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-14 16:20:36 273544 ----a-w- C:\Program Files\Real\RealPlayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 12:16:28 130384]
R3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys [2010-01-28 12:34:32 101120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 12:16:28 753504]
R4 maximir;maximir;C:\Windows\system32\DRIVERS\maximir.sys [x]
R4 maxivista;Maxi_Vista_DriverA;C:\Windows\system32\DRIVERS\maxivista.sys [x]
R4 RAMDiskVE;RAMDiskVE;C:\Windows\system32\Drivers\RAMDiskVE.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 15:33:04 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-04-20 02:04:06 176128]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 21:17:18 294400]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 13:55:03 53592]
S2 cpuz135;cpuz135;C:\Windows\system32\drivers\cpuz135_x32.sys [2010-11-09 14:35:30 21992]
S2 mvCmdemo;mvCmdemo;C:\Windows\system32\Drivers\mvCmdemo.SYS [2011-04-07 11:34:44 14568]
S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-02-23 17:38:34 3656704]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 07:46:02 583640]
S3 amdiox86;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox86.sys [2010-02-18 08:18:22 37944]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 02:43:40 7772160]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-20 01:22:08 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH3.sys [2011-03-30 18:46:24 97808]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\Windows\system32\DRIVERS\deltaII.sys [2007-12-03 10:21:30 297992]
S3 mvvideodemo;MaxiVista Virtual Video Demo;C:\Windows\system32\DRIVERS\mvvideodemo.sys [2011-04-07 11:34:46 13160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

Contents of the 'Scheduled Tasks' folder

2011-05-30 C:\Windows\Tasks\User_Feed_Synchronization-{04BF8757-0A75-4F0E-9EAC-CEAD1E76BB4D}.job
- C:\Windows\system32\msfeedssync.exe [2011-05-29 22:11:50 . 2011-05-29 22:11:50]

------- Supplementary Scan -------

uStart Page = hxxp://google.com/
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Search Using Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\a6nqwcbs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.7thcavalry.us/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

------- File Associations -------

.txt=e-Notetaker.Document

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
SafeBoot-19789843.sys
SafeBoot-22514579.sys
SafeBoot-73517838.sys
MSConfigStartUp-DivXUpdate - C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-Steam - C:\Program Files\Steam\Steam.exe
AddRemove-Steam App 64000 - C:\Program Files\Steam\steam.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 22:53:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.db\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\NOTEPAD.EXE"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WordPad.exe"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-357686384-3270024895-2839793856-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5768)
C:\Windows\System32\NLSData0009.dll

Completion time: 2011-05-30 22:55:52
ComboFix-quarantined-files.txt 2011-05-30 21:55:49

Pre-Run: 44,632,096,768 bytes free
Post-Run: 48,802,553,856 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
- - End Of File - - 77516C8EDE3990900E23758F4E886365