Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus

Started by mesograt , Aug 04 2011 04:48 PM

  • This topic is locked This topic is locked

#1
mesograt
Posted 04 August 2011 - 04:48 PM

mesograt

    New Member

  • Member
  • Pip
  • 7 posts
Apparently a lot of other people have this too...

This rootkit is redirecting my search results on Google, Yahoo, Bing, and other search engines, mostly to some scam sites with fake anti-virus softwares and such. Hitman, ESET, TDSSKiller and MalwareBytes Anti-Malware failed to detect it. I suspect that the virus has patched my 'atapi.sys' file, which is why it is evading detection. Should I run a scan with GMER or use Combofix to fix the virus? Any help would be greatlty appreciated. Thanks
  • 0

Advertisements

#2
Aaron
Posted 05 August 2011 - 10:41 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi, welcome to Geeks to Go :) !
I'm Aaron and I will be helping you with your problem(s).

Before we start I need to mention a few things:
  • Please post all the requested logs directly in your reply, do not attach or put them in Quote/Code boxes unless asked to.
  • Try to reply every day please, I'll try to do the same. If this topic is inactive for 3 days, then it will be closed.
  • Note that removing malware is not instantaneous, I requires a specific process to be removed completely. Running antimalware removal tools I didn't ask for might slow this process down.
  • If you have any questions, don't hesitate to ask!

============ Step one ============

Please download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows and programs are closed to let it run uninterrupted.
  • Select All Users.
  • Under the Posted Image box at the bottom, paste in the following:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of OTL.Txt and paste it in your next post. Do the same for Extras.Txt.

============ Step two ============

Download aswMBR.exe to your desktop.

1. Double click the aswMBR.exe to run it
2. Click the "Scan" button to start scan
Note: if you use Avast, please disable the automatic scan: put AV engine to None.
Posted Image

3. On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

============ Step one ============

Please post the TDSSKiller and MBAM log too.

- Maser00
  • 0

#3
mesograt
Posted 05 August 2011 - 03:12 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi there Aaron, thanks for your time.

Here are the requested logs:

OTL.Txt:

OTL logfile created on: 8/5/2011 1:34:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 256.02 Mb Available Physical Memory | 50.07% Memory free
5.22 Gb Paging File | 4.84 Gb Available in Paging File | 92.67% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 11.55 Gb Free Space | 38.35% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 10.86 Gb Free Space | 7.29% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
PRC - [2011/07/19 12:55:26 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/06/03 16:01:14 | 002,734,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/24 07:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (MotoHelper)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 16:02:48 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/03 16:01:48 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/06/03 16:01:20 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/03 16:00:16 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/12/11 11:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 13:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh....ar.html?src=ssb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {17b9a3ab-e635-4524-811f-8211f84e84aa}:1.0
FF - prefs.js..extensions.enabledItems: {ce45d780-6401-4049-8492-b355e5cd41a2}:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 15:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 11:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 19:43:11 | 000,000,000 | ---D | M]

[2011/02/26 20:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Extensions
[2009/07/10 20:38:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\extensions
[2009/07/10 20:38:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/08/04 17:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions
[2011/07/26 16:14:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa}
[2011/03/17 16:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/28 11:13:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2}
[2011/02/26 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/27 20:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/28 12:17:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [Auto LogOff] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Turn Off Monitor] File not found
O4 - HKCU..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176225459906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176229303515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 09:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 13:32:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:57:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Malwarebytes
[2011/08/04 15:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 15:55:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 15:55:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 14:43:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/02 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/02 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 13:47:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 13:45:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 13:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\Administrative Tools
[2011/07/28 11:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/07/28 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/07/28 11:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/07/27 19:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/27 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/07/27 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\MixenSoft_WBINC
[2011/07/27 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\ViCon_Remastered
[2011/07/27 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/27 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/27 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\IconTweaker
[2011/07/27 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodeGazer
[2011/07/27 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2011/07/27 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Styler
[2011/07/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/26 16:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/26 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\WinRAR
[2011/07/26 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/26 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\WinRAR
[2011/07/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\Essays
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Fred\*.tmp files -> C:\Documents and Settings\Fred\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/05 13:04:35 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/05 13:04:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/05 13:03:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/04 15:58:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/03 16:45:15 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/02 14:41:27 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ComboFix.lnk
[2011/08/02 13:50:29 | 000,000,506 | RHS- | M] () -- C:\boot.ini
[2011/07/30 21:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/07/28 11:47:54 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 11:44:49 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 22:46:31 | 000,004,284 | -HS- | M] () -- C:\WINDOWS\System32\msdmo32.dll
[2011/07/27 22:46:31 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\1716242436
[2011/07/27 21:44:40 | 000,004,284 | -HS- | M] () -- C:\WINDOWS\System32\kbdru132.dll
[2011/07/27 17:48:38 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 17:48:22 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\WinAVI.lnk
[2011/07/27 17:48:05 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/27 17:47:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\iTunes.lnk
[2011/07/27 17:47:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/27 17:47:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 17:46:43 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/07/27 16:50:00 | 000,000,389 | ---- | M] () -- C:\Boot.bak
[2011/07/26 19:43:13 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/23 21:39:56 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/13 20:36:18 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 13:59:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Fred\*.tmp files -> C:\Documents and Settings\Fred\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/04 15:55:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 14:41:26 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ComboFix.lnk
[2011/08/02 13:50:29 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2011/08/02 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 13:47:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 13:47:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 13:47:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 13:47:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 13:47:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 11:44:49 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 22:46:30 | 000,004,284 | -HS- | C] () -- C:\WINDOWS\System32\msdmo32.dll
[2011/07/27 21:44:40 | 000,004,284 | -HS- | C] () -- C:\WINDOWS\System32\kbdru132.dll
[2011/07/27 17:48:38 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 15:41:24 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IconTweaker.lnk
[2011/07/27 15:34:23 | 000,169,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 19:43:13 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:31 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/26 16:52:25 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/22 15:19:38 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\1716242436
[2011/07/03 14:17:27 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\C982.6B3
[2011/06/19 19:02:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\winscp.rnd
[2011/03/25 17:28:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/25 17:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/11 19:50:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Turn Off Monitor.ini
[2011/02/28 16:36:52 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/26 21:02:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/26 20:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/09 22:43:20 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 11:14:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/10 11:14:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/10 11:14:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/10 11:14:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/10 10:07:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/04/10 09:45:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/10 09:40:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/10 02:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/10 02:35:14 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/02 13:54:50 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,493,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,083,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/07/10 19:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F2A1
[2011/07/26 15:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/26 19:42:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/26 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/02/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\AVG10
[2011/08/05 13:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/07/27 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Broad Intelligence
[2011/07/28 11:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/03/23 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FreeBurner
[2010/03/28 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FrostWire
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/03/23 16:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ImgBurn
[2007/05/05 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\InterVideo
[2011/07/27 15:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/04 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %USERPROFILE%\..|smtmp;true;true;true /FP >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 17:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 05:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 11:01:43 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 11:01:30 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 17:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 17:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2003/03/31 05:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< End of report >

Extras.Txt:

OTL Extras logfile created on: 8/5/2011 1:34:41 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 256.02 Mb Available Physical Memory | 50.07% Memory free
5.22 Gb Paging File | 4.84 Gb Available in Paging File | 92.67% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 11.55 Gb Free Space | 38.35% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 10.86 Gb Free Space | 7.29% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28891990-8598-4A38-93D6-7C7C978A686E}" = ESET NOD32 Antivirus
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{6975E810-C92F-45F0-0BFD-187B312F10E8}" = Norton Ghost
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7C7C686-8479-4173-9570-F4B350D91B37}" = Motorola Mobile Drivers Installation 4.9.0
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"HitmanPro35" = Hitman Pro 3.5
"IconTweaker" = IconTweaker 1.12
"ImgBurn" = ImgBurn
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MotoHelper" = MotoHelper 2.0.40 Driver 4.9.0
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"PROPLUSR" = Microsoft Office Professional Plus 2007
"VISPROR" = Microsoft Office Visio Professional 2007
"VistaGlazz_is1" = VistaGlazz 2.4
"VistaSwitcher" = VistaSwitcher
"VLC media player" = VLC media player 1.1.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"winscp3_is1" = WinSCP 4.3.3
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/16/2011 2:59:24 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.2.14, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 7/16/2011 10:57:54 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.2.14, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 7/22/2011 3:49:56 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.2.14, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00104124.

Error - 7/26/2011 6:05:12 PM | Computer Name = HT-ENO6HHHY4BDE | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: The server returned an invalid or unrecognized response

Error - 7/30/2011 7:16:27 PM | Computer Name = HT-ENO6HHHY4BDE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 7peek.exe, P2 1.0.0.5, P3 4a647757, P4 7peek,
P5 1.0.0.5, P6 4a647757, P7 f, P8 c6, P9 system.invalidoperationexception, P10
NIL.

Error - 7/30/2011 7:16:33 PM | Computer Name = HT-ENO6HHHY4BDE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 7peek.exe, P2 1.0.0.5, P3 4a647757, P4 7peek,
P5 1.0.0.5, P6 4a647757, P7 f, P8 c6, P9 system.invalidoperationexception, P10
NIL.

Error - 7/30/2011 7:16:48 PM | Computer Name = HT-ENO6HHHY4BDE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 7peek.exe, P2 1.0.0.5, P3 4a647757, P4 7peek,
P5 1.0.0.5, P6 4a647757, P7 f, P8 c6, P9 system.invalidoperationexception, P10
NIL.

Error - 7/30/2011 7:17:44 PM | Computer Name = HT-ENO6HHHY4BDE | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 7peek.exe, P2 1.0.0.5, P3 4a647757, P4 7peek,
P5 1.0.0.5, P6 4a647757, P7 f, P8 c6, P9 system.invalidoperationexception, P10
NIL.

Error - 8/2/2011 8:49:49 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 10.2.2.14, faulting module
quicktime.qts, version 7.69.80.9, fault address 0x00118ebd.

Error - 8/4/2011 7:51:56 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Application Error | ID = 1000
Description = Faulting application mbamgui.exe, version 1.51.0.38, faulting module
mbamgui.exe, version 1.51.0.38, fault address 0x000113c7.

[ System Events ]
Error - 8/4/2011 7:44:41 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/4/2011 7:53:30 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7000
Description = The MotoHelper Service service failed to start due to the following
error: %%2

Error - 8/4/2011 7:53:30 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/4/2011 8:06:52 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/4/2011 8:07:21 PM | Computer Name = HT-ENO6HHHY4BDE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/5/2011 4:04:17 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7000
Description = The MotoHelper Service service failed to start due to the following
error: %%2

Error - 8/5/2011 4:04:17 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/5/2011 4:05:58 PM | Computer Name = HT-ENO6HHHY4BDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 8/5/2011 4:06:28 PM | Computer Name = HT-ENO6HHHY4BDE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 8/5/2011 4:12:54 PM | Computer Name = HT-ENO6HHHY4BDE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
JONATHEN-07WAJD that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{3921AAC2-DF0. The master browser is stopping or an election is being
forced.


< End of report >

aswMBR:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-05 14:01:50
-----------------------------
14:01:50.984 OS Version: Windows 5.1.2600 Service Pack 3
14:01:50.984 Number of processors: 1 586 0xD08
14:01:50.984 ComputerName: HT-ENO6HHHY4BDE UserName: Fred
14:01:53.031 Initialize success
14:02:03.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:02:03.890 Disk 0 Vendor: ST96812A 3.05 Size: 57231MB BusType: 3
14:02:05.921 Disk 0 MBR read successfully
14:02:05.921 Disk 0 MBR scan
14:02:05.921 Disk 0 Windows XP default MBR code
14:02:05.921 Disk 0 scanning sectors +117210240
14:02:06.562 Disk 0 scanning C:\WINDOWS\system32\drivers
14:02:12.515 Service scanning
14:02:13.656 Modules scanning
14:02:23.781 Disk 0 trace - called modules:
14:02:23.812 TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:02:23.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f61ab8]
14:02:23.812 3 CLASSPNP.SYS[f8735fd7] -> nt!IofCallDriver -> \Device\00000083[0x82f78320]
14:02:23.828 5 ACPI.sys[f86ac620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f4b940]
14:02:23.890 Scan finished successfully
14:02:37.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Fred\Desktop\MBR.dat"
14:02:37.671 The log file has been saved successfully to "C:\Documents and Settings\Fred\Desktop\aswMBR.txt"


MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7378

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/4/2011 4:22:46 PM
mbam-log-2011-08-04 (16-22-46).txt

Scan type: Quick scan
Objects scanned: 169576
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Where can I find the log file for TDSSKiller? No infections were found and I did not see a log file anywhere.
  • 0

#4
Aaron
Posted 06 August 2011 - 03:54 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

Please follow these steps:
============ Step one ============

Please go to Start > Control Panel > Add/Remove Programs and remove the following:
BitTorrent*
Ask Toolbar
iMesh* (if still present)
FrostWire* (if still present)

*I can see that you use multiple P2P programs. This is very dangerous because it is a great source for downloading malware. I suggest you stop using and remove this program to prevent new infections.

Peer-to-peer programs, eg : LimeWire, Bitlord, Kazaa, are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware.

You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.


Note :

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (msn, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

http://www.geekstogo...safe-computing/


============ Step two ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh....ar.html?src=ssb
FF - prefs.js..extensions.enabledItems: {17b9a3ab-e635-4524-811f-8211f84e84aa}:1.0
FF - prefs.js..extensions.enabledItems: {ce45d780-6401-4049-8492-b355e5cd41a2}:1.0
[2009/07/10 20:38:29 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011/07/26 16:14:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa}
[2011/07/28 11:13:54 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKCU..\Run: [Auto LogOff] File not found
O4 - HKCU..\Run: [Turn Off Monitor] File not found
[2011/07/27 22:46:31 | 000,004,284 | -HS- | M] () -- C:\WINDOWS\System32\msdmo32.dll
[2011/07/27 22:46:31 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\1716242436
[2011/07/27 21:44:40 | 000,004,284 | -HS- | M] () -- C:\WINDOWS\System32\kbdru132.dll
[2009/07/10 19:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2F2A1
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Fred\*.tmp files -> C:\Documents and Settings\Fred\*.tmp -> ]

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"=-
"C:\Program Files\FrostWire\FrostWire.exe"=-
"C:\Program Files\BitTorrent\BitTorrent.exe"=-

:Files
C:\Program Files\AskBarDis
C:\Program Files\iMesh Applications
ipconfig /flushdns /c

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step three ============

I see you ran Combofix, you bettter not use this without supervision. It's a very powerfull program that can cause a lot of problems if used incorrectly. Please post save the log from C:\ComboFix.txt or post it before continuing. Then remove the copy of CF on your desktop and download a new one, let it run and then post this new log too:


Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

- Maser00
  • 0

#5
mesograt
Posted 06 August 2011 - 12:35 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I removed BitTorrent and AskToolbar. Frostwire and iMesh are no longer present.

Here are the OTL logs:

08062011_105512.Txt:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Prefs.js: {17b9a3ab-e635-4524-811f-8211f84e84aa}:1.0 removed from extensions.enabledItems
Prefs.js: {ce45d780-6401-4049-8492-b355e5cd41a2}:1.0 removed from extensions.enabledItems
Folder C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa}\defaults folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa}\chrome folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{17b9a3ab-e635-4524-811f-8211f84e84aa} folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2}\defaults folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2}\chrome folder moved successfully.
C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{ce45d780-6401-4049-8492-b355e5cd41a2} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Auto LogOff deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Turn Off Monitor deleted successfully.
C:\WINDOWS\system32\msdmo32.dll moved successfully.
C:\WINDOWS\system32\1716242436 moved successfully.
C:\WINDOWS\system32\kbdru132.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\2F2A1 folder moved successfully.
C:\WINDOWS\002342_.tmp deleted successfully.
C:\WINDOWS\005702_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Fred\kamshxvdxt.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iMesh Applications\iMesh\iMesh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\BitTorrent.exe deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.
C:\Program Files\iMesh Applications\iMesh folder moved successfully.
C:\Program Files\iMesh Applications folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Fred\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fred\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Fred
->Temp folder emptied: 359322217 bytes
->Temporary Internet Files folder emptied: 39732800 bytes
->Java cache emptied: 26558688 bytes
->FireFox cache emptied: 47430548 bytes
->Flash cache emptied: 59970 bytes

User: Guest
->Temp folder emptied: 222 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33636 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36060145 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 117947646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 242196515 bytes

Total Files Cleaned = 829.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Fred
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_105512

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.Txt:

OTL logfile created on: 8/6/2011 11:06:55 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 135.16 Mb Available Physical Memory | 26.43% Memory free
5.22 Gb Paging File | 4.86 Gb Available in Paging File | 93.13% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 12.13 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 9.79 Gb Free Space | 6.57% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/06/03 16:01:14 | 002,734,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/24 07:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (MotoHelper)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 16:02:48 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/03 16:01:48 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/06/03 16:01:20 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/03 16:00:16 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/12/11 11:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 13:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 15:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 22:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 19:43:11 | 000,000,000 | ---D | M]

[2011/02/26 20:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Extensions
[2011/08/06 11:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions
[2011/03/17 16:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/27 20:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/28 12:17:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176225459906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176229303515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 09:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/06 10:04:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/05 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/05 13:32:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:57:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Malwarebytes
[2011/08/04 15:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 15:55:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 15:55:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 14:43:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/02 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/02 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 13:47:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 13:45:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 13:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\Administrative Tools
[2011/07/28 11:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/07/28 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/07/28 11:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/07/27 19:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/27 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/07/27 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\MixenSoft_WBINC
[2011/07/27 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\ViCon_Remastered
[2011/07/27 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/27 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/27 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\IconTweaker
[2011/07/27 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodeGazer
[2011/07/27 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2011/07/27 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Styler
[2011/07/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/26 16:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/26 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\WinRAR
[2011/07/26 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/26 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\WinRAR
[2011/07/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\Essays

========== Files - Modified Within 30 Days ==========

[2011/08/06 11:01:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/06 11:01:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/06 11:00:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/05 22:37:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 18:33:03 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/05 15:04:03 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 14:02:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:58:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 14:41:27 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ComboFix.lnk
[2011/08/02 13:50:29 | 000,000,506 | RHS- | M] () -- C:\boot.ini
[2011/07/30 21:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/07/28 11:47:54 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 11:44:49 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 17:48:22 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\WinAVI.lnk
[2011/07/27 17:48:05 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/27 17:47:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\iTunes.lnk
[2011/07/27 17:47:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/27 17:47:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 16:50:00 | 000,000,389 | ---- | M] () -- C:\Boot.bak
[2011/07/26 19:43:13 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/23 21:39:56 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/13 20:36:18 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 13:59:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job

========== Files Created - No Company Name ==========

[2011/08/05 22:37:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/05 22:37:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/04 15:55:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 14:41:26 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ComboFix.lnk
[2011/08/02 13:50:29 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2011/08/02 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 13:47:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 13:47:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 13:47:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 13:47:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 13:47:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 11:44:49 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 15:41:24 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IconTweaker.lnk
[2011/07/27 15:34:23 | 000,169,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 19:43:13 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:31 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/26 16:52:25 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/03 14:17:27 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\C982.6B3
[2011/06/19 19:02:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\winscp.rnd
[2011/03/25 17:28:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/25 17:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/11 19:50:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Turn Off Monitor.ini
[2011/02/28 16:36:52 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/26 21:02:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/26 20:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/09 22:43:20 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 11:14:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/10 11:14:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/10 11:14:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/10 11:14:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/10 10:07:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/04/10 09:45:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/10 09:40:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/10 02:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/10 02:35:14 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/02 13:54:50 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,493,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,083,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/26 15:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/26 19:42:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/26 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/02/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\AVG10
[2011/07/27 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Broad Intelligence
[2011/07/28 11:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/03/23 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FreeBurner
[2010/03/28 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FrostWire
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/03/23 16:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ImgBurn
[2007/05/05 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\InterVideo
[2011/07/27 15:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/05 18:33:03 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



< End of report >

For some reason, Combofix is not working. It shows me the blinking "-" for a few minutes then my whole laptop freezes up and I have to force a restart. All my anti-virus are disabled (as far as I know) and I have no other programs running while running Combofix. This happened the first time I tried running Combofix as well. I have the same problem with DDS. Any suggestions?
  • 0

#6
Aaron
Posted 07 August 2011 - 05:05 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

Still having redirections? Are other computers being redirected too?

Please follow these steps:
============ Step one ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
[2011/07/03 14:17:27 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\C982.6B3

:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-

:Files

:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step two ============

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
      Posted Image
      Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please post this log.

============ Step three ============

You could try downloading a new copy of CF and renaming it to mesograt. No problem if it still doesn't work.

- Maser00
  • 0

#7
mesograt
Posted 07 August 2011 - 10:30 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Actually, the redirects do seem to have stopped. But it's hard to tell since the virus doesn't redirect everything I click on, but rather it seems to do it randomly. Anyways, here are the two logs from OTL:

08072011_202155.Txt:

All processes killed
========== OTL ==========
C:\Documents and Settings\Fred\Application Data\C982.6B3 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred
->Temp folder emptied: 6016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77600236 bytes
->Flash cache emptied: 872 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33636 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 116137 bytes

Total Files Cleaned = 74.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Fred
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_202155

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL.Txt:

OTL logfile created on: 8/7/2011 8:28:13 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 93.61 Mb Available Physical Memory | 18.31% Memory free
5.22 Gb Paging File | 4.86 Gb Available in Paging File | 93.16% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 11.42 Gb Free Space | 37.92% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 9.79 Gb Free Space | 6.57% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/06/03 16:01:14 | 002,734,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/24 07:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (MotoHelper)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 16:02:48 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/03 16:01:48 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/06/03 16:01:20 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/03 16:00:16 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/12/11 11:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 13:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 15:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 22:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 19:43:11 | 000,000,000 | ---D | M]

[2011/02/26 20:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Extensions
[2011/08/07 18:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions
[2011/03/17 16:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/27 20:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/28 12:17:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176225459906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176229303515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 09:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 18:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/08/06 11:18:29 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/08/06 10:04:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/05 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/05 13:32:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:57:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Malwarebytes
[2011/08/04 15:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 15:55:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 15:55:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/02 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 13:47:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 13:45:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 13:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\Administrative Tools
[2011/07/28 11:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/07/28 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/07/28 11:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/07/27 19:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/27 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/07/27 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\MixenSoft_WBINC
[2011/07/27 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\ViCon_Remastered
[2011/07/27 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/27 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/27 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\IconTweaker
[2011/07/27 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodeGazer
[2011/07/27 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2011/07/27 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Styler
[2011/07/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/26 16:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/26 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\WinRAR
[2011/07/26 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/26 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\WinRAR
[2011/07/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\Essays

========== Files - Modified Within 30 Days ==========

[2011/08/07 20:25:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/07 20:25:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/07 20:23:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/06 21:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/05 22:37:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 15:04:03 | 000,190,976 | ---- | M] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/05 14:02:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:58:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,506 | RHS- | M] () -- C:\boot.ini
[2011/07/28 11:47:54 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 11:44:49 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 17:48:22 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\WinAVI.lnk
[2011/07/27 17:48:05 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/27 17:47:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\iTunes.lnk
[2011/07/27 17:47:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/27 17:47:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 16:50:00 | 000,000,389 | ---- | M] () -- C:\Boot.bak
[2011/07/26 19:43:13 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/23 21:39:56 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/13 20:36:18 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 13:59:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job

========== Files Created - No Company Name ==========

[2011/08/05 22:37:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/05 22:37:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/04 15:55:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2011/08/02 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 13:47:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 13:47:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 13:47:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 13:47:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 13:47:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 11:44:49 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 15:41:24 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IconTweaker.lnk
[2011/07/27 15:34:23 | 000,169,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 19:43:13 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:31 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/26 16:52:25 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 19:02:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\winscp.rnd
[2011/03/25 17:28:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/25 17:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/11 19:50:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Turn Off Monitor.ini
[2011/02/28 16:36:52 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/26 21:02:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/26 20:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/09 22:43:20 | 000,190,976 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 11:14:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/10 11:14:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/10 11:14:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/10 11:14:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/10 10:07:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/04/10 09:45:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/10 09:40:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/10 02:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/10 02:35:14 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/02 13:54:50 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,493,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,083,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/26 15:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/26 19:42:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/26 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/02/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\AVG10
[2011/08/07 20:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/07/27 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Broad Intelligence
[2011/07/28 11:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/03/23 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FreeBurner
[2010/03/28 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FrostWire
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/03/23 16:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ImgBurn
[2007/05/05 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\InterVideo
[2011/07/27 15:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/07 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



< End of report >

The GMER logfile:

ark.txt:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-07 21:27:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST96812A rev.3.05
Running: gmer.exe; Driver: C:\DOCUME~1\Fred\LOCALS~1\Temp\ffporkod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF3A594B0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xF3A597F0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF3A59AB0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF3A595D0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xF3A598B0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF3A59350] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF3A59410] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF3A59570] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xF3A59630] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF3A59530] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF3A594F0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF3A59670] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xF3A59870] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF3A593B0] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF3A59430] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xF3A59830] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xF3A59370] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF3A59470] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF3A595F0] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

.text TUKERNEL.EXE!_abnormal_termination + 440 804E2AAC 12 Bytes [B0, 93, A5, F3, 30, 94, A5, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[556] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] CiSvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [MANUAL] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

I tried running ComboFix as mesograt, but had the same problems. I guess it can't be avoided.

Also, MBAM keeps saying that it has "successfully blocked access to a potentially malicious website: xxx.xxx.xxx.xx Type: outgoing" I remember that when I would click on a link that redirected it would say "Cached: xxx.xxx.xxx.xx" underneath. I'm guessing that this has something to do with the virus?

Edited by mesograt, 07 August 2011 - 10:47 PM.

  • 0

#8
Aaron
Posted 08 August 2011 - 12:48 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Could you attach the latest 3 protection logs from MBAM please? These can be found when you open the program under the Logs tab.
  • 0

#9
mesograt
Posted 08 August 2011 - 02:30 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
protection-log-2011-08-08.txt:

13:23:18 Fred MESSAGE Protection started successfully
13:23:30 Fred MESSAGE IP Protection started successfully
13:25:17 Fred MESSAGE Scheduled update executed successfully
13:25:19 Fred MESSAGE IP Protection stopped
13:26:05 Fred MESSAGE Database updated successfully
13:26:08 Fred MESSAGE IP Protection started successfully

protection-log-2011-08-07.txt:

17:16:34 (null) MESSAGE Scheduled update executed successfully
18:03:56 Fred MESSAGE Protection started successfully
18:04:02 Fred MESSAGE IP Protection started successfully
18:04:02 Fred MESSAGE IP Protection stopped
18:04:07 Fred MESSAGE Database updated successfully
18:04:09 Fred MESSAGE IP Protection started successfully
18:09:56 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:09:59 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:00 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:05 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:05 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:16 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:19 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:25 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:37 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:40 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:42 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:45 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:46 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:51 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:53 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:56 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:10:57 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:00 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:02 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:02 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:05 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:06 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:11 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:26 Fred DETECTION C:\Documents and Settings\Fred\Local Settings\Temp\utt32.tmp.exe Trojan.Pakes QUARANTINE
18:11:27 Fred DETECTION C:\Documents and Settings\Fred\Local Settings\Temp\utt32.tmp.exe Trojan.Pakes DENY
18:11:27 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:28 Fred ERROR Quarantine failed: UtilityReadFile failed with error code 2
18:11:30 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:11:36 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:12:32 Fred IP-BLOCK 89.28.43.82 (Type: outgoing)
18:16:59 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:17:02 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:17:08 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
18:58:59 Fred IP-BLOCK 109.110.92.202 (Type: outgoing)
19:15:58 Fred IP-BLOCK 77.78.244.200 (Type: outgoing)
19:21:08 Fred IP-BLOCK 58.241.100.61 (Type: incoming)
19:24:34 Fred IP-BLOCK 222.64.54.179 (Type: incoming)
19:24:34 Fred IP-BLOCK 222.64.54.179 (Type: incoming)
19:44:51 Fred IP-BLOCK 89.28.125.192 (Type: outgoing)
19:58:34 Fred IP-BLOCK 58.240.145.59 (Type: outgoing)
19:58:38 Fred IP-BLOCK 188.65.49.16 (Type: outgoing)
20:17:48 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
20:17:51 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
20:17:57 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
20:27:52 Fred MESSAGE Protection started successfully
20:27:58 Fred MESSAGE IP Protection started successfully
21:37:48 Fred MESSAGE Protection started successfully
21:38:02 Fred MESSAGE IP Protection started successfully

protection-log-2011-08-06.txt:

09:36:14 Fred MESSAGE Protection started successfully
09:36:23 Fred MESSAGE IP Protection started successfully
09:36:59 Fred IP-BLOCK 89.149.217.43 (Type: outgoing)
09:42:00 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
09:42:03 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
09:42:09 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
09:59:48 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
09:59:51 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
09:59:57 Fred IP-BLOCK 67.215.246.204 (Type: outgoing)
10:33:12 Fred MESSAGE Protection started successfully
10:33:18 Fred MESSAGE IP Protection started successfully
11:01:54 Fred MESSAGE Protection started successfully
11:02:00 Fred MESSAGE IP Protection started successfully
11:24:02 Fred MESSAGE Protection started successfully
11:24:20 Fred MESSAGE IP Protection started successfully
11:52:17 Fred MESSAGE Scheduled update executed successfully
11:52:18 Fred MESSAGE IP Protection stopped
11:52:59 Fred MESSAGE Database updated successfully
11:53:03 Fred MESSAGE IP Protection started successfully
  • 0

#10
Aaron
Posted 08 August 2011 - 02:59 PM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

Those warnings from MBAM are mostly caused by Bittorrent (and other P2P programs), now that these have been removed those warnings shouldn't really appear again. Please post the log if they do so I can check the IP's and I'll have a better look now Bittorrent isn't causing this anymore.

Please follow these steps:
============ Step one ============

I looked over this one, we'll fix it now:

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]

:Services

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again, Tick Scan All Users click the Posted Image button. Please post this log too.

============ Step two ============

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Automatic Scan report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image

- Maser00
  • 0

#11
mesograt
Posted 08 August 2011 - 11:17 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
08082011_162012.txt:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred
->Temp folder emptied: 59979 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75773295 bytes
->Flash cache emptied: 951 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16889 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 339736 bytes

Total Files Cleaned = 73.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Fred
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08082011_162012

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.Txt:

OTL logfile created on: 8/8/2011 4:24:19 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 94.33 Mb Available Physical Memory | 18.45% Memory free
5.22 Gb Paging File | 4.86 Gb Available in Paging File | 93.18% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 10.61 Gb Free Space | 35.23% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 9.79 Gb Free Space | 6.57% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/06/03 16:01:14 | 002,734,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/24 07:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (MotoHelper)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 16:02:48 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/03 16:01:48 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/06/03 16:01:20 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/03 16:00:16 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/12/11 11:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 13:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-117609710-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-117609710-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-117609710-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 15:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 22:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 19:43:11 | 000,000,000 | ---D | M]

[2011/02/26 20:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Extensions
[2011/08/07 18:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions
[2011/03/17 16:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/27 20:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/28 12:17:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-117609710-688789844-839522115-1003..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-117609710-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176225459906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176229303515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 09:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 21:32:04 | 000,000,000 | --SD | C] -- C:\mesograt
[2011/08/07 18:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/08/06 10:04:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/05 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/05 13:32:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:57:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Malwarebytes
[2011/08/04 15:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 15:55:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 15:55:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/02 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 13:47:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 13:45:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 13:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\Administrative Tools
[2011/07/28 11:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/07/28 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/07/28 11:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/07/27 19:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/27 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/07/27 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\MixenSoft_WBINC
[2011/07/27 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\ViCon_Remastered
[2011/07/27 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/27 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/27 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\IconTweaker
[2011/07/27 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodeGazer
[2011/07/27 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2011/07/27 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Styler
[2011/07/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/26 16:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/26 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\WinRAR
[2011/07/26 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/26 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\WinRAR
[2011/07/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\Essays

========== Files - Modified Within 30 Days ==========

[2011/08/08 16:27:22 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 16:22:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/08 16:22:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/08 16:21:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/07 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/06 21:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/05 22:37:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:58:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,506 | RHS- | M] () -- C:\boot.ini
[2011/07/28 11:47:54 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 11:44:49 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 17:48:22 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\WinAVI.lnk
[2011/07/27 17:48:05 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/27 17:47:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\iTunes.lnk
[2011/07/27 17:47:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/27 17:47:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 16:50:00 | 000,000,389 | ---- | M] () -- C:\Boot.bak
[2011/07/26 19:43:13 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/23 21:39:56 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/13 20:36:18 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 13:59:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job

========== Files Created - No Company Name ==========

[2011/08/05 22:37:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/05 22:37:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/04 15:55:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2011/08/02 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 13:47:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 13:47:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 13:47:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 13:47:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 13:47:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 11:44:49 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 15:41:24 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IconTweaker.lnk
[2011/07/27 15:34:23 | 000,169,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 19:43:13 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:31 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/26 16:52:25 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 19:02:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\winscp.rnd
[2011/03/25 17:28:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/25 17:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/11 19:50:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Turn Off Monitor.ini
[2011/02/28 16:36:52 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/26 21:02:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/26 20:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/09 22:43:20 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 11:14:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/10 11:14:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/10 11:14:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/10 11:14:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/10 10:07:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/04/10 09:45:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/10 09:40:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/10 02:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/10 02:35:14 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/02 13:54:50 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,493,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,083,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/26 15:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/26 19:42:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/26 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/02/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\AVG10
[2011/08/08 16:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/07/27 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Broad Intelligence
[2011/07/28 11:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/03/23 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FreeBurner
[2010/03/28 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FrostWire
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/03/23 16:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ImgBurn
[2007/05/05 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\InterVideo
[2011/07/27 15:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/07 18:33:06 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



< End of report >

As a note, someone turned off my laptop when the AVP scan may or may not have been completed. I'm pretty sure that the scan was finished, but it may not have been. I proceeded to gather the logfile anyways though, because I didn't want to wait another 3 hours to complete another scan. So if the logfile looks a bit strange, let me know and I'll run another scan.

Attached Files


  • 0

#12
Aaron
Posted 09 August 2011 - 06:02 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

Starting to look better :)
No redirections anymore or IP-blocks from MBAM?

As a note, someone turned off my laptop when the AVP scan may or may not have been completed. I'm pretty sure that the scan was finished, but it may not have been. I proceeded to gather the logfile anyways though, because I didn't want to wait another 3 hours to complete another scan. So if the logfile looks a bit strange, let me know and I'll run another scan.

Can you find find the log in the report tab? Did you see that AVP found anything while scanning? If you don't find the log I'd like a new scan please (only the virus scan).

============ Step one ============

Run OTL again

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 C6 59 05 19 BD 71 49 BD 12 C8 6A 66 12 05 55 [binary data]

:Services

:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-

:Files
C:\Documents and Settings\Fred\Local Settings\Temp\65.tmp
ipconfig /flushdns /c

:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces.
  • Then open OTL again and click the Posted Image button. Please post this log too.

============ Step two ============

There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • d:\614181ec6bc9a433623a\wgasetup.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#13
mesograt
Posted 09 August 2011 - 08:07 PM

mesograt

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oh, sorry, I thought that the system analysis info and the log would both be in the zip file. I ran another scan so here's the log.

AVP.Txt:

Automatic Scan: completed 22 minutes ago (events: 3643, objects: 3536, time: 00:14:56)
8/9/2011 4:22:36 PM Task completed
8/9/2011 4:22:35 PM OK \Device\Harddisk1\DR3
8/9/2011 4:22:33 PM OK \Device\Harddisk0\DR0
8/9/2011 4:22:28 PM OK \Device\HarddiskVolume1
8/9/2011 4:22:26 PM OK \Device\HarddiskVolume2
8/9/2011 4:22:22 PM OK F
8/9/2011 4:22:20 PM OK D
8/9/2011 4:22:17 PM OK C
8/9/2011 4:22:14 PM OK Unknown application
8/9/2011 4:22:13 PM OK C:\WINDOWS\system32\xpsp2res.dll
8/9/2011 4:22:13 PM OK C:\WINDOWS\system32\xmlprovi.dll
8/9/2011 4:22:13 PM OK C:\WINDOWS\system32\wzcsapi.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wzcdlg.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wtsapi32.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wsock32.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wshtcpip.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\ws2help.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\ws2_32.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wmi.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wmasf.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\wintrust.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\winsta.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\winspool.drv
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\winscard.dll
8/9/2011 4:22:12 PM OK C:\WINDOWS\system32\winmm.dll
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\winlogon.exe
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\winhttp.dll
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\win32k.sys
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\wbem\wmiutils.dll
8/9/2011 4:22:11 PM OK C:\WINDOWS\system32\wbem\wmiprvse.exe
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\wbemsvc.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\wbemprox.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\wbemcons.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\wbemcomn.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\framedyn.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\fastprox.dll
8/9/2011 4:22:10 PM OK C:\WINDOWS\system32\wbem\cimwin32.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\vga.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\uxtheme.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\usp10.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\userenv.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\upnp.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\tapi32.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\t2embed.dll
8/9/2011 4:22:09 PM OK C:\WINDOWS\system32\sxs.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\ssdpapi.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\softpub.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\slbrccsp.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\slbiop.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\slbcsp.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\shlwapi.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\shimeng.dll
8/9/2011 4:22:08 PM OK C:\WINDOWS\system32\shfolder.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\shdoclc.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\sensapi.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\security.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\secur32.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\schannel.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\sccsccp.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\sccbase.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\scarddlg.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\samlib.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\runonce.exe
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\rtutils.dll
8/9/2011 4:22:07 PM OK C:\WINDOWS\system32\rsaenh.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\riched32.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\riched20.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\rasman.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\rasapi32.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\rasadhlp.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\qutil.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\psapi.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\onex.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\oledlg.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\oleacc.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\odbcint.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\odbc32.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\ntsdexts.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\ntmarta.dll
8/9/2011 4:22:06 PM OK C:\WINDOWS\system32\ntdsapi.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\ntdll.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\netrap.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\netmsg.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\netapi32.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\net1.exe
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\net.exe
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\ncobjapi.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\msxml3r.dll
8/9/2011 4:22:05 PM OK C:\WINDOWS\system32\msxml3.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msvcrt40.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msvcrt.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msvcp60.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msv1_0.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\mssip32.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msnsspc.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msls31.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msisip.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msimtf.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msimg32.dll
8/9/2011 4:22:04 PM OK C:\WINDOWS\system32\msi.dll
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\msctfime.ime
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\msctf.dll
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\mscms.dll
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\msasn1.dll
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\msapsspc.dll
8/9/2011 4:22:03 PM OK C:\WINDOWS\system32\msacm32.dll
8/9/2011 4:22:02 PM OK C:\WINDOWS\system32\mprapi.dll
8/9/2011 4:22:02 PM OK C:\WINDOWS\system32\mpr.dll
8/9/2011 4:22:02 PM OK C:\WINDOWS\system32\mlang.dll
8/9/2011 4:22:02 PM OK C:\WINDOWS\system32\mfc42u.dll
8/9/2011 4:22:02 PM OK C:\WINDOWS\system32\mapi32.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\lpk.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\linkinfo.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\ksuser.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\iphlpapi.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\initpki.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\imm32.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\hnetcfg.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\grpconv.exe
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\gpkcsp.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\fltlib.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\faultrep.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\exts.dll
8/9/2011 4:22:01 PM OK C:\WINDOWS\system32\esent.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\eappprxy.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\eappcfg.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\eapolqec.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dwwin.exe
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dssenh.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dsound.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dot3dlg.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dot3api.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dnssd.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dnsapi.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\digest.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\ddraw.dll
8/9/2011 4:22:00 PM OK C:\WINDOWS\system32\dciman32.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\dbghelp.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\dbgeng.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\d3d9.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\d3d8thk.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\d3d8.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\cryptui.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\cryptdll.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\cryptdlg.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\credui.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\comres.dll
8/9/2011 4:21:59 PM OK C:\WINDOWS\system32\comctl32.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\clbcatq.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\cfgmgr32.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\cabinet.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\atl.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\apphelp.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\adsldpc.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\activeds.dll
8/9/2011 4:21:58 PM OK C:\WINDOWS\system32\WMVCore.dll
8/9/2011 4:21:57 PM OK C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
8/9/2011 4:21:57 PM OK C:\WINDOWS\system32\1033\dwintl.dll
8/9/2011 4:21:57 PM OK C:\WINDOWS\WindowsShell.Manifest
8/9/2011 4:21:57 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
8/9/2011 4:21:57 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
8/9/2011 4:21:57 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
8/9/2011 4:21:56 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
8/9/2011 4:21:55 PM OK C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
8/9/2011 4:21:55 PM OK C:\WINDOWS\AppPatch\acgenral.dll
8/9/2011 4:21:55 PM OK C:\Program Files\iTunes\iTunesPhotoProcessor.exe
8/9/2011 4:21:55 PM OK C:\Program Files\iTunes\iTunesPhotoProcessor.dll
8/9/2011 4:21:55 PM OK C:\Program Files\iTunes\iTunesOutlookAddIn.dll
8/9/2011 4:21:55 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:55 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pt.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:54 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\es.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en_GB.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesMiniPlayerLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\zh_TW.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\sv.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\ru.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\pt_PT.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\pt.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\pl.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:53 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\nl.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\nb.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\ko.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\ja.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\fi.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:52 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\es.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\en_GB.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\da.lproj\iTunesHelperLocalized.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunesAdmin.dll
8/9/2011 4:21:51 PM OK C:\Program Files\iTunes\iTunes.dll
8/9/2011 4:21:50 PM OK C:\Program Files\iTunes\iTunes.Resources\zh_TW.lproj\iTunesLocalized.dll
8/9/2011 4:21:50 PM OK C:\Program Files\iTunes\iTunes.Resources\zh_CN.lproj\iTunesLocalized.dll
8/9/2011 4:21:50 PM OK C:\Program Files\iTunes\iTunes.Resources\sv.lproj\iTunesLocalized.dll
8/9/2011 4:21:49 PM OK C:\Program Files\iTunes\iTunes.Resources\ru.lproj\iTunesLocalized.dll
8/9/2011 4:21:49 PM OK C:\Program Files\iTunes\iTunes.Resources\pt_PT.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\pt.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\pl.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\nl.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\nb.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\ko.lproj\iTunesLocalized.dll
8/9/2011 4:21:48 PM OK C:\Program Files\iTunes\iTunes.Resources\ja.lproj\iTunesLocalized.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\it.lproj\iTunesLocalized.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\iTunesRegistry.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\iTunes.qtr
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\iTunes.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\fr.lproj\iTunesLocalized.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\fi.lproj\iTunesLocalized.dll
8/9/2011 4:21:47 PM OK C:\Program Files\iTunes\iTunes.Resources\es.lproj\iTunesLocalized.dll
8/9/2011 4:21:46 PM OK C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\iTunesLocalized.dll
8/9/2011 4:21:46 PM OK C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.qtr
8/9/2011 4:21:46 PM OK C:\Program Files\iTunes\iTunes.Resources\en.lproj\iTunesLocalized.dll
8/9/2011 4:21:46 PM OK C:\Program Files\iTunes\iTunes.Resources\de.lproj\iTunesLocalized.dll
8/9/2011 4:21:46 PM OK C:\Program Files\iTunes\iTunes.Resources\da.lproj\iTunesLocalized.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\iPodUpdaterExt.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\gnsdk_submit.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\gnsdk_sdkmanager.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\gnsdk_musicid.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\gnsdk_dsp.dll
8/9/2011 4:21:45 PM OK C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
8/9/2011 4:21:45 PM OK C:\Program Files\Windows Media Player\npwmsdrm.dll
8/9/2011 4:21:45 PM OK C:\Program Files\Windows Media Player\npdsplay.dll
8/9/2011 4:21:45 PM OK C:\Program Files\Windows Media Player\npdrmv2.dll
8/9/2011 4:21:45 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeVR.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingExtras.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeMusic.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.qtx
8/9/2011 4:21:44 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG4.qtx
8/9/2011 4:21:43 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeMPEG.qtx
8/9/2011 4:21:43 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeInternetExtras.qtx
8/9/2011 4:21:43 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeImage.qtx
8/9/2011 4:21:43 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeH264.qtx
8/9/2011 4:21:42 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeEssentials.qtx
8/9/2011 4:21:42 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeEffects.qtx
8/9/2011 4:21:42 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeCapture.qtx
8/9/2011 4:21:42 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.qtx
8/9/2011 4:21:42 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeAuthoringLocalized.dll
8/9/2011 4:21:41 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.qtx
8/9/2011 4:21:41 PM OK C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll
8/9/2011 4:21:41 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime3GPPAuthoring.qtx
8/9/2011 4:21:41 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime3GPP.qtx
8/9/2011 4:21:41 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime.qts
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\QTSystem\QTCF.dll
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\QTSystem\CoreVideo.qtx
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin7.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin6.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin5.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin4.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin3.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin2.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\QuickTime\Plugins\npqtplugin.dll Object was not changed (iChecker)
8/9/2011 4:21:40 PM OK C:\Program Files\Mozilla Firefox\xul.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\xpcom.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\ssl3.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\sqlite3.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\softokn3.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\smime3.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll Object was not changed (iChecker)
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
8/9/2011 4:21:39 PM OK C:\Program Files\Mozilla Firefox\plugin-container.exe
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\plds4.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\plc4.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\nssutil3.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\nssdbm3.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\nssckbi.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\nss3.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\nspr4.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\mozcrt19.dll
8/9/2011 4:21:38 PM OK C:\Program Files\Mozilla Firefox\mozcpp19.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Mozilla Firefox\js3250.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Mozilla Firefox\freebl3.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\zip.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\verify.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\regutils.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\nio.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\net.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\msvcr71.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\jqsnotify.exe
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\jpeg.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\jp2native.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\java.exe
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\java.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\hpi.dll
8/9/2011 4:21:37 PM OK C:\Program Files\Java\jre6\bin\fontmanager.dll
8/9/2011 4:21:36 PM OK C:\Program Files\Java\jre6\bin\deploy.dll
8/9/2011 4:21:36 PM OK C:\Program Files\Java\jre6\bin\dcpr.dll
8/9/2011 4:21:36 PM OK C:\Program Files\Java\jre6\bin\client\jvm.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Java\jre6\bin\awt.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServices.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\DeviceLink.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper_main.dll
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
8/9/2011 4:21:35 PM OK C:\Program Files\Common Files\Apple\CoreFP\CoreFP.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
8/9/2011 4:21:33 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\VideoToolbox.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll
8/9/2011 4:21:32 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\QTMovieWin.dll
8/9/2011 4:21:31 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\MediaToolbox.dll
8/9/2011 4:21:31 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll
8/9/2011 4:21:31 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll
8/9/2011 4:21:31 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll
8/9/2011 4:21:31 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreMedia.dll
8/9/2011 4:21:30 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll
8/9/2011 4:21:30 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
8/9/2011 4:21:30 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreAudioToolbox.dll
8/9/2011 4:21:30 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
8/9/2011 4:21:29 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
8/9/2011 4:21:29 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\AVFoundationCF.dll
8/9/2011 4:21:29 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
8/9/2011 4:21:29 PM OK C:\Program Files\Apple Software Update\SoftwareUpdateFiles.dll
8/9/2011 4:21:28 PM OK C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\SoftwareUpdateFilesLocalized.dll
8/9/2011 4:21:28 PM OK C:\Program Files\Apple Software Update\SoftwareUpdateAdmin.dll
8/9/2011 4:21:28 PM OK C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\SoftwareUpdateLocalized.dll
8/9/2011 4:21:28 PM OK C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
8/9/2011 4:21:28 PM OK C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
8/9/2011 4:21:28 PM OK C:\documents and settings\fred\local settings\temp\rarsfx0\6245613rar.exe
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\wmihlpr.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\winreg.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\wdiskio.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\volenum.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\ushata.dll
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\updater.dll
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\uniarc.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\tm.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\timer.ppl
8/9/2011 4:21:27 PM OK C:\documents and settings\fred\local settings\temp\9649623\thpimpl.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\sfdb.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\schedule.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\reportdb.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\report.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\regmap.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\qb.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\pxstub.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\prtransp.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\prseqio.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\prremote.dll
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\proxydet.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\propmap.ppl
8/9/2011 4:21:26 PM OK C:\documents and settings\fred\local settings\temp\9649623\procmon.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\prloader.dll
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\params.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\ods.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\nfio.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\ndetect.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\msoe.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\mkavio.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\minizip.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\memscan.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\memmodsc.ppl
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\memmng.dll
8/9/2011 4:21:25 PM OK C:\documents and settings\fred\local settings\temp\9649623\memmng.dll
8/9/2011 4:21:24 PM OK C:\documents and settings\fred\local settings\temp\9649623\mdb.ppl
8/9/2011 4:21:24 PM OK C:\documents and settings\fred\local settings\temp\9649623\mailmsg.ppl
8/9/2011 4:21:24 PM OK C:\documents and settings\fred\local settings\temp\9649623\klsrlsvc.ppl
8/9/2011 4:21:24 PM OK C:\documents and settings\fred\local settings\temp\9649623\inflate.ppl
8/9/2011 4:21:24 PM OK C:\documents and settings\fred\local settings\temp\9649623\icheck3.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\hashmd5.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\fssync.dll
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\fsdrvplg.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\filemap.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\dtreg.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\dmap.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\diffs.dll
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\dbghelp.dll
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\crpthlpr.ppl
8/9/2011 4:21:23 PM OK C:\documents and settings\fred\local settings\temp\9649623\clldr.dll
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\clldr.dll
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\btdisk.ppl
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\bl.ppl
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\vlns.kdl
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\qscan.kdl
8/9/2011 4:21:22 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\pbs.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\mark.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\klavemu.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\kjim.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\kavsys.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\kavbase.kdl
8/9/2011 4:21:21 PM OK C:\documents and settings\fred\local settings\temp\9649623\bases\avpcure.kdl
8/9/2011 4:21:20 PM OK C:\documents and settings\fred\local settings\temp\9649623\basegui.ppl
8/9/2011 4:21:20 PM OK C:\documents and settings\fred\local settings\temp\9649623\avzkrnl.dll
8/9/2011 4:21:20 PM OK C:\documents and settings\fred\local settings\temp\9649623\avspm.ppl
8/9/2011 4:21:19 PM OK C:\documents and settings\fred\local settings\temp\9649623\avs.ppl
8/9/2011 4:21:19 PM OK C:\documents and settings\fred\local settings\temp\9649623\avpgui.ppl
8/9/2011 4:21:19 PM OK C:\documents and settings\fred\local settings\temp\9649623\avlib.ppl
8/9/2011 4:21:19 PM OK C:\WINDOWS\system32\drivers\etc\hosts
8/9/2011 4:21:18 PM OK C:\documents and settings\Default User\Start Menu\Programs\Startup\desktop.ini
8/9/2011 4:21:18 PM OK C:\documents and settings\Guest\Start Menu\Programs\Startup\desktop.ini
8/9/2011 4:21:18 PM OK C:\documents and settings\fred\local settings\temp\_uninst_10676419.bat
8/9/2011 4:21:18 PM OK C:\documents and settings\fred\Start Menu\Programs\Startup\_uninst_10676419.lnk
8/9/2011 4:21:18 PM OK C:\documents and settings\fred\local settings\temp\9649623\6245613.exe
8/9/2011 4:21:18 PM OK C:\documents and settings\fred\Start Menu\Programs\Startup\desktop.ini
8/9/2011 4:21:18 PM OK C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
8/9/2011 4:21:18 PM OK C:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
8/9/2011 4:21:18 PM OK C:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/9/2011 4:21:18 PM OK C:\Program Files\Bonjour\mdnsNSP.dll
8/9/2011 4:21:17 PM OK C:\WINDOWS\system32\winrnr.dll
8/9/2011 4:21:17 PM OK C:\WINDOWS\system32\rsvpsp.dll
8/9/2011 4:21:17 PM OK C:\Program Files\Apple Software Update\SoftwareUpdate.exe
8/9/2011 4:21:17 PM OK C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe
8/9/2011 4:21:17 PM OK C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL
8/9/2011 4:21:16 PM OK C:\WINDOWS\system32\wldap32.dll
8/9/2011 4:21:16 PM OK C:\WINDOWS\system32\wininet.dll
8/9/2011 4:21:16 PM OK C:\WINDOWS\system32\version.dll
8/9/2011 4:21:16 PM OK C:\WINDOWS\system32\user32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\url.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\rpcrt4.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\olethk32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\olesvr32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\olecnv32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\olecli32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\oleaut32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\ole32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\lz32.dll
8/9/2011 4:21:15 PM OK C:\WINDOWS\system32\kernel32.dll
8/9/2011 4:21:14 PM OK C:\WINDOWS\system32\imagehlp.dll
8/9/2011 4:21:14 PM OK C:\WINDOWS\system32\gdi32.dll
8/9/2011 4:21:14 PM OK C:\WINDOWS\system32\comdlg32.dll
8/9/2011 4:21:14 PM OK C:\WINDOWS\regedit.exe
8/9/2011 4:21:13 PM OK C:\WINDOWS\system32\notepad.exe
8/9/2011 4:21:13 PM OK C:\WINDOWS\system32\mshta.exe
8/9/2011 4:21:13 PM OK C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
8/9/2011 4:21:13 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
8/9/2011 4:21:12 PM OK C:\Program Files\WinSCP\DragExt.dll
8/9/2011 4:21:12 PM OK C:\WINDOWS\system32\winsrv.dll
8/9/2011 4:21:12 PM OK C:\WINDOWS\system32\basesrv.dll
8/9/2011 4:21:12 PM OK C:\WINDOWS\system32\csrss.exe
8/9/2011 4:21:12 PM OK C:\WINDOWS\system32\kbdus.dll
8/9/2011 4:21:12 PM OK C:\WINDOWS\system32\iprtrmgr.dll
8/9/2011 4:21:11 PM OK C:\WINDOWS\network diagnostic\xpnetdiag.exe
8/9/2011 4:21:11 PM OK C:\WINDOWS\system32\dot3gpclnt.dll
8/9/2011 4:21:11 PM OK C:\WINDOWS\system32\dskquota.dll
8/9/2011 4:21:11 PM OK C:\WINDOWS\system32\fdeploy.dll
8/9/2011 4:21:10 PM OK C:\WINDOWS\system32\gptext.dll
8/9/2011 4:21:10 PM OK C:\WINDOWS\system32\cmd.exe
8/9/2011 4:21:10 PM OK C:\WINDOWS\system32\krnl386.exe
8/9/2011 4:21:10 PM OK C:\WINDOWS\system32\ntvdm.exe
8/9/2011 4:21:10 PM OK C:\WINDOWS\system32\sysdm.cpl
8/9/2011 4:21:10 PM OK C:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe
8/9/2011 4:21:09 PM OK C:\WINDOWS\system32\wiascr.dll
8/9/2011 4:21:08 PM OK C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
8/9/2011 4:21:08 PM OK C:\WINDOWS\system32\inetcomm.dll
8/9/2011 4:21:08 PM OK C:\WINDOWS\system32\itss.dll
8/9/2011 4:21:07 PM OK C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL
8/9/2011 4:21:07 PM OK C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL/#
8/9/2011 4:21:07 PM OK C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL/#
8/9/2011 4:21:07 PM OK C:\WINDOWS\system32\msvidctl.dll
8/9/2011 4:21:06 PM OK C:\WINDOWS\system32\mshtml.dll
8/9/2011 4:21:06 PM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
8/9/2011 4:21:06 PM OK C:\WINDOWS\system32\urlmon.dll
8/9/2011 4:21:05 PM OK C:\WINDOWS\system32\mscoree.dll
8/9/2011 4:21:05 PM OK C:\WINDOWS\system32\rdpclip.exe
8/9/2011 4:21:05 PM OK C:\Program Files\Common Files\Nullsoft\ActiveX\2.4\AmpX.dll
8/9/2011 4:21:04 PM OK C:\WINDOWS\system32\Macromed\Flash\Flash10m.ocx
8/9/2011 4:21:04 PM OK C:\Program Files\Java\jre6\bin\npjpi160_15.dll
8/9/2011 4:21:04 PM OK C:\WINDOWS\system32\muweb.dll
8/9/2011 4:21:03 PM OK C:\WINDOWS\system32\muweb.dll/data0013.res
8/9/2011 4:21:03 PM OK C:\WINDOWS\system32\wuweb.dll
8/9/2011 4:21:03 PM OK C:\WINDOWS\system32\ntsd.exe
8/9/2011 4:21:03 PM OK C:\WINDOWS\system32\XPSViewer\XPSViewer.exe
8/9/2011 4:21:03 PM OK C:\Program Files\Windows NT\Accessories\wordpad.exe
8/9/2011 4:21:03 PM OK C:\Program Files\Windows Media Player\wmplayer.exe
8/9/2011 4:21:03 PM OK C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
8/9/2011 4:21:03 PM OK C:\Program Files\WinRAR\WinRAR.exe
8/9/2011 4:21:02 PM OK C:\Program Files\WinRAR\WinRAR.exe/#
8/9/2011 4:21:01 PM OK C:\Program Files\InterVideo\WinDVD\WinDVD.exe
8/9/2011 4:21:00 PM OK C:\Program Files\Outlook Express\wabmig.exe
8/9/2011 4:21:00 PM OK C:\Program Files\Outlook Express\wab.exe
8/9/2011 4:21:00 PM OK C:\Program Files\Microsoft Office\Office12\VISIO.EXE
8/9/2011 4:21:00 PM OK C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
8/9/2011 4:21:00 PM OK C:\Program Files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe
8/9/2011 4:21:00 PM OK C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
8/9/2011 4:21:00 PM OK C:\WINDOWS\system32\control.exe
8/9/2011 4:21:00 PM OK C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
8/9/2011 4:21:00 PM OK C:\Program Files\QuickTime\QuickTimePlayer.exe
8/9/2011 4:20:59 PM OK C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
8/9/2011 4:20:59 PM OK C:\Program Files\Windows NT\Pinball\pinball.exe
8/9/2011 4:20:58 PM OK C:\Program Files\QuickTime\PictureViewer.exe
8/9/2011 4:20:57 PM OK C:\WINDOWS\system32\mspaint.exe
8/9/2011 4:20:57 PM OK C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
8/9/2011 4:20:57 PM OK C:\Program Files\Microsoft Office\Office12\OIS.EXE
8/9/2011 4:20:57 PM OK C:\Program Files\Common Files\Symantec Shared\NMain.exe
8/9/2011 4:20:56 PM OK C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
8/9/2011 4:20:56 PM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLED.EXE
8/9/2011 4:20:56 PM OK C:\Program Files\MSN\MSNCoreFiles\msn6.exe
8/9/2011 4:20:56 PM OK C:\Program Files\Messenger\msmsgs.exe
8/9/2011 4:20:55 PM OK C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
8/9/2011 4:20:55 PM OK C:\Program Files\Outlook Express\msimn.exe
8/9/2011 4:20:55 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
8/9/2011 4:20:54 PM OK C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
8/9/2011 4:20:54 PM OK C:\Program Files\Windows Media Player\mplayer2.exe
8/9/2011 4:20:54 PM OK C:\Program Files\Movie Maker\moviemk.exe
8/9/2011 4:20:53 PM OK C:\WINDOWS\system32\usmt\migwiz.exe
8/9/2011 4:20:53 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
8/9/2011 4:20:52 PM OK C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
8/9/2011 4:20:52 PM OK C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
8/9/2011 4:20:51 PM OK C:\Program Files\Java\jre6\bin\javaws.exe
8/9/2011 4:20:51 PM OK C:\Program Files\iTunes\iTunes.exe
8/9/2011 4:20:50 PM OK C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe
8/9/2011 4:20:50 PM OK C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
8/9/2011 4:20:50 PM OK C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe/#
8/9/2011 4:20:50 PM OK C:\Program Files\Microsoft Office\Office12\INFOPATH.EXE
8/9/2011 4:20:50 PM OK C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
8/9/2011 4:20:50 PM OK C:\Program Files\Internet Explorer\iexplore.exe
8/9/2011 4:20:49 PM OK C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
8/9/2011 4:20:49 PM OK C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
8/9/2011 4:20:49 PM OK C:\Program Files\Windows NT\hypertrm.exe
8/9/2011 4:20:49 PM OK C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
8/9/2011 4:20:49 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
8/9/2011 4:20:48 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhReboot.exe
8/9/2011 4:20:48 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
8/9/2011 4:20:48 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhostStart.exe
8/9/2011 4:20:48 PM OK C:\Program Files\Symantec\Norton Ghost 2003\Ghostexp.exe
8/9/2011 4:20:47 PM OK C:\Program Files\Symantec\Norton Ghost 2003\Ghost Boot Wizard.exe
8/9/2011 4:20:47 PM OK C:\Program Files\Symantec\Norton Ghost 2003\Ghost Boot Wizard.exe
8/9/2011 4:20:47 PM OK C:\Program Files\Symantec\Norton Ghost 2003\gdisk32.exe
8/9/2011 4:20:47 PM OK C:\Program Files\Symantec\Norton Ghost 2003\gdisk32.exe
8/9/2011 4:20:46 PM OK C:\Program Files\Symantec\Norton Ghost 2003\ghost.exe
8/9/2011 4:20:46 PM OK C:\Program Files\Symantec\Norton Ghost 2003\gdisk.exe
8/9/2011 4:20:46 PM OK C:\Program Files\Mozilla Firefox\firefox.exe
8/9/2011 4:20:46 PM OK C:\Program Files\Windows NT\dialer.exe
8/9/2011 4:20:46 PM OK C:\Program Files\NetMeeting\conf.exe
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0196
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0195
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0194
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0193
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0192
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0191
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0190
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0189
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0188
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0187
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0186
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0185
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0184
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0183
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0182
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0181
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0180
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0179
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0178
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0177
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0176
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0175
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0174
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0173
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0172
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0171
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0170
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0169
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0168
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0167
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0166
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0165
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0164
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0163
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0162
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0161
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0160
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0159
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0158
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0157
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0156
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0155
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0154
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0153
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0152
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0151
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0150
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0149
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0149/# Object was not changed (iChecker)
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0149/data0000.res Object was not changed (iChecker)
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0148
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0147
8/9/2011 4:20:45 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0146
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0145
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144/PE_Patch.PECompact
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144/PE_Patch.PECompact/PecBundle/PECompact
8/9/2011 4:20:44 PM Packed: PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:44 PM Packed: PecBundle C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144/PE_Patch.PECompact
8/9/2011 4:20:44 PM Packed: PE_Patch.PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0144
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143/PE_Patch.PECompact
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143/PE_Patch.PECompact/PecBundle/PECompact
8/9/2011 4:20:44 PM Packed: PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:44 PM Packed: PecBundle C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143/PE_Patch.PECompact
8/9/2011 4:20:44 PM Packed: PE_Patch.PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0143
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0142
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0141
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0140
8/9/2011 4:20:44 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0139
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0138
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0137
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0136
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0134
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0133
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0132
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0131
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0130
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0130/# Object was not changed (iChecker)
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0130/data0000.res Object was not changed (iChecker)
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0129
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0128
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0127
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0126
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0125
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0124
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0123
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0123/data0003.res Object was not changed (iChecker)
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0123/data0002.res Object was not changed (iChecker)
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0123/data0000.res Object was not changed (iChecker)
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0122
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0121
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0120
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0119
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0118
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0117
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0116
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0115
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0114
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0113
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0112
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0112/UPX
8/9/2011 4:20:43 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0112
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0111
8/9/2011 4:20:43 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0110
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0109
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0108
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0107
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0106
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0105
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0104
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0103
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0102
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0101
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0100
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0099
8/9/2011 4:20:42 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0098
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0097
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0096
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0095
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0095/JIM
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0094
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0093
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0092
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0091
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0090
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0089
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0088
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0087
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0086
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0085
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0084
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0083
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0082
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0081
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0080
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0079
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0078
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0077
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0076
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0075
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0074
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0073
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0072
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0071
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0070
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0069
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0068
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0067
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0066
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0065
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0064
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0063
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0062
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0061
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0060
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0059
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0058
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0057
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0056
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0055
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0054
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0053
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0052
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0051
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0050
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0049
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0048
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0047
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0046
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0045
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0044
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0043
8/9/2011 4:20:41 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0043/UPX
8/9/2011 4:20:41 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0043
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0042
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0041
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0040
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0039
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0038
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0037
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0036
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0035
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0034
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0033
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0032
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0031
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0031/UPX
8/9/2011 4:20:40 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0031
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0030
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0029
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0028
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0027
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0026
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0025
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0024
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0023
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0022
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0021
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0020
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0019
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0018
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0017
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0016
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0015
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0014
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0013
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0012
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0011
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0010
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0009
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0008
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0007
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0006
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0005
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0004
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0003
8/9/2011 4:20:40 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0002
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/data0001
8/9/2011 4:20:39 PM Archive: NSIS C:\documents and settings\fred\My Documents\Downloads\mesograt.exe
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0196
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0195
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/SFs.bat
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/SF.exe
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/readme.txt
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/LS.exe
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/DS.exe
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/CS.exe
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/RS.bat
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194/FS.bat
8/9/2011 4:20:39 PM Archive: ZIP C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0194
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0193
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0193/pv.txt
8/9/2011 4:20:39 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0193/pv.exe
8/9/2011 4:20:38 PM Archive: ZIP C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0193
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0192
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0191
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0190
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0189
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0188
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0187
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0186
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0185
8/9/2011 4:20:36 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0184
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0183
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0182
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0181
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0180
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0179
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0178
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0177
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0176
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0175
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0174
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0173
8/9/2011 4:20:35 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0172
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0171
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0170
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0169
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0168
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0167
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0166
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0165
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0164
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0163
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0162
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0161
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0160
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0159
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0158
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0157
8/9/2011 4:20:34 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0156
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0155
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0154
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0153
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0152
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0151
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0150
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/#
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/#/PE_Patch
8/9/2011 4:20:33 PM Packed: PE_Patch C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/#
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/data0000.res
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/data0000.res/PE_Patch
8/9/2011 4:20:33 PM Packed: PE_Patch C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0149/data0000.res
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0148
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0147
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0146
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0145
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144/PE_Patch.PECompact
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144/PE_Patch.PECompact/PecBundle/PECompact
8/9/2011 4:20:33 PM Packed: PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:33 PM Packed: PecBundle C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144/PE_Patch.PECompact
8/9/2011 4:20:33 PM Packed: PE_Patch.PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0144
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143/PE_Patch.PECompact
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:33 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143/PE_Patch.PECompact/PecBundle/PECompact
8/9/2011 4:20:32 PM Packed: PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143/PE_Patch.PECompact/PecBundle
8/9/2011 4:20:32 PM Packed: PecBundle C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143/PE_Patch.PECompact
8/9/2011 4:20:32 PM Packed: PE_Patch.PECompact C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0143
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0142
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0141
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0140
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0139
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0138
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0137
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0136
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0134
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0133
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0132
8/9/2011 4:20:32 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0131
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/#
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/#/PE_Patch
8/9/2011 4:20:31 PM Packed: PE_Patch C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/#
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/data0000.res
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/data0000.res/PE_Patch
8/9/2011 4:20:31 PM Packed: PE_Patch C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0130/data0000.res
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0129
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0128
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0127
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0126
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0125
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0124
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0123
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0123/data0003.res
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0123/data0002.res
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0123/data0000.res
8/9/2011 4:20:31 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0123/data0000.res/data0001.res
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0122
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0121
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0120
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0119
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0118
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0117
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0116
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0115
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0114
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0113
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0112
8/9/2011 4:20:30 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0112/UPX
8/9/2011 4:20:30 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0112
8/9/2011 4:20:29 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0111
8/9/2011 4:20:29 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0110
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0109
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0108
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0107
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0106
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0105
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0104
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0103
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0102
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0101
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0100
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0099
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0098
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0097
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0096
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0095
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0095/JIM
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0094
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0093
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0092
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0091
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0090
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0089
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0088
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0087
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0086
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0085
8/9/2011 4:20:28 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0084
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0083
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0082
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0081
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0080
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0079
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0078
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0077
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0076
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0075
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0074
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0073
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0072
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0071
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0070
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0069
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0068
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0067
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0066
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0065
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0064
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0063
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0062
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0061
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0060
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0059
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0058
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0057
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0056
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0055
8/9/2011 4:20:27 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0054
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0053
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0052
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0051
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0050
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0049
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0048
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0047
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0046
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0045
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0044
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0043
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0043/UPX
8/9/2011 4:20:26 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0043
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0042
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0041
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0040
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0039
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0038
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0037
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0036
8/9/2011 4:20:26 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0035
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0034
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0033
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0032
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0031
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0031/UPX
8/9/2011 4:20:25 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0031
8/9/2011 4:20:25 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0030
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0029
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0028
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0027
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0026
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0025
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0024
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0023
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0022
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0021
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0020
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0019
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0018
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0017
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0016
8/9/2011 4:20:24 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0015
8/9/2011 4:20:23 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0014
8/9/2011 4:20:23 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0013
8/9/2011 4:20:23 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0012
8/9/2011 4:20:23 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0011
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0010
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0009
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0008
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0007
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0006
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0005
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0004
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0003
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0002
8/9/2011 4:20:22 PM OK C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX/data0001
8/9/2011 4:20:22 PM Archive: NSIS C:\documents and settings\fred\My Documents\Downloads\mesograt.exe/UPX
8/9/2011 4:20:21 PM Packed: UPX C:\documents and settings\fred\My Documents\Downloads\mesograt.exe
8/9/2011 4:20:21 PM OK C:\WINDOWS\system32\cmcfg32.dll
8/9/2011 4:20:21 PM OK C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
8/9/2011 4:20:21 PM OK C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
8/9/2011 4:20:21 PM OK C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
8/9/2011 4:20:20 PM OK C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
8/9/2011 4:20:20 PM OK C:\Program Files\Java\jre6\bin\jp2ssv.dll
8/9/2011 4:20:20 PM OK C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
8/9/2011 4:20:19 PM OK C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
8/9/2011 4:20:18 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
8/9/2011 4:20:18 PM OK C:\Program Files\WinRAR\RarExt.dll
8/9/2011 4:20:18 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.dll
8/9/2011 4:20:17 PM OK C:\WINDOWS\system32\xpsshhdr.dll
8/9/2011 4:20:17 PM OK C:\WINDOWS\system32\dfshim.dll
8/9/2011 4:20:17 PM OK C:\Program Files\Microsoft Office\Office12\MLSHEXT.DLL
8/9/2011 4:20:17 PM OK C:\Program Files\Microsoft Office\Office12\OLKFSTUB.DLL
8/9/2011 4:20:17 PM OK C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
8/9/2011 4:20:16 PM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE12\msoshext.dll
8/9/2011 4:20:16 PM OK C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
8/9/2011 4:20:16 PM OK C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
8/9/2011 4:20:15 PM OK C:\WINDOWS\system32\Audiodev.dll
8/9/2011 4:20:15 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhoShExt.dll
8/9/2011 4:20:15 PM OK C:\WINDOWS\system32\extmgr.dll
8/9/2011 4:20:15 PM OK C:\WINDOWS\system32\twext.dll
8/9/2011 4:20:14 PM OK C:\WINDOWS\system32\wmpshell.dll
8/9/2011 4:20:14 PM OK C:\Program Files\Outlook Express\wabfind.dll
8/9/2011 4:20:14 PM OK C:\WINDOWS\system32\cabview.dll
8/9/2011 4:20:14 PM OK C:\WINDOWS\system32\mmcshext.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\system32\photowiz.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\system32\dfsshlex.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\msagent\agentpsh.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\system32\cscui.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\system32\mydocs.dll
8/9/2011 4:20:13 PM OK C:\WINDOWS\system32\dsuiext.dll
8/9/2011 4:20:12 PM OK C:\WINDOWS\system32\dsquery.dll
8/9/2011 4:20:12 PM OK C:\WINDOWS\system32\docprop2.dll
8/9/2011 4:20:12 PM OK C:\WINDOWS\system32\msieftp.dll
8/9/2011 4:20:12 PM OK C:\WINDOWS\system32\cdfview.dll
8/9/2011 4:20:12 PM OK C:\WINDOWS\system32\zipfldr.dll
8/9/2011 4:20:11 PM OK C:\WINDOWS\system32\netplwiz.dll
8/9/2011 4:20:11 PM OK C:\WINDOWS\system32\shimgvw.dll
8/9/2011 4:20:11 PM OK C:\WINDOWS\system32\appwiz.cpl
8/9/2011 4:20:11 PM OK C:\WINDOWS\system32\occache.dll
8/9/2011 4:20:10 PM OK C:\WINDOWS\system32\sendmail.dll
8/9/2011 4:20:09 PM OK C:\WINDOWS\system32\shmedia.dll
8/9/2011 4:20:09 PM OK C:\WINDOWS\system32\shdocvw.dll
8/9/2011 4:20:09 PM OK C:\WINDOWS\system32\mstask.dll
8/9/2011 4:20:09 PM OK C:\Program Files\Common Files\System\Ole DB\oledb32.dll
8/9/2011 4:20:09 PM OK C:\WINDOWS\system32\wshext.dll
8/9/2011 4:20:08 PM OK C:\WINDOWS\system32\wuaucpl.cpl
8/9/2011 4:20:08 PM OK C:\WINDOWS\system32\remotepg.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\wiashext.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\netshell.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\cryptext.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\deskperf.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\fontext.dll
8/9/2011 4:20:07 PM OK C:\WINDOWS\system32\fontext.dll/#
8/9/2011 4:20:06 PM OK C:\WINDOWS\system32\hticons.dll
8/9/2011 4:20:06 PM OK C:\WINDOWS\system32\syncui.dll
8/9/2011 4:20:06 PM OK C:\WINDOWS\system32\dskquoui.dll
8/9/2011 4:20:06 PM OK C:\WINDOWS\system32\printui.dll
8/9/2011 4:20:06 PM OK C:\WINDOWS\system32\ntlanui2.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\diskcopy.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\shscrap.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\slayerxp.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\dssec.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\deskmon.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\deskadp.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\ntshrui.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\docprop.dll
8/9/2011 4:20:05 PM OK C:\WINDOWS\system32\rshx32.dll
8/9/2011 4:20:04 PM OK C:\WINDOWS\system32\icmui.dll
8/9/2011 4:20:04 PM OK C:\WINDOWS\system32\mmsys.cpl
8/9/2011 4:20:04 PM OK C:\WINDOWS\system32\browseui.dll
8/9/2011 4:20:03 PM OK C:\WINDOWS\system32\ssflwbox.scr
8/9/2011 4:20:03 PM OK C:\WINDOWS\system32\logon.scr
8/9/2011 4:20:03 PM OK C:\WINDOWS\system32\stobject.dll
8/9/2011 4:20:03 PM OK C:\WINDOWS\system32\webcheck.dll
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\xvidvfw.dll
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\wdmaud.drv
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\l3codeca.acm
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\sl_anet.acm
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\msaud32.acm
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\msh261.drv
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\msg723.acm
8/9/2011 4:20:02 PM OK C:\WINDOWS\system32\msacm32.drv
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\tsbyuv.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\msyuv.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\msvidc32.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\msrle32.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\iyuv_32.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\ir32_32.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\msh263.drv
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\iccvid.dll
8/9/2011 4:20:01 PM OK C:\WINDOWS\system32\tssoft32.acm
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\msgsm32.acm
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\msg711.acm
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\msadp32.acm
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\imaadp32.acm
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\midimap.dll
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\system.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\sound.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\progman.exe
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\wfwnet.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\mouse.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\keyboard.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\mmsystem.dll
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\vga.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\comm.drv
8/9/2011 4:20:00 PM OK C:\WINDOWS\system32\ie4uinit.exe
8/9/2011 4:19:59 PM OK C:\WINDOWS\system32\shell32.dll
8/9/2011 4:19:58 PM OK C:\WINDOWS\inf\WMP10.inf
8/9/2011 4:19:58 PM OK C:\WINDOWS\inf\msmsgs.inf
8/9/2011 4:19:58 PM OK C:\WINDOWS\inf\ie.inf
8/9/2011 4:19:58 PM OK C:\WINDOWS\system32\setupapi.dll
8/9/2011 4:19:58 PM OK C:\WINDOWS\inf\msnetmtg.inf
8/9/2011 4:19:58 PM OK C:\WINDOWS\system32\advpack.dll
8/9/2011 4:19:58 PM OK C:\WINDOWS\system32\user.exe
8/9/2011 4:19:58 PM OK C:\Program Files\Outlook Express\setup50.exe
8/9/2011 4:19:58 PM OK C:\Program Files\Outlook Express\setup50.exe/#
8/9/2011 4:19:57 PM OK C:\WINDOWS\system32\themeui.dll
8/9/2011 4:19:57 PM OK C:\WINDOWS\system32\regsvr32.exe
8/9/2011 4:19:57 PM OK C:\WINDOWS\system32\iedkcs32.dll
8/9/2011 4:19:57 PM OK C:\WINDOWS\system32\rundll32.exe
8/9/2011 4:19:57 PM OK C:\WINDOWS\system32\shmgrate.exe
8/9/2011 4:19:57 PM OK C:\WINDOWS\inf\unregmp2.exe
8/9/2011 4:19:57 PM OK C:\WINDOWS\inf\unregmp2.exe/#
8/9/2011 4:19:56 PM OK C:\WINDOWS\system32\scecli.dll
8/9/2011 4:19:55 PM OK C:\WINDOWS\system32\autochk.exe
8/9/2011 4:19:55 PM OK C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
8/9/2011 4:19:55 PM OK C:\WINDOWS\system32\wbem\wmiapsrv.exe
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wmiacpi.sys
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wmiacpi.sys/PE_Patch
8/9/2011 4:19:54 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\wmiacpi.sys
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wdmaud.sys
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wdf01000.sys
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wanarp.sys
8/9/2011 4:19:54 PM OK C:\WINDOWS\system32\drivers\wanarp.sys/PE_Patch
8/9/2011 4:19:54 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\wanarp.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\w29n51.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\vssvc.exe
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\volsnap.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\volsnap.sys/PE_Patch
8/9/2011 4:19:53 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\volsnap.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\vga.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\vga.sys/PE_Patch
8/9/2011 4:19:53 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\vga.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\usbuhci.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\usbuhci.sys/PE_Patch
8/9/2011 4:19:53 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbuhci.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\usbstor.sys
8/9/2011 4:19:53 PM OK C:\WINDOWS\system32\drivers\usbstor.sys/PE_Patch
8/9/2011 4:19:52 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbstor.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbscan.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbscan.sys/PE_Patch
8/9/2011 4:19:52 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbscan.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbhub.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbhub.sys/PE_Patch
8/9/2011 4:19:52 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbhub.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbehci.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbehci.sys/PE_Patch
8/9/2011 4:19:52 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbehci.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbccgp.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbccgp.sys/PE_Patch
8/9/2011 4:19:52 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\usbccgp.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\drivers\usbaapl.sys
8/9/2011 4:19:52 PM OK C:\WINDOWS\system32\ups.exe
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\update.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\update.sys/PE_Patch
8/9/2011 4:19:51 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\update.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\wdfmgr.exe
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\udfs.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\udfs.sys/PE_Patch
8/9/2011 4:19:51 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\udfs.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\tlntsvr.exe
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\tifm21.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\tifm21.sys/PE_Patch
8/9/2011 4:19:51 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\tifm21.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\termdd.sys
8/9/2011 4:19:51 PM OK C:\WINDOWS\system32\drivers\termdd.sys/PE_Patch
8/9/2011 4:19:50 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\termdd.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\tdtcp.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\tdtcp.sys/PE_Patch
8/9/2011 4:19:50 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\tdtcp.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\tdpipe.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\tdpipe.sys/PE_Patch
8/9/2011 4:19:50 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\tdpipe.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\tcpip.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\smlogsvc.exe
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\sysaudio.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\swmidi.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\swmidi.sys/PE_Patch
8/9/2011 4:19:50 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\swmidi.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\swenum.sys
8/9/2011 4:19:50 PM OK C:\WINDOWS\system32\drivers\swenum.sys/PE_Patch
8/9/2011 4:19:50 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\swenum.sys
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\drivers\srv.sys
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\drivers\sr.sys
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\drivers\sr.sys/PE_Patch
8/9/2011 4:19:49 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\sr.sys
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\spoolsv.exe
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\drivers\splitter.sys
8/9/2011 4:19:49 PM OK C:\WINDOWS\system32\drivers\splitter.sys/PE_Patch
8/9/2011 4:19:49 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\splitter.sys
8/9/2011 4:19:48 PM OK C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
8/9/2011 4:19:48 PM OK C:\WINDOWS\system32\drivers\smwdm.sys
8/9/2011 4:19:48 PM OK C:\WINDOWS\system32\drivers\smcirda.sys
8/9/2011 4:19:48 PM OK C:\WINDOWS\system32\drivers\sfloppy.sys
8/9/2011 4:19:48 PM OK C:\WINDOWS\system32\drivers\sfloppy.sys/PE_Patch
8/9/2011 4:19:48 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\sfloppy.sys
8/9/2011 4:19:48 PM OK C:\WINDOWS\system32\drivers\serial.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\serenum.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\serenum.sys/PE_Patch
8/9/2011 4:19:47 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\serenum.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\secdrv.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\secdrv.sys/PE_Patch
8/9/2011 4:19:47 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\secdrv.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\sdbus.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\sdbus.sys/PE_Patch
8/9/2011 4:19:47 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\sdbus.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\scsiport.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\drivers\scsiport.sys/PE_Patch
8/9/2011 4:19:47 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\scsiport.sys
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\scardsvr.exe
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\rsvp.exe
8/9/2011 4:19:47 PM OK C:\WINDOWS\system32\locator.exe
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\redbook.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\redbook.sys/PE_Patch
8/9/2011 4:19:46 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\redbook.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\sessmgr.exe
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\rdpwd.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\rdpwd.sys/PE_Patch
8/9/2011 4:19:46 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\rdpwd.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\rdpdr.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\rdpdr.sys/PE_Patch
8/9/2011 4:19:46 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\rdpdr.sys
8/9/2011 4:19:46 PM OK C:\WINDOWS\system32\drivers\rdpcdd.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\rdbss.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\raspti.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\raspppoe.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\raspppoe.sys/PE_Patch
8/9/2011 4:19:45 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\raspppoe.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\rasl2tp.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\rasirda.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\rasacd.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\ptilink.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\psched.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\psched.sys/PE_Patch
8/9/2011 4:19:45 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\psched.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\processr.sys
8/9/2011 4:19:45 PM OK C:\WINDOWS\system32\drivers\processr.sys/PE_Patch
8/9/2011 4:19:45 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\processr.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\raspptp.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\pcmcia.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\pcmcia.sys/PE_Patch
8/9/2011 4:19:44 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\pcmcia.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\pciide.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\pci.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\pci.sys/PE_Patch
8/9/2011 4:19:44 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\pci.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\parvdm.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\partmgr.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\partmgr.sys/PE_Patch
8/9/2011 4:19:44 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\partmgr.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\parport.sys
8/9/2011 4:19:44 PM OK C:\WINDOWS\system32\drivers\parport.sys/PE_Patch
8/9/2011 4:19:43 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\parport.sys
8/9/2011 4:19:43 PM OK C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
8/9/2011 4:19:43 PM OK C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
8/9/2011 4:19:43 PM OK C:\WINDOWS\system32\drivers\nwlnkfwd.sys
8/9/2011 4:19:43 PM OK C:\WINDOWS\system32\drivers\nwlnkflt.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\null.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\ntfs.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\npfs.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\npfs.sys/PE_Patch
8/9/2011 4:19:42 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\npfs.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\lsass.exe
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\netdde.exe
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\netbt.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\netbios.sys
8/9/2011 4:19:42 PM OK C:\WINDOWS\system32\drivers\netbios.sys/PE_Patch
8/9/2011 4:19:41 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\netbios.sys
8/9/2011 4:19:41 PM OK C:\WINDOWS\system32\drivers\ndproxy.sys
8/9/2011 4:19:41 PM OK C:\WINDOWS\system32\drivers\ndproxy.sys/PE_Patch
8/9/2011 4:19:41 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ndproxy.sys
8/9/2011 4:19:41 PM OK C:\WINDOWS\system32\drivers\ndiswan.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\ndisuio.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\ndisuio.sys/PE_Patch
8/9/2011 4:19:40 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ndisuio.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\ndistapi.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\ndistapi.sys/PE_Patch
8/9/2011 4:19:40 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ndistapi.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\ndis.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mup.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mssmbios.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mssmbios.sys/PE_Patch
8/9/2011 4:19:40 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mssmbios.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mspqm.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mspqm.sys/PE_Patch
8/9/2011 4:19:40 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mspqm.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mspclock.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mspclock.sys/PE_Patch
8/9/2011 4:19:40 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mspclock.sys
8/9/2011 4:19:40 PM OK C:\WINDOWS\system32\drivers\mskssrv.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\mskssrv.sys/PE_Patch
8/9/2011 4:19:39 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mskssrv.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\msiexec.exe
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\msfs.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\msfs.sys/PE_Patch
8/9/2011 4:19:39 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\msfs.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\msdtc.exe
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\mrxsmb.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\mrxdav.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\mrxdav.sys/PE_Patch
8/9/2011 4:19:39 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mrxdav.sys
8/9/2011 4:19:39 PM OK C:\WINDOWS\system32\drivers\mountmgr.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\mountmgr.sys/PE_Patch
8/9/2011 4:19:38 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mountmgr.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\mouhid.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\mouclass.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\mouclass.sys/PE_Patch
8/9/2011 4:19:38 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\mouclass.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\modem.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\modem.sys/PE_Patch
8/9/2011 4:19:38 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\modem.sys
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\mnmsrvc.exe
8/9/2011 4:19:38 PM OK C:\WINDOWS\system32\drivers\mnmdd.sys
8/9/2011 4:19:37 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\mbam.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\ksecdd.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\ksecdd.sys/PE_Patch
8/9/2011 4:19:37 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ksecdd.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\kmixer.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\kmixer.sys/PE_Patch
8/9/2011 4:19:37 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\kmixer.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\kbdclass.sys
8/9/2011 4:19:37 PM OK C:\WINDOWS\system32\drivers\kbdclass.sys/PE_Patch
8/9/2011 4:19:37 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\kbdclass.sys
8/9/2011 4:19:36 PM OK C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
8/9/2011 4:19:36 PM OK C:\Program Files\Java\jre6\bin\jqs.exe
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\isapnp.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\isapnp.sys/PE_Patch
8/9/2011 4:19:36 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\isapnp.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\irenum.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\irenum.sys/PE_Patch
8/9/2011 4:19:36 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\irenum.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\irda.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\irda.sys/PE_Patch
8/9/2011 4:19:36 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\irda.sys
8/9/2011 4:19:36 PM OK C:\WINDOWS\system32\drivers\ipsec.sys
8/9/2011 4:19:35 PM OK C:\Program Files\iPod\bin\iPodService.exe
8/9/2011 4:19:35 PM OK C:\WINDOWS\system32\drivers\ipnat.sys
8/9/2011 4:19:35 PM OK C:\WINDOWS\system32\drivers\ipnat.sys/PE_Patch
8/9/2011 4:19:35 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ipnat.sys
8/9/2011 4:19:35 PM OK C:\WINDOWS\system32\drivers\ipinip.sys
8/9/2011 4:19:35 PM OK C:\WINDOWS\system32\drivers\ipinip.sys/PE_Patch
8/9/2011 4:19:35 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ipinip.sys
8/9/2011 4:19:34 PM OK C:\WINDOWS\system32\drivers\ipfltdrv.sys
8/9/2011 4:19:34 PM OK C:\WINDOWS\system32\drivers\ip6fw.sys
8/9/2011 4:19:34 PM OK C:\WINDOWS\system32\drivers\ip6fw.sys/PE_Patch
8/9/2011 4:19:34 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ip6fw.sys
8/9/2011 4:19:34 PM OK C:\WINDOWS\system32\drivers\intelppm.sys
8/9/2011 4:19:34 PM OK C:\WINDOWS\system32\drivers\intelppm.sys/PE_Patch
8/9/2011 4:19:34 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\intelppm.sys
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\imapi.exe
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\drivers\imapi.sys
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\drivers\imapi.sys/PE_Patch
8/9/2011 4:19:33 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\imapi.sys
8/9/2011 4:19:33 PM OK C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\drivers\i8042prt.sys
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\drivers\http.sys
8/9/2011 4:19:33 PM OK C:\WINDOWS\system32\drivers\http.sys/PE_Patch
8/9/2011 4:19:32 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\http.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\hidusb.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\hidusb.sys/PE_Patch
8/9/2011 4:19:32 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\hidusb.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\gtipci21.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\gtipci21.sys/PE_Patch
8/9/2011 4:19:32 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\gtipci21.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\msgpc.sys
8/9/2011 4:19:32 PM OK C:\WINDOWS\system32\drivers\msgpc.sys/PE_Patch
8/9/2011 4:19:32 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\msgpc.sys
8/9/2011 4:19:32 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys
8/9/2011 4:19:32 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
8/9/2011 4:19:31 PM OK C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
8/9/2011 4:19:31 PM OK C:\WINDOWS\system32\drivers\ftdisk.sys
8/9/2011 4:19:31 PM OK C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fltmgr.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fltmgr.sys/PE_Patch
8/9/2011 4:19:30 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\fltmgr.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\flpydisk.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\flpydisk.sys/PE_Patch
8/9/2011 4:19:30 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\flpydisk.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fips.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fips.sys/PE_Patch
8/9/2011 4:19:30 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\fips.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fdc.sys
8/9/2011 4:19:30 PM OK C:\WINDOWS\system32\drivers\fdc.sys/PE_Patch
8/9/2011 4:19:30 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\fdc.sys
8/9/2011 4:19:29 PM OK C:\WINDOWS\system32\drivers\fastfat.sys
8/9/2011 4:19:29 PM OK C:\WINDOWS\system32\services.exe
8/9/2011 4:19:29 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
8/9/2011 4:19:29 PM OK C:\WINDOWS\system32\drivers\epfwtdir.sys
8/9/2011 4:19:29 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\ehdrv.sys
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\eamon.sys
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\drmkaud.sys
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\drmkaud.sys/PE_Patch
8/9/2011 4:19:28 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\drmkaud.sys
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\dmusic.sys
8/9/2011 4:19:28 PM OK C:\WINDOWS\system32\drivers\dmusic.sys/PE_Patch
8/9/2011 4:19:27 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\dmusic.sys
8/9/2011 4:19:27 PM OK C:\WINDOWS\system32\drivers\dmload.sys
8/9/2011 4:19:27 PM OK C:\WINDOWS\system32\drivers\dmio.sys
8/9/2011 4:19:27 PM OK C:\WINDOWS\system32\drivers\dmio.sys/PE_Patch
8/9/2011 4:19:27 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\dmio.sys
8/9/2011 4:19:27 PM OK C:\WINDOWS\system32\drivers\dmboot.sys
8/9/2011 4:19:27 PM OK C:\WINDOWS\system32\drivers\dmboot.sys/PE_Patch
8/9/2011 4:19:27 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\dmboot.sys
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\dmadmin.exe
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\drivers\disk.sys
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\drivers\disk.sys/PE_Patch
8/9/2011 4:19:26 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\disk.sys
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\dllhost.exe
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\drivers\compbatt.sys
8/9/2011 4:19:26 PM OK C:\WINDOWS\system32\drivers\compbatt.sys/PE_Patch
8/9/2011 4:19:26 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\compbatt.sys
8/9/2011 4:19:25 PM OK C:\WINDOWS\system32\drivers\cmbatt.sys
8/9/2011 4:19:25 PM OK C:\WINDOWS\system32\drivers\cmbatt.sys/PE_Patch
8/9/2011 4:19:25 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\cmbatt.sys
8/9/2011 4:19:25 PM OK C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
8/9/2011 4:19:25 PM OK C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
8/9/2011 4:19:25 PM OK C:\WINDOWS\system32\clipsrv.exe
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\cisvc.exe
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\drivers\cdrom.sys
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\drivers\cdrom.sys/PE_Patch
8/9/2011 4:19:24 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\cdrom.sys
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\drivers\cdfs.sys
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\drivers\cdaudio.sys
8/9/2011 4:19:24 PM OK C:\WINDOWS\system32\drivers\cbidf2k.sys
8/9/2011 4:19:23 PM OK C:\Program Files\Bonjour\mDNSResponder.exe
8/9/2011 4:19:23 PM OK C:\WINDOWS\system32\drivers\beep.sys
8/9/2011 4:19:23 PM OK C:\WINDOWS\system32\drivers\b57xp32.sys
8/9/2011 4:19:22 PM OK C:\WINDOWS\system32\drivers\audstub.sys
8/9/2011 4:19:22 PM OK C:\WINDOWS\system32\drivers\atmarpc.sys
8/9/2011 4:19:22 PM OK C:\WINDOWS\system32\drivers\atmarpc.sys/PE_Patch
8/9/2011 4:19:22 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\atmarpc.sys
8/9/2011 4:19:22 PM OK C:\WINDOWS\system32\drivers\ati2mtag.sys
8/9/2011 4:19:22 PM OK C:\WINDOWS\system32\drivers\ati2mtag.sys/PE_Patch
8/9/2011 4:19:21 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\ati2mtag.sys
8/9/2011 4:19:21 PM OK C:\WINDOWS\system32\ati2evxx.exe
8/9/2011 4:19:20 PM OK C:\WINDOWS\system32\drivers\atapi.sys
8/9/2011 4:19:20 PM OK C:\WINDOWS\system32\drivers\atapi.sys/PE_Patch
8/9/2011 4:19:20 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\atapi.sys
8/9/2011 4:19:20 PM OK C:\WINDOWS\system32\drivers\asyncmac.sys
8/9/2011 4:19:20 PM OK C:\WINDOWS\system32\drivers\asyncmac.sys/PE_Patch
8/9/2011 4:19:20 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\asyncmac.sys
8/9/2011 4:19:19 PM OK C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
8/9/2011 4:19:19 PM OK C:\WINDOWS\system32\drivers\ASPI32.SYS
8/9/2011 4:19:19 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
8/9/2011 4:19:18 PM OK C:\WINDOWS\system32\alg.exe
8/9/2011 4:19:18 PM OK C:\WINDOWS\system32\svchost.exe
8/9/2011 4:19:18 PM OK C:\WINDOWS\system32\drivers\AGRSM.sys
8/9/2011 4:19:18 PM OK C:\WINDOWS\system32\drivers\afd.sys
8/9/2011 4:19:17 PM OK C:\WINDOWS\system32\drivers\aec.sys
8/9/2011 4:19:17 PM OK C:\WINDOWS\system32\drivers\aec.sys/PE_Patch
8/9/2011 4:19:17 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\aec.sys
8/9/2011 4:19:17 PM OK C:\WINDOWS\system32\drivers\aeaudio.sys
8/9/2011 4:19:16 PM OK C:\WINDOWS\system32\drivers\acpiec.sys
8/9/2011 4:19:16 PM OK C:\WINDOWS\system32\drivers\acpi.sys
8/9/2011 4:19:16 PM OK C:\WINDOWS\system32\drivers\acpi.sys/PE_Patch
8/9/2011 4:19:16 PM Packed: PE_Patch C:\WINDOWS\system32\drivers\acpi.sys
8/9/2011 4:19:16 PM OK C:\WINDOWS\system32\drivers\10676419.sys
8/9/2011 4:19:13 PM OK C:\WINDOWS\system32\xmlprov.dll
8/9/2011 4:19:12 PM OK C:\WINDOWS\system32\wzcsvc.dll
8/9/2011 4:19:12 PM OK C:\WINDOWS\system32\wscsvc.dll
8/9/2011 4:19:12 PM OK C:\WINDOWS\system32\advapi32.dll
8/9/2011 4:19:12 PM OK C:\WINDOWS\system32\MsPMSNSv.dll
8/9/2011 4:19:11 PM OK C:\WINDOWS\system32\wbem\wmisvc.dll
8/9/2011 4:19:11 PM OK C:\WINDOWS\system32\webclnt.dll
8/9/2011 4:19:10 PM OK C:\WINDOWS\system32\w32time.dll
8/9/2011 4:19:09 PM OK C:\WINDOWS\system32\upnphost.dll
8/9/2011 4:19:08 PM OK C:\WINDOWS\system32\trkwks.dll
8/9/2011 4:19:06 PM OK C:\WINDOWS\system32\termsrv.dll
8/9/2011 4:19:05 PM OK C:\WINDOWS\system32\tapisrv.dll
8/9/2011 4:19:03 PM OK C:\WINDOWS\system32\wiaservc.dll
8/9/2011 4:19:03 PM OK C:\WINDOWS\system32\wiaservc.dll/#
8/9/2011 4:19:02 PM OK C:\WINDOWS\system32\ssdpsrv.dll
8/9/2011 4:19:01 PM OK C:\WINDOWS\system32\srsvc.dll
8/9/2011 4:19:00 PM OK C:\WINDOWS\system32\ipnathlp.dll
8/9/2011 4:19:00 PM OK C:\WINDOWS\system32\sens.dll
8/9/2011 4:19:00 PM OK C:\WINDOWS\system32\seclogon.dll
8/9/2011 4:19:00 PM OK C:\WINDOWS\system32\schedsvc.dll
8/9/2011 4:19:00 PM OK C:\WINDOWS\system32\regsvc.dll
8/9/2011 4:18:59 PM OK C:\WINDOWS\system32\mprdim.dll
8/9/2011 4:18:57 PM OK C:\WINDOWS\system32\rasmans.dll
8/9/2011 4:18:57 PM OK C:\WINDOWS\system32\rasauto.dll
8/9/2011 4:18:56 PM OK C:\WINDOWS\system32\ntmssvc.dll
8/9/2011 4:18:56 PM OK C:\WINDOWS\system32\mswsock.dll
8/9/2011 4:18:56 PM OK C:\WINDOWS\system32\netman.dll
8/9/2011 4:18:55 PM OK C:\WINDOWS\system32\qagentrt.dll
8/9/2011 4:18:53 PM OK C:\WINDOWS\system32\msgsvc.dll
8/9/2011 4:18:53 PM OK C:\WINDOWS\system32\lmhsvc.dll
8/9/2011 4:18:53 PM OK C:\WINDOWS\system32\wkssvc.dll
8/9/2011 4:18:52 PM OK C:\WINDOWS\system32\srvsvc.dll
8/9/2011 4:18:52 PM OK C:\WINDOWS\system32\irmon.dll
8/9/2011 4:18:52 PM OK C:\WINDOWS\system32\w3ssl.dll
8/9/2011 4:18:46 PM OK C:\WINDOWS\system32\kmsvc.dll
8/9/2011 4:18:46 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
8/9/2011 4:18:46 PM OK C:\WINDOWS\system32\shsvcs.dll
8/9/2011 4:18:40 PM OK C:\WINDOWS\system32\es.dll
8/9/2011 4:18:40 PM OK C:\WINDOWS\system32\ersvc.dll
8/9/2011 4:18:39 PM OK C:\WINDOWS\system32\eapsvc.dll
8/9/2011 4:18:38 PM OK C:\WINDOWS\system32\dot3svc.dll
8/9/2011 4:18:38 PM OK C:\WINDOWS\system32\dnsrslvr.dll
8/9/2011 4:18:38 PM OK C:\WINDOWS\system32\dmserver.dll
8/9/2011 4:18:38 PM OK C:\WINDOWS\system32\dhcpcsvc.dll
8/9/2011 4:18:37 PM OK C:\WINDOWS\system32\rpcss.dll
8/9/2011 4:18:36 PM OK C:\WINDOWS\system32\cryptsvc.dll
8/9/2011 4:18:36 PM OK C:\WINDOWS\system32\browser.dll
8/9/2011 4:18:36 PM OK C:\WINDOWS\system32\qmgr.dll
8/9/2011 4:18:35 PM OK C:\WINDOWS\system32\audiosrv.dll
8/9/2011 4:18:34 PM OK C:\WINDOWS\system32\appmgmts.dll
8/9/2011 4:18:33 PM OK C:\WINDOWS\system32\alrsvc.dll
8/9/2011 4:18:32 PM OK C:\Program Files\BitTorrent\BitTorrent.exe
8/9/2011 4:18:30 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:18:29 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:18:29 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:18:29 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX
8/9/2011 4:18:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/# Object was not changed (iChecker)
8/9/2011 4:18:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/#
8/9/2011 4:18:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/#
8/9/2011 4:18:22 PM Packed: UPX C:\Program Files\BitTorrent\BitTorrent.exe
8/9/2011 4:18:19 PM OK C:\Program Files\VistaSwitcher\vswitch.exe
8/9/2011 4:18:18 PM OK C:\WINDOWS\system32\ctfmon.exe
8/9/2011 4:18:12 PM OK C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
8/9/2011 4:18:08 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
8/9/2011 4:17:47 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
8/9/2011 4:17:41 PM OK C:\Program Files\iTunes\iTunesHelper.exe
8/9/2011 4:17:40 PM OK C:\Program Files\QuickTime\QTTask.exe
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:38 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:35 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:18 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:18 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:18 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:17 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:16 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:17:15 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:16:50 PM OK C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
8/9/2011 4:13:36 PM OK C:\WINDOWS\AGRSMMSG.exe
8/9/2011 4:13:32 PM OK C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
8/9/2011 4:13:02 PM OK C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
8/9/2011 4:13:01 PM OK C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
8/9/2011 4:13:00 PM OK C:\WINDOWS\system32\WgaLogon.dll
8/9/2011 4:13:00 PM OK C:\WINDOWS\system32\sclgntfy.dll
8/9/2011 4:13:00 PM OK C:\WINDOWS\system32\wlnotify.dll
8/9/2011 4:13:00 PM OK C:\WINDOWS\system32\dimsntfy.dll
8/9/2011 4:13:00 PM OK C:\WINDOWS\system32\cscdll.dll
8/9/2011 4:12:59 PM OK C:\WINDOWS\system32\cryptnet.dll
8/9/2011 4:12:59 PM OK C:\WINDOWS\system32\crypt32.dll
8/9/2011 4:12:59 PM OK C:\WINDOWS\system32\ati2evxx.dll
8/9/2011 4:12:57 PM OK C:\WINDOWS\system32\userinit.exe
8/9/2011 4:12:57 PM OK C:\WINDOWS\explorer.exe
8/9/2011 4:12:56 PM OK C:\WINDOWS\system32\drwtsn32.exe
8/9/2011 4:12:56 PM OK C:\WINDOWS\system32\timer.drv
8/9/2011 4:12:56 PM OK C:\WINDOWS\system32\mmdrv.dll
8/9/2011 4:12:43 PM OK C:\WINDOWS\system32\MsPMSNSv.dll
8/9/2011 4:12:43 PM OK C:\WINDOWS\system32\qmgr.dll
8/9/2011 4:12:42 PM OK C:\WINDOWS\system32\es.dll Object was not changed (iSwift 3)
8/9/2011 4:12:32 PM OK pid:4\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK C:\WINDOWS\system32\smss.exe
8/9/2011 4:12:32 PM OK smss.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK smss.exe\smss.exe
8/9/2011 4:12:32 PM OK csrss.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK C:\WINDOWS\system32\winsrv.dll
8/9/2011 4:12:32 PM OK csrss.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK csrss.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:32 PM OK C:\WINDOWS\system32\basesrv.dll
8/9/2011 4:12:32 PM OK csrss.exe\winsrv.dll
8/9/2011 4:12:32 PM OK csrss.exe\basesrv.dll
8/9/2011 4:12:32 PM OK C:\WINDOWS\system32\csrsrv.dll
8/9/2011 4:12:31 PM OK csrss.exe\csrsrv.dll
8/9/2011 4:12:31 PM OK C:\WINDOWS\system32\csrss.exe
8/9/2011 4:12:31 PM OK csrss.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK csrss.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK csrss.exe\csrss.exe
8/9/2011 4:12:31 PM OK winlogon.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\activeds.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\msv1_0.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\apphelp.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\cscui.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\shsvcs.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\authz.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\rtutils.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\adsldpc.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\mprapi.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\sfc_os.dll Object was not changed (iChecker)
8/9/2011 4:12:31 PM OK winlogon.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK C:\WINDOWS\system32\msgina.dll
8/9/2011 4:12:30 PM OK winlogon.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK C:\WINDOWS\system32\sfc.dll
8/9/2011 4:12:30 PM OK winlogon.exe\regapi.dll
8/9/2011 4:12:30 PM OK winlogon.exe\sfc.dll
8/9/2011 4:12:30 PM OK winlogon.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\ntdsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\cryptdll.dll
8/9/2011 4:12:30 PM OK winlogon.exe\cscdll.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\comdlg32.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK winlogon.exe\winsta.dll
8/9/2011 4:12:30 PM OK winlogon.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:12:30 PM OK C:\WINDOWS\system32\wlnotify.dll
8/9/2011 4:12:29 PM OK winlogon.exe\msgina.dll
8/9/2011 4:12:29 PM OK winlogon.exe\wlnotify.dll
8/9/2011 4:12:29 PM OK C:\WINDOWS\system32\nddeapi.dll
8/9/2011 4:12:29 PM OK C:\WINDOWS\system32\profmap.dll
8/9/2011 4:12:29 PM OK winlogon.exe\nddeapi.dll
8/9/2011 4:12:29 PM OK winlogon.exe\profmap.dll
8/9/2011 4:12:28 PM OK winlogon.exe\fastprox.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\wbemcomn.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\wbemprox.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\wbemsvc.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\msxml3.dll Object was not changed (iChecker)
8/9/2011 4:12:28 PM OK winlogon.exe\odbc32.dll
8/9/2011 4:12:27 PM OK winlogon.exe\winspool.drv Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK C:\WINDOWS\system32\ati2evxx.dll
8/9/2011 4:12:27 PM OK winlogon.exe\wdmaud.drv Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\msacm32.drv Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\winscard.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\mpr.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK C:\WINDOWS\system32\dimsntfy.dll
8/9/2011 4:12:27 PM OK winlogon.exe\ws2_32.dll
8/9/2011 4:12:27 PM OK winlogon.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:12:27 PM OK winlogon.exe\dimsntfy.dll
8/9/2011 4:12:27 PM OK C:\WINDOWS\system32\WgaLogon.dll
8/9/2011 4:12:27 PM OK winlogon.exe\ati2evxx.dll
8/9/2011 4:12:26 PM OK winlogon.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:12:26 PM OK C:\WINDOWS\system32\winlogon.exe
8/9/2011 4:12:26 PM OK winlogon.exe\WgaLogon.dll
8/9/2011 4:12:26 PM OK winlogon.exe\winlogon.exe
8/9/2011 4:12:26 PM OK winlogon.exe\odbcint.dll Object was not changed (iChecker)
8/9/2011 4:12:26 PM OK C:\WINDOWS\system32\scesrv.dll
8/9/2011 4:12:26 PM OK services.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:26 PM OK services.exe\scesrv.dll
8/9/2011 4:12:26 PM OK C:\WINDOWS\system32\umpnpmgr.dll
8/9/2011 4:12:25 PM OK services.exe\umpnpmgr.dll
8/9/2011 4:12:25 PM OK services.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK C:\WINDOWS\system32\eventlog.dll
8/9/2011 4:12:25 PM OK services.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\eventlog.dll
8/9/2011 4:12:25 PM OK services.exe\apphelp.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\authz.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\winsta.dll
8/9/2011 4:12:25 PM OK services.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\ws2_32.dll
8/9/2011 4:12:25 PM OK services.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK C:\WINDOWS\AppPatch\acadproc.dll
8/9/2011 4:12:25 PM OK services.exe\ncobjapi.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\shimeng.dll
8/9/2011 4:12:25 PM OK services.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:25 PM OK services.exe\acadproc.dll
8/9/2011 4:12:25 PM OK C:\WINDOWS\system32\services.exe
8/9/2011 4:12:25 PM OK services.exe\services.exe
8/9/2011 4:12:25 PM OK C:\WINDOWS\system32\wdigest.dll
8/9/2011 4:12:24 PM OK lsass.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\wdigest.dll
8/9/2011 4:12:24 PM OK lsass.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\msv1_0.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\authz.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\schannel.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\w32time.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\ntdsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK C:\WINDOWS\system32\lsasrv.dll
8/9/2011 4:12:24 PM OK lsass.exe\cryptdll.dll
8/9/2011 4:12:24 PM OK C:\WINDOWS\system32\oakley.dll
8/9/2011 4:12:24 PM OK lsass.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:12:24 PM OK lsass.exe\oakley.dll
8/9/2011 4:12:24 PM OK lsass.exe\lsasrv.dll
8/9/2011 4:12:24 PM OK C:\WINDOWS\system32\netlogon.dll
8/9/2011 4:12:23 PM OK lsass.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:23 PM OK lsass.exe\netlogon.dll
8/9/2011 4:12:23 PM OK C:\WINDOWS\system32\samsrv.dll
8/9/2011 4:12:23 PM OK lsass.exe\samsrv.dll
8/9/2011 4:12:23 PM OK lsass.exe\scecli.dll Object was not changed (iChecker)
8/9/2011 4:12:23 PM OK C:\WINDOWS\system32\ipsecsvc.dll
8/9/2011 4:12:23 PM OK lsass.exe\ipsecsvc.dll
8/9/2011 4:12:23 PM OK C:\WINDOWS\system32\psbase.dll
8/9/2011 4:12:23 PM OK C:\WINDOWS\system32\pstorsvc.dll
8/9/2011 4:12:23 PM OK lsass.exe\psbase.dll
8/9/2011 4:12:22 PM OK lsass.exe\pstorsvc.dll
8/9/2011 4:12:22 PM OK lsass.exe\winipsec.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\kerberos.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK C:\WINDOWS\system32\dssenh.dll
8/9/2011 4:12:22 PM OK lsass.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\mpr.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\ws2_32.dll
8/9/2011 4:12:22 PM OK lsass.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:12:22 PM OK lsass.exe\dssenh.dll
8/9/2011 4:12:22 PM OK lsass.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK lsass.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK lsass.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK lsass.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK C:\WINDOWS\system32\msprivs.dll
8/9/2011 4:12:21 PM OK lsass.exe\shimeng.dll
8/9/2011 4:12:21 PM OK lsass.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK C:\WINDOWS\system32\lsass.exe
8/9/2011 4:12:21 PM OK lsass.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK lsass.exe\msprivs.dll
8/9/2011 4:12:21 PM OK lsass.exe\lsass.exe
8/9/2011 4:12:21 PM OK ati2evxx.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:21 PM OK ati2evxx.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK ati2evxx.exe\ati2edxx.dll
8/9/2011 4:12:20 PM OK ati2evxx.exe\ati2evxx.exe
8/9/2011 4:12:20 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\activeds.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\apphelp.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK C:\WINDOWS\system32\authz.dll
8/9/2011 4:12:20 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\authz.dll
8/9/2011 4:12:20 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\adsldpc.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK C:\WINDOWS\system32\regapi.dll
8/9/2011 4:12:20 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:12:20 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK svchost.exe\regapi.dll
8/9/2011 4:12:19 PM OK C:\WINDOWS\system32\termsrv.dll
8/9/2011 4:12:19 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK svchost.exe\rpcss.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:19 PM OK C:\WINDOWS\system32\mstlsapi.dll
8/9/2011 4:12:19 PM OK svchost.exe\termsrv.dll
8/9/2011 4:12:19 PM OK svchost.exe\mstlsapi.dll
8/9/2011 4:12:18 PM OK C:\WINDOWS\system32\icaapi.dll
8/9/2011 4:12:18 PM OK svchost.exe\icaapi.dll
8/9/2011 4:12:18 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:12:18 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:12:18 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\rasadhlp.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\winrnr.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK C:\WINDOWS\system32\rpcss.dll
8/9/2011 4:12:17 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:12:17 PM OK svchost.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\rpcss.dll
8/9/2011 4:12:16 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:12:16 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\mdnsNSP.dll
8/9/2011 4:12:16 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:12:16 PM OK C:\WINDOWS\system32\rasmans.dll
8/9/2011 4:12:15 PM OK svchost.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:12:15 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:12:15 PM OK svchost.exe\urlmon.dll Object was not changed (iChecker)
8/9/2011 4:12:15 PM OK svchost.exe\rasmans.dll
8/9/2011 4:12:15 PM OK C:\WINDOWS\system32\wzcsvc.dll
8/9/2011 4:12:15 PM OK svchost.exe\wzcsvc.dll
8/9/2011 4:12:15 PM OK C:\WINDOWS\system32\dhcpcsvc.dll
8/9/2011 4:12:15 PM OK svchost.exe\dhcpcsvc.dll
8/9/2011 4:12:15 PM OK C:\WINDOWS\system32\netman.dll
8/9/2011 4:12:14 PM OK svchost.exe\msi.dll
8/9/2011 4:12:14 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\netman.dll
8/9/2011 4:12:14 PM OK C:\WINDOWS\system32\certcli.dll
8/9/2011 4:12:14 PM OK svchost.exe\activeds.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\msv1_0.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\certcli.dll
8/9/2011 4:12:14 PM OK C:\WINDOWS\system32\es.dll
8/9/2011 4:12:14 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:12:14 PM OK svchost.exe\es.dll
8/9/2011 4:12:14 PM OK C:\WINDOWS\system32\shsvcs.dll
8/9/2011 4:12:13 PM OK svchost.exe\shsvcs.dll
8/9/2011 4:12:13 PM OK C:\WINDOWS\system32\schedsvc.dll
8/9/2011 4:12:13 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\schedsvc.dll
8/9/2011 4:12:13 PM OK svchost.exe\wininet.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK C:\WINDOWS\system32\wkssvc.dll
8/9/2011 4:12:13 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\rasadhlp.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\winrnr.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\rasapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\tapi32.dll Object was not changed (iChecker)
8/9/2011 4:12:13 PM OK svchost.exe\rasman.dll
8/9/2011 4:12:12 PM OK svchost.exe\rtutils.dll Object was not changed (iChecker)
8/9/2011 4:12:12 PM OK svchost.exe\wkssvc.dll
8/9/2011 4:12:12 PM OK C:\WINDOWS\system32\browser.dll
8/9/2011 4:12:12 PM OK svchost.exe\adsldpc.dll Object was not changed (iChecker)
8/9/2011 4:12:12 PM OK svchost.exe\upnp.dll Object was not changed (iChecker)
8/9/2011 4:12:12 PM OK svchost.exe\browser.dll
8/9/2011 4:12:12 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:12:12 PM OK svchost.exe\mprapi.dll Object was not changed (iChecker)
8/9/2011 4:12:12 PM OK C:\WINDOWS\system32\wmi.dll
8/9/2011 4:12:12 PM OK svchost.exe\wmi.dll
8/9/2011 4:12:12 PM OK C:\WINDOWS\system32\clusapi.dll
8/9/2011 4:12:11 PM OK svchost.exe\clusapi.dll
8/9/2011 4:12:11 PM OK C:\WINDOWS\system32\cryptsvc.dll
8/9/2011 4:12:11 PM OK svchost.exe\cryptsvc.dll
8/9/2011 4:12:11 PM OK C:\WINDOWS\system32\raschap.dll
8/9/2011 4:12:11 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:12:11 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:12:11 PM OK svchost.exe\credui.dll Object was not changed (iChecker)
8/9/2011 4:12:11 PM OK svchost.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:12:11 PM OK svchost.exe\raschap.dll
8/9/2011 4:12:11 PM OK C:\WINDOWS\system32\rastls.dll
8/9/2011 4:12:11 PM OK C:\WINDOWS\system32\rasdlg.dll
8/9/2011 4:12:10 PM OK svchost.exe\rastls.dll
8/9/2011 4:12:10 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:12:10 PM OK C:\WINDOWS\system32\comsvcs.dll
8/9/2011 4:12:10 PM OK svchost.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:12:10 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:12:10 PM OK svchost.exe\rasdlg.dll
8/9/2011 4:12:10 PM OK C:\WINDOWS\system32\w32time.dll
8/9/2011 4:12:10 PM OK svchost.exe\schannel.dll
8/9/2011 4:12:09 PM OK svchost.exe\w32time.dll
8/9/2011 4:12:09 PM OK svchost.exe\ntdsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:09 PM OK svchost.exe\cryptdll.dll
8/9/2011 4:12:09 PM OK svchost.exe\comsvcs.dll
8/9/2011 4:12:09 PM OK C:\WINDOWS\system32\wbem\wbemcore.dll
8/9/2011 4:12:09 PM OK svchost.exe\netshell.dll Object was not changed (iChecker)
8/9/2011 4:12:09 PM OK C:\WINDOWS\system32\mlang.dll
8/9/2011 4:12:09 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:12:09 PM OK svchost.exe\winsta.dll
8/9/2011 4:12:09 PM OK C:\WINDOWS\system32\netcfgx.dll
8/9/2011 4:12:08 PM OK svchost.exe\wbemcore.dll
8/9/2011 4:12:08 PM OK svchost.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:12:08 PM OK C:\WINDOWS\system32\rastapi.dll
8/9/2011 4:12:08 PM OK svchost.exe\mlang.dll
8/9/2011 4:12:08 PM OK svchost.exe\rastapi.dll
8/9/2011 4:12:08 PM OK svchost.exe\fastprox.dll Object was not changed (iChecker)
8/9/2011 4:12:08 PM OK svchost.exe\netcfgx.dll
8/9/2011 4:12:07 PM OK C:\WINDOWS\system32\vssapi.dll
8/9/2011 4:12:07 PM OK svchost.exe\cryptui.dll Object was not changed (iChecker)
8/9/2011 4:12:07 PM OK C:\WINDOWS\system32\wbem\wbemess.dll
8/9/2011 4:12:07 PM OK svchost.exe\vssapi.dll
8/9/2011 4:12:07 PM OK C:\WINDOWS\system32\wbem\esscli.dll
8/9/2011 4:12:07 PM OK svchost.exe\wbemess.dll
8/9/2011 4:12:06 PM OK svchost.exe\esscli.dll
8/9/2011 4:12:06 PM OK C:\WINDOWS\system32\wbem\repdrvfs.dll
8/9/2011 4:12:06 PM OK svchost.exe\wbemcomn.dll Object was not changed (iChecker)
8/9/2011 4:12:06 PM OK C:\WINDOWS\system32\srsvc.dll
8/9/2011 4:12:05 PM OK svchost.exe\repdrvfs.dll
8/9/2011 4:12:05 PM OK svchost.exe\srsvc.dll
8/9/2011 4:12:05 PM OK C:\WINDOWS\system32\colbact.dll
8/9/2011 4:12:05 PM OK C:\WINDOWS\system32\mtxclu.dll
8/9/2011 4:12:05 PM OK svchost.exe\colbact.dll
8/9/2011 4:12:05 PM OK svchost.exe\mtxclu.dll
8/9/2011 4:12:05 PM OK C:\WINDOWS\system32\resutils.dll
8/9/2011 4:12:04 PM OK C:\WINDOWS\system32\srvsvc.dll
8/9/2011 4:12:04 PM OK svchost.exe\resutils.dll
8/9/2011 4:12:04 PM OK svchost.exe\srvsvc.dll
8/9/2011 4:12:04 PM OK C:\WINDOWS\system32\trkwks.dll
8/9/2011 4:12:04 PM OK svchost.exe\trkwks.dll
8/9/2011 4:12:03 PM OK C:\WINDOWS\system32\wbem\wmiutils.dll
8/9/2011 4:12:03 PM OK svchost.exe\wmiutils.dll
8/9/2011 4:12:03 PM OK C:\WINDOWS\system32\dmserver.dll
8/9/2011 4:12:03 PM OK svchost.exe\dmserver.dll
8/9/2011 4:12:03 PM OK C:\WINDOWS\system32\ersvc.dll
8/9/2011 4:12:03 PM OK C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
8/9/2011 4:12:03 PM OK svchost.exe\ersvc.dll
8/9/2011 4:12:03 PM OK C:\WINDOWS\system32\msidle.dll
8/9/2011 4:12:02 PM OK svchost.exe\msidle.dll
8/9/2011 4:12:02 PM OK svchost.exe\pchsvc.dll
8/9/2011 4:12:02 PM OK C:\WINDOWS\system32\winipsec.dll
8/9/2011 4:12:02 PM OK svchost.exe\ssdpapi.dll Object was not changed (iChecker)
8/9/2011 4:12:02 PM OK svchost.exe\wbemsvc.dll Object was not changed (iChecker)
8/9/2011 4:12:02 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:12:02 PM OK svchost.exe\powrprof.dll Object was not changed (iChecker)
8/9/2011 4:12:02 PM OK svchost.exe\msxml3.dll Object was not changed (iChecker)
8/9/2011 4:12:02 PM OK svchost.exe\eappcfg.dll Object was not changed (iChecker)
8/9/2011 4:12:01 PM OK svchost.exe\winipsec.dll
8/9/2011 4:12:01 PM OK C:\WINDOWS\system32\seclogon.dll
8/9/2011 4:12:01 PM OK svchost.exe\seclogon.dll
8/9/2011 4:12:01 PM OK C:\WINDOWS\system32\tapisrv.dll
8/9/2011 4:12:01 PM OK C:\WINDOWS\system32\rasqec.dll
8/9/2011 4:12:01 PM OK svchost.exe\dot3dlg.dll Object was not changed (iChecker)
8/9/2011 4:12:01 PM OK svchost.exe\tapisrv.dll
8/9/2011 4:12:01 PM OK C:\WINDOWS\system32\eapolqec.dll
8/9/2011 4:12:01 PM OK svchost.exe\wzcsapi.dll Object was not changed (iChecker)
8/9/2011 4:12:01 PM OK svchost.exe\rasqec.dll
8/9/2011 4:12:01 PM OK C:\WINDOWS\system32\qutil.dll
8/9/2011 4:12:00 PM OK svchost.exe\eapolqec.dll
8/9/2011 4:12:00 PM OK C:\WINDOWS\system32\winscard.dll
8/9/2011 4:12:00 PM OK svchost.exe\qutil.dll
8/9/2011 4:12:00 PM OK C:\WINDOWS\system32\ntlsapi.dll
8/9/2011 4:12:00 PM OK svchost.exe\ntlsapi.dll
8/9/2011 4:11:59 PM OK C:\WINDOWS\system32\sens.dll
8/9/2011 4:11:59 PM OK svchost.exe\winscard.dll
8/9/2011 4:11:59 PM OK C:\WINDOWS\system32\rasppp.dll
8/9/2011 4:11:59 PM OK svchost.exe\sens.dll
8/9/2011 4:11:59 PM OK C:\WINDOWS\system32\xactsrv.dll
8/9/2011 4:11:59 PM OK svchost.exe\rasppp.dll
8/9/2011 4:11:59 PM OK svchost.exe\xactsrv.dll
8/9/2011 4:11:59 PM OK C:\WINDOWS\system32\uniplat.dll
8/9/2011 4:11:58 PM OK svchost.exe\uniplat.dll
8/9/2011 4:11:58 PM OK C:\WINDOWS\system32\kerberos.dll
8/9/2011 4:11:58 PM OK svchost.exe\kerberos.dll
8/9/2011 4:11:58 PM OK C:\WINDOWS\system32\audiosrv.dll
8/9/2011 4:11:57 PM OK svchost.exe\netrap.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\wsock32.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:11:57 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK C:\WINDOWS\system32\irmon.dll
8/9/2011 4:11:57 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\audiosrv.dll
8/9/2011 4:11:57 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\hid.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK C:\WINDOWS\system32\esent.dll
8/9/2011 4:11:57 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:57 PM OK svchost.exe\irmon.dll
8/9/2011 4:11:57 PM OK C:\WINDOWS\system32\modemui.dll
8/9/2011 4:11:56 PM OK svchost.exe\mdnsNSP.dll
8/9/2011 4:11:56 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:56 PM OK svchost.exe\modemui.dll
8/9/2011 4:11:56 PM OK C:\WINDOWS\system32\ncobjapi.dll
8/9/2011 4:11:56 PM OK svchost.exe\esent.dll
8/9/2011 4:11:56 PM OK C:\WINDOWS\system32\wbem\ncprov.dll
8/9/2011 4:11:56 PM OK svchost.exe\ncobjapi.dll
8/9/2011 4:11:55 PM OK svchost.exe\ncprov.dll
8/9/2011 4:11:55 PM OK C:\WINDOWS\system32\unimdmat.dll
8/9/2011 4:11:55 PM OK svchost.exe\eappprxy.dll Object was not changed (iChecker)
8/9/2011 4:11:55 PM OK svchost.exe\onex.dll Object was not changed (iChecker)
8/9/2011 4:11:55 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:55 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:11:55 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:46 PM OK svchost.exe\unimdmat.dll
8/9/2011 4:11:45 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:45 PM OK C:\WINDOWS\system32\wbem\wmisvc.dll
8/9/2011 4:11:45 PM OK svchost.exe\wmisvc.dll
8/9/2011 4:11:45 PM OK C:\WINDOWS\system32\wshirda.dll
8/9/2011 4:11:45 PM OK C:\WINDOWS\system32\h323.tsp
8/9/2011 4:11:45 PM OK svchost.exe\wshirda.dll
8/9/2011 4:11:45 PM OK svchost.exe\h323.tsp
8/9/2011 4:11:45 PM OK C:\WINDOWS\system32\hidphone.tsp
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\ipconf.tsp
8/9/2011 4:11:44 PM OK svchost.exe\hidphone.tsp
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\ndptsp.tsp
8/9/2011 4:11:44 PM OK svchost.exe\ipconf.tsp
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\kmddsp.tsp
8/9/2011 4:11:44 PM OK svchost.exe\kmddsp.tsp
8/9/2011 4:11:44 PM OK svchost.exe\ndptsp.tsp
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\unimdm.tsp
8/9/2011 4:11:44 PM OK svchost.exe\unimdm.tsp
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\xmlprovi.dll
8/9/2011 4:11:44 PM OK C:\WINDOWS\system32\wscsvc.dll
8/9/2011 4:11:44 PM OK svchost.exe\winhttp.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\xmlprovi.dll
8/9/2011 4:11:43 PM OK svchost.exe\wscsvc.dll
8/9/2011 4:11:43 PM OK C:\WINDOWS\system32\wbem\wmiprvsd.dll
8/9/2011 4:11:43 PM OK svchost.exe\dot3api.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\wmiprvsd.dll
8/9/2011 4:11:43 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK C:\WINDOWS\system32\dnsrslvr.dll
8/9/2011 4:11:43 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:43 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\dnsrslvr.dll
8/9/2011 4:11:42 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:11:42 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK C:\WINDOWS\system32\regsvc.dll
8/9/2011 4:11:42 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:42 PM OK svchost.exe\regsvc.dll
8/9/2011 4:11:41 PM OK C:\WINDOWS\system32\ssdpsrv.dll
8/9/2011 4:11:41 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:41 PM OK svchost.exe\ssdpsrv.dll
8/9/2011 4:11:41 PM OK C:\WINDOWS\system32\lmhsvc.dll
8/9/2011 4:11:41 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:41 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:41 PM OK svchost.exe\lmhsvc.dll
8/9/2011 4:11:40 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:11:40 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\httpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\winhttp.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\rasadhlp.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\winrnr.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:40 PM OK spoolsv.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\sfc_os.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK C:\WINDOWS\system32\win32spl.dll
8/9/2011 4:11:39 PM OK spoolsv.exe\ntdsapi.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:39 PM OK spoolsv.exe\win32spl.dll
8/9/2011 4:11:39 PM OK C:\WINDOWS\system32\localspl.dll
8/9/2011 4:11:39 PM OK spoolsv.exe\localspl.dll
8/9/2011 4:11:39 PM OK C:\WINDOWS\system32\inetpp.dll
8/9/2011 4:11:38 PM OK spoolsv.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:38 PM OK spoolsv.exe\inetpp.dll
8/9/2011 4:11:38 PM OK C:\WINDOWS\system32\spoolss.dll
8/9/2011 4:11:38 PM OK spoolsv.exe\spoolss.dll
8/9/2011 4:11:38 PM OK C:\WINDOWS\system32\cnbjmon.dll
8/9/2011 4:11:38 PM OK spoolsv.exe\cnbjmon.dll
8/9/2011 4:11:38 PM OK C:\WINDOWS\system32\pjlmon.dll
8/9/2011 4:11:38 PM OK spoolsv.exe\pjlmon.dll
8/9/2011 4:11:37 PM OK C:\WINDOWS\system32\tcpmon.dll
8/9/2011 4:11:37 PM OK spoolsv.exe\winspool.drv Object was not changed (iChecker)
8/9/2011 4:11:37 PM OK spoolsv.exe\tcpmon.dll
8/9/2011 4:11:37 PM OK C:\WINDOWS\system32\usbmon.dll
8/9/2011 4:11:37 PM OK spoolsv.exe\usbmon.dll
8/9/2011 4:11:36 PM OK spoolsv.exe\netrap.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
8/9/2011 4:11:36 PM OK spoolsv.exe\ws2_32.dll
8/9/2011 4:11:36 PM OK spoolsv.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\mdnsNSP.dll
8/9/2011 4:11:36 PM OK spoolsv.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\shimeng.dll
8/9/2011 4:11:36 PM OK spoolsv.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK spoolsv.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:36 PM OK C:\WINDOWS\system32\spoolsv.exe
8/9/2011 4:11:36 PM OK spoolsv.exe\filterpipelineprintproc.dll
8/9/2011 4:11:35 PM OK spoolsv.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK spoolsv.exe\spoolsv.exe
8/9/2011 4:11:35 PM OK scardsvr.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:35 PM OK scardsvr.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK C:\WINDOWS\system32\scardsvr.exe
8/9/2011 4:11:34 PM OK scardsvr.exe\shimeng.dll
8/9/2011 4:11:34 PM OK scardsvr.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK scardsvr.exe\scardsvr.exe
8/9/2011 4:11:34 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:34 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\wininet.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\wsock32.dll Object was not changed (iChecker)
8/9/2011 4:11:33 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:11:33 PM OK C:\WINDOWS\system32\webclnt.dll
8/9/2011 4:11:32 PM OK svchost.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\webclnt.dll
8/9/2011 4:11:32 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\msvcp80.dll
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\msvcr80.dll
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\msv1_0.dll Object was not changed (iChecker)
8/9/2011 4:11:32 PM OK AppleMobileDeviceService.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\cryptdll.dll
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\winsta.dll
8/9/2011 4:11:31 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\wsock32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\ws2_32.dll
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:31 PM OK AppleMobileDeviceService.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\icudt40.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\ASL.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\icuuc40.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\icuin40.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\libdispatch.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\objc.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\pthreadVC2.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\CoreFoundation.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\AppleMobileDeviceService_main.dll
8/9/2011 4:11:30 PM OK AppleMobileDeviceService.exe\AppleMobileDeviceService.exe
8/9/2011 4:11:30 PM OK mDNSResponder.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\activeds.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:30 PM OK mDNSResponder.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\rtutils.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\adsldpc.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\mprapi.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\powrprof.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK C:\Program Files\Bonjour\mDNSResponder.exe
8/9/2011 4:11:29 PM OK mDNSResponder.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\ws2_32.dll
8/9/2011 4:11:29 PM OK mDNSResponder.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK mDNSResponder.exe\mDNSResponder.exe
8/9/2011 4:11:29 PM OK ekrn.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK ekrn.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK ekrn.exe\msi.dll
8/9/2011 4:11:29 PM OK ekrn.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK ekrn.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK ekrn.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:29 PM OK ekrn.exe\msvcp80.dll
8/9/2011 4:11:29 PM OK ekrn.exe\msvcr80.dll
8/9/2011 4:11:29 PM OK ekrn.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK C:\WINDOWS\system32\rasapi32.dll
8/9/2011 4:11:28 PM OK ekrn.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\wininet.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\rasadhlp.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:11:28 PM OK ekrn.exe\rasapi32.dll
8/9/2011 4:11:28 PM OK C:\WINDOWS\system32\tapi32.dll
8/9/2011 4:11:28 PM OK ekrn.exe\tapi32.dll
8/9/2011 4:11:28 PM OK C:\WINDOWS\system32\rasman.dll
8/9/2011 4:11:27 PM OK ekrn.exe\rasman.dll
8/9/2011 4:11:27 PM OK ekrn.exe\rtutils.dll Object was not changed (iChecker)
8/9/2011 4:11:27 PM OK ekrn.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:27 PM OK C:\WINDOWS\system32\schannel.dll
8/9/2011 4:11:27 PM OK ekrn.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:27 PM OK ekrn.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:27 PM OK ekrn.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:26 PM OK ekrn.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:26 PM OK ekrn.exe\schannel.dll
8/9/2011 4:11:26 PM OK C:\WINDOWS\system32\ntdsapi.dll
8/9/2011 4:11:26 PM OK ekrn.exe\ntdsapi.dll
8/9/2011 4:11:26 PM OK C:\WINDOWS\system32\wbem\fastprox.dll
8/9/2011 4:11:26 PM OK ekrn.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:26 PM OK ekrn.exe\winsta.dll
8/9/2011 4:11:26 PM OK ekrn.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:11:26 PM OK ekrn.exe\fastprox.dll
8/9/2011 4:11:26 PM OK C:\WINDOWS\system32\wbem\wbemcomn.dll
8/9/2011 4:11:25 PM OK ekrn.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:11:25 PM OK ekrn.exe\cryptui.dll Object was not changed (iChecker)
8/9/2011 4:11:25 PM OK ekrn.exe\wbemcomn.dll
8/9/2011 4:11:25 PM OK C:\WINDOWS\system32\wbem\wbemprox.dll
8/9/2011 4:11:25 PM OK C:\WINDOWS\system32\wbem\wbemsvc.dll
8/9/2011 4:11:25 PM OK ekrn.exe\wbemprox.dll
8/9/2011 4:11:25 PM OK C:\WINDOWS\system32\faultrep.dll
8/9/2011 4:11:25 PM OK ekrn.exe\wbemsvc.dll
8/9/2011 4:11:24 PM OK ekrn.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\mpr.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\wsock32.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK C:\WINDOWS\system32\dbghelp.dll
8/9/2011 4:11:24 PM OK ekrn.exe\ws2_32.dll
8/9/2011 4:11:24 PM OK ekrn.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\faultrep.dll
8/9/2011 4:11:24 PM OK ekrn.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\mdnsNSP.dll
8/9/2011 4:11:24 PM OK ekrn.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:24 PM OK ekrn.exe\dbghelp.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnDmon.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnHips.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll
8/9/2011 4:11:23 PM OK ekrn.exe\ekrnHips.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll
8/9/2011 4:11:23 PM OK ekrn.exe\ekrnDmon.dll
8/9/2011 4:11:23 PM OK ekrn.exe\ekrnMailPlugins.dll
8/9/2011 4:11:23 PM OK ekrn.exe\ekrnScan.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
8/9/2011 4:11:22 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll
8/9/2011 4:11:23 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll
8/9/2011 4:11:22 PM OK ekrn.exe\ekrnEmon.dll
8/9/2011 4:11:22 PM OK ekrn.exe\ekrnAmon.dll
8/9/2011 4:11:22 PM OK ekrn.exe\ekrnUpdate.dll
8/9/2011 4:11:22 PM OK ekrn.exe\updater.dll
8/9/2011 4:11:22 PM OK ekrn.exe\ekrnEpfw.dll
8/9/2011 4:11:22 PM OK ekrn.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK ekrn.exe\ekrn.exe
8/9/2011 4:11:22 PM OK GhostStartService.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK GhostStartService.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK GhostStartService.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK GhostStartService.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK GhostStartService.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
8/9/2011 4:11:22 PM OK GhostStartService.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:22 PM OK GhostStartService.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK GhostStartService.exe\GhostStartService.exe
8/9/2011 4:11:21 PM OK C:\Program Files\Java\jre6\bin\msvcr71.dll
8/9/2011 4:11:21 PM OK jqs.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\msvcr71.dll
8/9/2011 4:11:21 PM OK jqs.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK jqs.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:21 PM OK C:\WINDOWS\system32\odbc32.dll
8/9/2011 4:11:21 PM OK jqs.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\comdlg32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK C:\WINDOWS\system32\pdh.dll
8/9/2011 4:11:20 PM OK jqs.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:20 PM OK jqs.exe\odbc32.dll
8/9/2011 4:11:20 PM OK jqs.exe\pdh.dll
8/9/2011 4:11:19 PM OK jqs.exe\ws2_32.dll
8/9/2011 4:11:19 PM OK jqs.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK jqs.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK C:\WINDOWS\system32\odbcbcp.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK jqs.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK jqs.exe\odbcbcp.dll
8/9/2011 4:11:19 PM OK C:\WINDOWS\system32\perfdisk.dll
8/9/2011 4:11:19 PM OK jqs.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK jqs.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:19 PM OK C:\WINDOWS\system32\perfos.dll
8/9/2011 4:11:19 PM OK jqs.exe\perfdisk.dll
8/9/2011 4:11:19 PM OK jqs.exe\perfos.dll
8/9/2011 4:11:18 PM OK C:\WINDOWS\system32\odbcint.dll Object was not changed (iChecker)
8/9/2011 4:11:18 PM OK jqs.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:18 PM OK C:\Program Files\Java\jre6\bin\jqs.exe
8/9/2011 4:11:18 PM OK jqs.exe\odbcint.dll
8/9/2011 4:11:17 PM OK jqs.exe\jqs.exe
8/9/2011 4:11:17 PM OK C:\WINDOWS\system32\msv1_0.dll
8/9/2011 4:11:17 PM OK mbamservice.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:17 PM OK mbamservice.exe\msv1_0.dll
8/9/2011 4:11:16 PM OK mbamservice.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK C:\WINDOWS\system32\winrnr.dll
8/9/2011 4:11:16 PM OK mbamservice.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
8/9/2011 4:11:16 PM OK mbamservice.exe\rasadhlp.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\winrnr.dll
8/9/2011 4:11:16 PM OK C:\WINDOWS\system32\cryptdll.dll
8/9/2011 4:11:16 PM OK mbamservice.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\dnsapi.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:16 PM OK mbamservice.exe\cryptdll.dll
8/9/2011 4:11:15 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
8/9/2011 4:11:15 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll/data0000.res
8/9/2011 4:11:15 PM OK mbamservice.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\winsta.dll
8/9/2011 4:11:15 PM OK mbamservice.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\mpr.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\ws2_32.dll
8/9/2011 4:11:15 PM OK mbamservice.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\mdnsNSP.dll
8/9/2011 4:11:15 PM OK mbamservice.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:15 PM OK mbamservice.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
8/9/2011 4:11:14 PM OK mbamservice.exe\mbam.dll
8/9/2011 4:11:14 PM OK mbamservice.exe\mbamnet.dll
8/9/2011 4:11:14 PM OK mbamservice.exe\mbamservice.exe
8/9/2011 4:11:14 PM OK SMAgent.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
8/9/2011 4:11:14 PM OK SMAgent.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:14 PM OK SMAgent.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK SMAgent.exe\SMAgent.exe
8/9/2011 4:11:13 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:13 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK C:\WINDOWS\system32\wiaservc.dll
8/9/2011 4:11:12 PM OK C:\WINDOWS\system32\wiaservc.dll/#
8/9/2011 4:11:12 PM OK svchost.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:12 PM OK C:\WINDOWS\system32\mscms.dll
8/9/2011 4:11:12 PM OK svchost.exe\winsta.dll
8/9/2011 4:11:12 PM OK svchost.exe\wiaservc.dll
8/9/2011 4:11:11 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:11 PM OK svchost.exe\cfgmgr32.dll Object was not changed (iChecker)
8/9/2011 4:11:11 PM OK C:\WINDOWS\system32\winspool.drv
8/9/2011 4:11:11 PM OK svchost.exe\mscms.dll
8/9/2011 4:11:11 PM OK C:\WINDOWS\system32\actxprxy.dll
8/9/2011 4:11:11 PM OK svchost.exe\winspool.drv
8/9/2011 4:11:11 PM OK svchost.exe\actxprxy.dll
8/9/2011 4:11:10 PM OK svchost.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\shimeng.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\svchost.exe Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK C:\WINDOWS\system32\wdfmgr.exe
8/9/2011 4:11:10 PM OK wdfmgr.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:10 PM OK wdfmgr.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK wdfmgr.exe\wdfmgr.exe
8/9/2011 4:11:09 PM OK C:\WINDOWS\system32\ati2edxx.dll
8/9/2011 4:11:09 PM OK ati2evxx.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK C:\WINDOWS\system32\ati2evxx.exe
8/9/2011 4:11:09 PM OK ati2evxx.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:11:09 PM OK ati2evxx.exe\ati2edxx.dll
8/9/2011 4:11:08 PM OK ati2evxx.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:11:08 PM OK ati2evxx.exe\ati2evxx.exe
8/9/2011 4:11:08 PM OK C:\WINDOWS\system32\browselc.dll
8/9/2011 4:11:08 PM OK C:\WINDOWS\system32\browselc.dll/data0003.html
8/9/2011 4:11:08 PM OK C:\WINDOWS\system32\browselc.dll/data0002.html
8/9/2011 4:11:08 PM OK C:\WINDOWS\system32\browselc.dll/data0001.html
8/9/2011 4:11:07 PM OK C:\WINDOWS\system32\shdocvw.dll
8/9/2011 4:11:06 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
8/9/2011 4:11:06 PM OK explorer.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:11:06 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
8/9/2011 4:11:06 PM OK explorer.exe\shdocvw.dll
8/9/2011 4:11:06 PM OK explorer.exe\urlmon.dll Object was not changed (iChecker)
8/9/2011 4:11:06 PM OK explorer.exe\msi.dll
8/9/2011 4:11:06 PM OK explorer.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:11:06 PM OK explorer.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:11:06 PM OK explorer.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:11:06 PM OK explorer.exe\msvcr90.dll
8/9/2011 4:11:05 PM OK explorer.exe\msvcp90.dll
8/9/2011 4:11:05 PM OK explorer.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK C:\WINDOWS\system32\cscui.dll
8/9/2011 4:11:05 PM OK explorer.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\apphelp.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\cscui.dll
8/9/2011 4:11:05 PM OK explorer.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\wininet.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:11:05 PM OK explorer.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\rtutils.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\credui.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK C:\WINDOWS\system32\stobject.dll
8/9/2011 4:11:04 PM OK explorer.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK explorer.exe\ntshrui.dll Object was not changed (iChecker)
8/9/2011 4:11:04 PM OK C:\WINDOWS\system32\cscdll.dll
8/9/2011 4:11:04 PM OK explorer.exe\linkinfo.dll Object was not changed (iChecker)
8/9/2011 4:11:03 PM OK explorer.exe\cscdll.dll
8/9/2011 4:11:03 PM OK C:\WINDOWS\system32\browseui.dll
8/9/2011 4:11:03 PM OK explorer.exe\netshell.dll Object was not changed (iChecker)
8/9/2011 4:11:03 PM OK explorer.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:11:03 PM OK explorer.exe\msimg32.dll Object was not changed (iChecker)
8/9/2011 4:11:03 PM OK explorer.exe\winsta.dll
8/9/2011 4:11:03 PM OK explorer.exe\stobject.dll
8/9/2011 4:11:03 PM OK explorer.exe\msvcp60.dll Object was not changed (iChecker)
8/9/2011 4:11:03 PM OK C:\WINDOWS\system32\davclnt.dll
8/9/2011 4:11:03 PM OK explorer.exe\browseui.dll
8/9/2011 4:11:02 PM OK explorer.exe\davclnt.dll
8/9/2011 4:11:02 PM OK C:\WINDOWS\system32\drprov.dll
8/9/2011 4:11:02 PM OK explorer.exe\drprov.dll
8/9/2011 4:11:02 PM OK C:\WINDOWS\system32\cryptui.dll
8/9/2011 4:11:02 PM OK explorer.exe\cryptnet.dll Object was not changed (iChecker)
8/9/2011 4:11:01 PM OK explorer.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:11:01 PM OK C:\WINDOWS\system32\webcheck.dll
8/9/2011 4:11:01 PM OK explorer.exe\cryptui.dll
8/9/2011 4:11:01 PM OK C:\WINDOWS\system32\batmeter.dll
8/9/2011 4:11:01 PM OK explorer.exe\cabinet.dll Object was not changed (iChecker)
8/9/2011 4:11:01 PM OK explorer.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:11:01 PM OK explorer.exe\webcheck.dll
8/9/2011 4:11:01 PM OK explorer.exe\batmeter.dll
8/9/2011 4:11:01 PM OK C:\WINDOWS\system32\powrprof.dll
8/9/2011 4:11:01 PM OK explorer.exe\powrprof.dll
8/9/2011 4:11:01 PM OK C:\WINDOWS\system32\wzcsapi.dll
8/9/2011 4:11:01 PM OK C:\WINDOWS\system32\netui0.dll
8/9/2011 4:11:00 PM OK explorer.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK explorer.exe\eappcfg.dll Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK explorer.exe\dot3dlg.dll Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK explorer.exe\wzcsapi.dll
8/9/2011 4:11:00 PM OK explorer.exe\wdmaud.drv Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK explorer.exe\msacm32.drv Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK explorer.exe\sensapi.dll Object was not changed (iChecker)
8/9/2011 4:11:00 PM OK C:\WINDOWS\system32\netui1.dll
8/9/2011 4:11:00 PM OK explorer.exe\netui0.dll
8/9/2011 4:10:59 PM OK explorer.exe\netui1.dll
8/9/2011 4:10:59 PM OK C:\WINDOWS\system32\netrap.dll
8/9/2011 4:10:59 PM OK C:\WINDOWS\system32\ntlanman.dll
8/9/2011 4:10:59 PM OK explorer.exe\netrap.dll
8/9/2011 4:10:59 PM OK C:\WINDOWS\system32\mpr.dll
8/9/2011 4:10:59 PM OK explorer.exe\ntlanman.dll
8/9/2011 4:10:58 PM OK C:\WINDOWS\system32\duser.dll
8/9/2011 4:10:58 PM OK explorer.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:10:58 PM Archive: EmbeddedHTML C:\WINDOWS\system32\browselc.dll
8/9/2011 4:10:58 PM OK explorer.exe\mpr.dll
8/9/2011 4:10:58 PM OK explorer.exe\wsock32.dll Object was not changed (iChecker)
8/9/2011 4:10:58 PM OK explorer.exe\ws2_32.dll
8/9/2011 4:10:58 PM OK explorer.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:10:58 PM OK explorer.exe\browselc.dll
8/9/2011 4:10:58 PM OK explorer.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:10:58 PM OK explorer.exe\duser.dll
8/9/2011 4:10:57 PM OK C:\WINDOWS\system32\wzcdlg.dll
8/9/2011 4:10:57 PM OK explorer.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:10:57 PM OK explorer.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:57 PM OK C:\WINDOWS\system32\WMVCore.dll
8/9/2011 4:10:57 PM OK C:\WINDOWS\system32\themeui.dll
8/9/2011 4:10:57 PM OK explorer.exe\wzcdlg.dll
8/9/2011 4:10:57 PM OK explorer.exe\eappprxy.dll Object was not changed (iChecker)
8/9/2011 4:10:57 PM OK explorer.exe\onex.dll Object was not changed (iChecker)
8/9/2011 4:10:57 PM OK explorer.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:57 PM OK explorer.exe\shimeng.dll
8/9/2011 4:10:56 PM OK C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
8/9/2011 4:10:56 PM OK explorer.exe\themeui.dll
8/9/2011 4:10:56 PM OK explorer.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:56 PM OK explorer.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:56 PM OK explorer.exe\winhttp.dll Object was not changed (iChecker)
8/9/2011 4:10:56 PM OK explorer.exe\dot3api.dll Object was not changed (iChecker)
8/9/2011 4:10:56 PM OK C:\WINDOWS\explorer.exe
8/9/2011 4:10:56 PM OK explorer.exe\pdfshell.dll
8/9/2011 4:10:56 PM OK explorer.exe\WMVCore.dll
8/9/2011 4:10:55 PM OK C:\WINDOWS\system32\wmasf.dll
8/9/2011 4:10:55 PM OK explorer.exe\wmasf.dll
8/9/2011 4:10:55 PM OK explorer.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:10:55 PM OK explorer.exe\explorer.exe
8/9/2011 4:10:54 PM OK atiptaxx.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK C:\WINDOWS\system32\dinput8.dll
8/9/2011 4:10:54 PM OK atiptaxx.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:54 PM OK atiptaxx.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK C:\WINDOWS\system32\hid.dll
8/9/2011 4:10:53 PM OK atiptaxx.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\dinput8.dll
8/9/2011 4:10:53 PM OK C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll
8/9/2011 4:10:53 PM OK atiptaxx.exe\hid.dll
8/9/2011 4:10:53 PM OK C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll
8/9/2011 4:10:53 PM OK atiptaxx.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:53 PM OK atiptaxx.exe\atipdsxx.dll
8/9/2011 4:10:52 PM OK atiptaxx.exe\atipdxxx.dll
8/9/2011 4:10:52 PM OK C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
8/9/2011 4:10:52 PM OK C:\Program Files\ATI Technologies\ATI Control Panel\atrpuixx.enu
8/9/2011 4:10:51 PM OK atiptaxx.exe\atrpuixx.enu
8/9/2011 4:10:51 PM OK atiptaxx.exe\atiptaxx.exe
8/9/2011 4:10:51 PM OK C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
8/9/2011 4:10:49 PM OK C:\WINDOWS\system32\mfc42.dll
8/9/2011 4:10:48 PM OK SMax4PNP.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK C:\WINDOWS\system32\ksuser.dll
8/9/2011 4:10:48 PM OK SMax4PNP.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\dsound.dll Object was not changed (iChecker)
8/9/2011 4:10:48 PM OK SMax4PNP.exe\ksuser.dll
8/9/2011 4:10:48 PM OK SMax4PNP.exe\mfc42.dll
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\WINDOWS\system32\wdmaud.drv
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll/#
8/9/2011 4:10:47 PM OK C:\WINDOWS\system32\msacm32.drv
8/9/2011 4:10:47 PM OK SMax4PNP.exe\wdmaud.drv
8/9/2011 4:10:47 PM OK SMax4PNP.exe\msacm32.drv
8/9/2011 4:10:46 PM OK SMax4PNP.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:46 PM OK SMax4PNP.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:46 PM OK SMax4PNP.exe\SMWDMIF.dll
8/9/2011 4:10:46 PM OK SMax4PNP.exe\SMax4PNP.exe
8/9/2011 4:10:46 PM OK C:\WINDOWS\AGRSMMSG.exe
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:45 PM OK AGRSMMSG.exe\AGRSMMSG.exe
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:45 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK C:\Program Files\Java\jre6\bin\jusched.exe/#
8/9/2011 4:10:44 PM OK jusched.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:44 PM OK jusched.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\wininet.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:43 PM OK jusched.exe\jusched.exe
8/9/2011 4:10:43 PM OK C:\WINDOWS\system32\wininet.dll
8/9/2011 4:10:43 PM OK C:\WINDOWS\system32\dsound.dll
8/9/2011 4:10:43 PM OK C:\Program Files\QuickTime\QTSystem\QuickTime.qts
8/9/2011 4:10:42 PM OK iTunesHelper.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK C:\Program Files\QuickTime\QTSystem\QTCF.dll
8/9/2011 4:10:42 PM OK iTunesHelper.exe\msvcp80.dll
8/9/2011 4:10:42 PM OK iTunesHelper.exe\msvcr80.dll
8/9/2011 4:10:42 PM OK iTunesHelper.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK C:\WINDOWS\system32\ddraw.dll
8/9/2011 4:10:42 PM OK iTunesHelper.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK C:\WINDOWS\system32\wsock32.dll
8/9/2011 4:10:42 PM OK iTunesHelper.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK iTunesHelper.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:42 PM OK C:\Program Files\iTunes\iTunesHelper.dll
8/9/2011 4:10:42 PM OK C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
8/9/2011 4:10:41 PM OK iTunesHelper.exe\wininet.dll
8/9/2011 4:10:41 PM OK iTunesHelper.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK iTunesHelper.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
8/9/2011 4:10:41 PM OK iTunesHelper.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK iTunesHelper.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK iTunesHelper.exe\iphlpapi.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK iTunesHelper.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:10:41 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
8/9/2011 4:10:41 PM OK iTunesHelper.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK iTunesHelper.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\comdlg32.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK iTunesHelper.exe\winsta.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK iTunesHelper.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK iTunesHelper.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK iTunesHelper.exe\dsound.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\dciman32.dll Object was not changed (iChecker)
8/9/2011 4:10:40 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
8/9/2011 4:10:40 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
8/9/2011 4:10:40 PM OK C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\ddraw.dll
8/9/2011 4:10:40 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
8/9/2011 4:10:40 PM OK iTunesHelper.exe\wsock32.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\ws2_32.dll
8/9/2011 4:10:39 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\wshtcpip.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\mswsock.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\QTCF.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\QuickTime.qts
8/9/2011 4:10:39 PM OK iTunesHelper.exe\hnetcfg.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\GdiPlus.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\icudt40.dll
8/9/2011 4:10:39 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\iTunesHelper.dll
8/9/2011 4:10:39 PM OK iTunesHelper.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:10:39 PM OK iTunesHelper.exe\iTunesMobileDevice.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\SQLite3.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\CFNetwork.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\zlib1.dll
8/9/2011 4:10:38 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\iTunesHelper.dll
8/9/2011 4:10:38 PM OK C:\Program Files\iTunes\iTunesHelper.exe
8/9/2011 4:10:38 PM OK C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\iTunesHelperLocalized.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\ASL.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\icuuc40.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\icuin40.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\libdispatch.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\CoreFoundation.dll
8/9/2011 4:10:38 PM OK iTunesHelper.exe\iTunesHelper.exe
8/9/2011 4:10:37 PM OK iTunesHelper.exe\objc.dll
8/9/2011 4:10:37 PM OK iTunesHelper.exe\pthreadVC2.dll
8/9/2011 4:10:37 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
8/9/2011 4:10:37 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
8/9/2011 4:10:36 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
8/9/2011 4:10:36 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
8/9/2011 4:10:36 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiHips.dll
8/9/2011 4:10:35 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiDmon.dll
8/9/2011 4:10:35 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll
8/9/2011 4:10:35 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll
8/9/2011 4:10:35 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll
8/9/2011 4:10:35 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll
8/9/2011 4:10:34 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
8/9/2011 4:10:34 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll
8/9/2011 4:10:34 PM OK C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll
8/9/2011 4:10:32 PM OK egui.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:32 PM OK egui.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:32 PM OK egui.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:32 PM OK egui.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:32 PM OK egui.exe\msvcp80.dll
8/9/2011 4:10:32 PM OK egui.exe\mfc80u.dll
8/9/2011 4:10:31 PM OK egui.exe\msvcr80.dll
8/9/2011 4:10:31 PM OK egui.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\ntmarta.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:31 PM OK egui.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\msimg32.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\ws2_32.dll
8/9/2011 4:10:30 PM OK egui.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\mfc80ENU.dll
8/9/2011 4:10:30 PM OK egui.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:30 PM OK egui.exe\eguiHips.dll
8/9/2011 4:10:30 PM OK egui.exe\eguiDmon.dll
8/9/2011 4:10:30 PM OK egui.exe\eguiMailPlugins.dll
8/9/2011 4:10:29 PM OK egui.exe\eguiScan.dll
8/9/2011 4:10:29 PM OK egui.exe\eguiEmon.dll
8/9/2011 4:10:29 PM OK egui.exe\eguiAmon.dll
8/9/2011 4:10:29 PM OK egui.exe\eguiUpdate.dll
8/9/2011 4:10:29 PM OK egui.exe\eguiEpfw.dll
8/9/2011 4:10:29 PM OK egui.exe\egui.exe
8/9/2011 4:10:29 PM OK C:\WINDOWS\system32\msutb.dll
8/9/2011 4:10:29 PM OK ctfmon.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK ctfmon.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK ctfmon.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK ctfmon.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK ctfmon.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK C:\WINDOWS\system32\ctfmon.exe
8/9/2011 4:10:29 PM OK ctfmon.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:29 PM OK ctfmon.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\msacm32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\winmm.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\acgenral.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\msutb.dll
8/9/2011 4:10:28 PM OK ctfmon.exe\shimeng.dll
8/9/2011 4:10:28 PM OK ctfmon.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:28 PM OK ctfmon.exe\ctfmon.exe
8/9/2011 4:10:28 PM OK C:\Program Files\VistaSwitcher\vswitch.exe
8/9/2011 4:10:27 PM OK vswitch.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:27 PM OK vswitch.exe\GdiPlus.dll
8/9/2011 4:10:27 PM OK vswitch.exe\vswitch.exe
8/9/2011 4:10:27 PM OK C:\WINDOWS\system32\msi.dll
8/9/2011 4:10:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe
8/9/2011 4:10:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:10:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:10:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/#
8/9/2011 4:10:26 PM OK BitTorrent.exe\sxs.dll Object was not changed (iChecker)
8/9/2011 4:10:26 PM OK BitTorrent.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:26 PM OK BitTorrent.exe\urlmon.dll Object was not changed (iChecker)
8/9/2011 4:10:26 PM OK BitTorrent.exe\msi.dll
8/9/2011 4:10:26 PM OK C:\WINDOWS\system32\activeds.dll
8/9/2011 4:10:26 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX
8/9/2011 4:10:25 PM OK BitTorrent.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK C:\WINDOWS\system32\rasadhlp.dll
8/9/2011 4:10:25 PM OK BitTorrent.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK C:\WINDOWS\system32\dnsapi.dll
8/9/2011 4:10:25 PM OK C:\WINDOWS\system32\rtutils.dll
8/9/2011 4:10:25 PM OK BitTorrent.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK BitTorrent.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK BitTorrent.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/#
8/9/2011 4:10:25 PM OK BitTorrent.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK BitTorrent.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK BitTorrent.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:25 PM OK C:\WINDOWS\system32\adsldpc.dll
8/9/2011 4:10:25 PM OK BitTorrent.exe\activeds.dll
8/9/2011 4:10:25 PM OK C:\WINDOWS\system32\upnp.dll
8/9/2011 4:10:24 PM OK BitTorrent.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\rasadhlp.dll
8/9/2011 4:10:24 PM OK C:\WINDOWS\system32\iphlpapi.dll
8/9/2011 4:10:24 PM OK BitTorrent.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\wtsapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:24 PM OK BitTorrent.exe\dnsapi.dll
8/9/2011 4:10:24 PM OK C:\WINDOWS\system32\netshell.dll
8/9/2011 4:10:24 PM OK BitTorrent.exe\rtutils.dll
8/9/2011 4:10:23 PM OK C:\WINDOWS\system32\mprapi.dll
8/9/2011 4:10:23 PM OK BitTorrent.exe\adsldpc.dll
8/9/2011 4:10:23 PM OK BitTorrent.exe\upnp.dll
8/9/2011 4:10:22 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/#
8/9/2011 4:10:22 PM OK C:\WINDOWS\system32\credui.dll
8/9/2011 4:10:22 PM OK C:\Program Files\BitTorrent\BitTorrent.exe/UPX/#
8/9/2011 4:10:22 PM OK BitTorrent.exe\iphlpapi.dll
8/9/2011 4:10:21 PM OK C:\WINDOWS\system32\shfolder.dll
8/9/2011 4:10:21 PM OK BitTorrent.exe\mprapi.dll
8/9/2011 4:10:21 PM OK C:\WINDOWS\system32\msxml3.dll
8/9/2011 4:10:21 PM OK C:\WINDOWS\system32\msimg32.dll
8/9/2011 4:10:21 PM OK C:\WINDOWS\system32\msvcp60.dll
8/9/2011 4:10:20 PM OK BitTorrent.exe\credui.dll
8/9/2011 4:10:20 PM OK BitTorrent.exe\psapi.dll Object was not changed (iChecker)
8/9/2011 4:10:20 PM OK C:\WINDOWS\system32\ssdpapi.dll
8/9/2011 4:10:20 PM OK BitTorrent.exe\atl.dll Object was not changed (iChecker)
8/9/2011 4:10:20 PM OK BitTorrent.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:10:20 PM OK BitTorrent.exe\shfolder.dll
8/9/2011 4:10:19 PM OK C:\WINDOWS\system32\eappcfg.dll
8/9/2011 4:10:19 PM OK C:\WINDOWS\system32\eappprxy.dll
8/9/2011 4:10:19 PM OK BitTorrent.exe\netshell.dll
8/9/2011 4:10:19 PM OK BitTorrent.exe\comdlg32.dll Object was not changed (iChecker)
8/9/2011 4:10:19 PM OK BitTorrent.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:19 PM OK BitTorrent.exe\msimg32.dll
8/9/2011 4:10:18 PM OK BitTorrent.exe\winsta.dll
8/9/2011 4:10:18 PM OK BitTorrent.exe\msvcp60.dll
8/9/2011 4:10:18 PM Packed: UPX C:\Program Files\BitTorrent\BitTorrent.exe
8/9/2011 4:10:18 PM OK C:\WINDOWS\system32\dot3dlg.dll
8/9/2011 4:10:17 PM OK BitTorrent.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:17 PM OK BitTorrent.exe\ssdpapi.dll
8/9/2011 4:10:17 PM OK C:\WINDOWS\system32\wshtcpip.dll
8/9/2011 4:10:17 PM OK BitTorrent.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:17 PM OK BitTorrent.exe\msxml3.dll
8/9/2011 4:10:17 PM OK BitTorrent.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:17 PM OK BitTorrent.exe\eappcfg.dll
8/9/2011 4:10:17 PM OK C:\WINDOWS\system32\mswsock.dll
8/9/2011 4:10:16 PM OK BitTorrent.exe\dot3dlg.dll
8/9/2011 4:10:16 PM OK C:\WINDOWS\system32\hnetcfg.dll
8/9/2011 4:10:16 PM OK BitTorrent.exe\samlib.dll Object was not changed (iChecker)
8/9/2011 4:10:16 PM OK BitTorrent.exe\ws2_32.dll
8/9/2011 4:10:16 PM OK BitTorrent.exe\ws2help.dll Object was not changed (iChecker)
8/9/2011 4:10:16 PM OK BitTorrent.exe\wshtcpip.dll
8/9/2011 4:10:16 PM OK C:\Program Files\Bonjour\mdnsNSP.dll
8/9/2011 4:10:16 PM OK BitTorrent.exe\mswsock.dll
8/9/2011 4:10:15 PM OK BitTorrent.exe\rsaenh.dll Object was not changed (iChecker)
8/9/2011 4:10:15 PM OK BitTorrent.exe\hnetcfg.dll
8/9/2011 4:10:15 PM OK C:\WINDOWS\system32\dot3api.dll
8/9/2011 4:10:14 PM OK BitTorrent.exe\mdnsNSP.dll
8/9/2011 4:10:14 PM OK BitTorrent.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:14 PM OK C:\WINDOWS\system32\onex.dll
8/9/2011 4:10:14 PM OK BitTorrent.exe\eappprxy.dll
8/9/2011 4:10:14 PM OK BitTorrent.exe\onex.dll
8/9/2011 4:10:13 PM OK BitTorrent.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:13 PM OK BitTorrent.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:13 PM OK BitTorrent.exe\winhttp.dll Object was not changed (iChecker)
8/9/2011 4:10:13 PM OK BitTorrent.exe\dot3api.dll
8/9/2011 4:10:13 PM OK BitTorrent.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:10:13 PM OK BitTorrent.exe\BitTorrent.exe
8/9/2011 4:10:13 PM OK C:\WINDOWS\system32\winmm.dll
8/9/2011 4:10:12 PM OK C:\WINDOWS\system32\msacm32.dll
8/9/2011 4:10:12 PM OK svchost.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK C:\WINDOWS\system32\ntmarta.dll
8/9/2011 4:10:12 PM OK svchost.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK C:\WINDOWS\AppPatch\acgenral.dll
8/9/2011 4:10:12 PM OK svchost.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:12 PM OK svchost.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\msacm32.dll
8/9/2011 4:10:11 PM OK C:\WINDOWS\system32\ws2_32.dll
8/9/2011 4:10:11 PM OK svchost.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK C:\WINDOWS\system32\samlib.dll
8/9/2011 4:10:11 PM OK svchost.exe\ntmarta.dll
8/9/2011 4:10:11 PM OK svchost.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:11 PM OK svchost.exe\wldap32.dll Object was not changed (iChecker)
8/9/2011 4:10:10 PM OK C:\WINDOWS\system32\strmfilt.dll
8/9/2011 4:10:10 PM OK C:\WINDOWS\system32\ws2help.dll
8/9/2011 4:10:10 PM OK svchost.exe\winmm.dll
8/9/2011 4:10:10 PM OK svchost.exe\userenv.dll Object was not changed (iChecker)
8/9/2011 4:10:10 PM OK svchost.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:10 PM OK svchost.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:10 PM OK C:\WINDOWS\system32\comctl32.dll
8/9/2011 4:10:10 PM OK svchost.exe\samlib.dll
8/9/2011 4:10:10 PM OK C:\WINDOWS\system32\httpapi.dll
8/9/2011 4:10:09 PM OK C:\WINDOWS\system32\shimeng.dll
8/9/2011 4:10:09 PM OK svchost.exe\ws2_32.dll
8/9/2011 4:10:09 PM OK svchost.exe\ws2help.dll
8/9/2011 4:10:09 PM OK svchost.exe\acgenral.dll
8/9/2011 4:10:09 PM OK svchost.exe\strmfilt.dll
8/9/2011 4:10:08 PM OK svchost.exe\httpapi.dll
8/9/2011 4:10:08 PM OK C:\WINDOWS\system32\svchost.exe
8/9/2011 4:10:08 PM OK C:\WINDOWS\system32\w3ssl.dll
8/9/2011 4:10:08 PM OK svchost.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:08 PM OK svchost.exe\comctl32.dll
8/9/2011 4:10:08 PM OK svchost.exe\shimeng.dll
8/9/2011 4:10:08 PM OK svchost.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:08 PM OK svchost.exe\w3ssl.dll
8/9/2011 4:10:07 PM OK svchost.exe\svchost.exe
8/9/2011 4:10:07 PM OK svchost.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:10:07 PM OK C:\WINDOWS\system32\sxs.dll
8/9/2011 4:10:07 PM OK C:\Program Files\iPod\bin\iPodService.exe
8/9/2011 4:10:07 PM OK C:\WINDOWS\system32\wtsapi32.dll
8/9/2011 4:10:06 PM OK iPodService.exe\sxs.dll
8/9/2011 4:10:06 PM OK iPodService.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:06 PM OK iPodService.exe\msasn1.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK C:\WINDOWS\system32\winsta.dll
8/9/2011 4:10:05 PM OK iPodService.exe\crypt32.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\wtsapi32.dll
8/9/2011 4:10:05 PM OK iPodService.exe\imagehlp.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK C:\WINDOWS\system32\cfgmgr32.dll
8/9/2011 4:10:05 PM OK iPodService.exe\wintrust.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK iPodService.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:05 PM OK C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
8/9/2011 4:10:05 PM OK iPodService.exe\winsta.dll
8/9/2011 4:10:04 PM OK iPodService.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:04 PM OK C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
8/9/2011 4:10:04 PM OK iPodService.exe\cfgmgr32.dll
8/9/2011 4:10:04 PM OK iPodService.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:10:04 PM OK iPodService.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:04 PM OK iPodService.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:10:04 PM OK iPodService.exe\iPodServiceLocalized.dll
8/9/2011 4:10:04 PM OK iPodService.exe\xpsp2res.dll Object was not changed (iChecker)
8/9/2011 4:10:04 PM OK iPodService.exe\iPodService.dll
8/9/2011 4:10:03 PM OK iPodService.exe\iPodService.exe
8/9/2011 4:10:03 PM OK C:\WINDOWS\system32\urlmon.dll
8/9/2011 4:10:03 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\user32.dll Object was not changed (iChecker)
8/9/2011 4:10:03 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\urlmon.dll
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\shell32.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\ntdll.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\kernel32.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\secur32.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\shlwapi.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\gdi32.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\rpcrt4.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\advapi32.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\msvcrt.dll Object was not changed (iChecker)
8/9/2011 4:10:02 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\version.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\apphelp.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\setupapi.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\ole32.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\comctl32.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK C:\WINDOWS\system32\comdlg32.dll
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\oleaut32.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK C:\WINDOWS\system32\riched20.dll
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\comres.dll Object was not changed (iChecker)
8/9/2011 4:10:01 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\clbcatq.dll Object was not changed (iChecker)
8/9/2011 4:10:00 PM OK C:\WINDOWS\system32\riched32.dll
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\comdlg32.dll
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\imm32.dll Object was not changed (iChecker)
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\msctfime.ime Object was not changed (iChecker)
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\riched20.dll
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\usp10.dll Object was not changed (iChecker)
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\msctf.dll Object was not changed (iChecker)
8/9/2011 4:10:00 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\riched32.dll
8/9/2011 4:09:59 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\lpk.dll Object was not changed (iChecker)
8/9/2011 4:09:59 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\netapi32.dll Object was not changed (iChecker)
8/9/2011 4:09:59 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\uxtheme.dll Object was not changed (iChecker)
8/9/2011 4:09:59 PM Password protected C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/#
8/9/2011 4:09:59 PM Archive: RAR C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/#
8/9/2011 4:09:53 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/#
8/9/2011 4:09:53 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/#
8/9/2011 4:09:52 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/helper64.prg
8/9/2011 4:09:52 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/helper64.exe
8/9/2011 4:09:51 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/600/6245613drv.sys
8/9/2011 4:09:50 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/600/6245613drv.inf
8/9/2011 4:09:50 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/600/6245613drv.cat
8/9/2011 4:09:50 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/501/6245613drv.sys
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/501/6245613drv.inf
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/2/501/6245613drv.cat
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/1/kl1.sys
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/1/kl1.inf
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win64/1/kl1.cat
8/9/2011 4:09:49 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/600/6245613drv.sys
8/9/2011 4:09:48 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/600/6245613drv.inf
8/9/2011 4:09:48 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/600/6245613drv.cat
8/9/2011 4:09:48 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/501/6245613drv.sys
8/9/2011 4:09:47 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/501/6245613drv.inf
8/9/2011 4:09:47 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/2/501/6245613drv.cat
8/9/2011 4:09:47 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/1/kl1.sys
8/9/2011 4:09:45 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/1/kl1.inf
8/9/2011 4:09:41 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/Drivers/Win32/1/kl1.cat
8/9/2011 4:09:41 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/background.png
8/9/2011 4:09:41 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/6245613rar.prg
8/9/2011 4:09:36 PM Password protected C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/6245613rar.exe
8/9/2011 4:09:36 PM Archive: RAR C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/6245613rar.exe
8/9/2011 4:09:04 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/6245613.prg
8/9/2011 4:09:04 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/6245613.exe Object was not changed (iChecker)
8/9/2011 4:09:04 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe/archive comment
8/9/2011 4:09:03 PM Archive: RAR C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe
8/9/2011 4:09:02 PM OK C:\documents and settings\fred\My Documents\Downloads\setup_11.0.0.1245.x01_2011_08_09_01_15.exe:Zone.Identifier
8/9/2011 4:08:59 PM OK setup_11.0.0.1245.x01_2011_08_09_01_15.exe\setup_11.0.0.1245.x01_2011_08_09_01_15.exe
8/9/2011 4:08:58 PM OK C:\WINDOWS\system32\shell32.dll
8/9/2011 4:08:04 PM OK C:\WINDOWS\system32\user32.dll
8/9/2011 4:08:03 PM OK C:\WINDOWS\system32\kernel32.dll
8/9/2011 4:08:03 PM OK C:\WINDOWS\system32\ntdll.dll
8/9/2011 4:08:02 PM OK C:\WINDOWS\system32\shlwapi.dll
8/9/2011 4:08:02 PM OK C:\WINDOWS\system32\secur32.dll
8/9/2011 4:08:02 PM OK C:\WINDOWS\system32\rpcrt4.dll
8/9/2011 4:08:02 PM OK C:\WINDOWS\system32\gdi32.dll
8/9/2011 4:08:01 PM OK C:\WINDOWS\system32\msvcrt.dll
8/9/2011 4:08:01 PM OK C:\WINDOWS\system32\advapi32.dll
8/9/2011 4:08:01 PM OK C:\WINDOWS\system32\version.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\system32\crypt32.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\system32\msasn1.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\system32\apphelp.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\system32\setupapi.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
8/9/2011 4:08:00 PM OK C:\WINDOWS\system32\ole32.dll
8/9/2011 4:07:53 PM OK C:\WINDOWS\system32\clbcatq.dll
8/9/2011 4:07:53 PM OK C:\WINDOWS\system32\comres.dll
8/9/2011 4:07:53 PM OK C:\WINDOWS\system32\oleaut32.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\wldap32.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\imagehlp.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\wintrust.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\sfc_os.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\psapi.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\userenv.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\atl.dll
8/9/2011 4:07:52 PM OK 6245613.exe\user32.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\ntshrui.dll
8/9/2011 4:07:52 PM OK 6245613.exe\shell32.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\cryptnet.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\imm32.dll
8/9/2011 4:07:52 PM OK C:\WINDOWS\system32\linkinfo.dll
8/9/2011 4:07:51 PM OK 6245613.exe\ntdll.dll
8/9/2011 4:07:51 PM OK C:\WINDOWS\system32\msctfime.ime
8/9/2011 4:07:51 PM OK C:\WINDOWS\system32\msctf.dll
8/9/2011 4:07:51 PM OK 6245613.exe\kernel32.dll
8/9/2011 4:07:51 PM OK C:\documents and settings\fred\local settings\temp\rarsfx0\6245613.exe
8/9/2011 4:07:51 PM OK C:\documents and settings\fred\local settings\temp\rarsfx0\6245613.exe/#
8/9/2011 4:07:51 PM OK 6245613.exe\secur32.dll
8/9/2011 4:07:51 PM OK 6245613.exe\shlwapi.dll
8/9/2011 4:07:51 PM OK C:\WINDOWS\system32\cabinet.dll
8/9/2011 4:07:51 PM OK 6245613.exe\gdi32.dll
8/9/2011 4:07:51 PM OK C:\WINDOWS\system32\usp10.dll
8/9/2011 4:07:51 PM OK 6245613.exe\rpcrt4.dll
8/9/2011 4:07:50 PM OK 6245613.exe\advapi32.dll
8/9/2011 4:07:50 PM OK C:\WINDOWS\system32\scecli.dll
8/9/2011 4:07:50 PM OK 6245613.exe\msvcrt.dll
8/9/2011 4:07:50 PM OK 6245613.exe\version.dll
8/9/2011 4:07:50 PM OK 6245613.exe\apphelp.dll
8/9/2011 4:07:50 PM OK C:\WINDOWS\system32\rsaenh.dll
8/9/2011 4:07:50 PM OK 6245613.exe\msasn1.dll
8/9/2011 4:07:50 PM OK C:\WINDOWS\system32\dciman32.dll
8/9/2011 4:07:50 PM OK 6245613.exe\crypt32.dll
8/9/2011 4:07:49 PM OK 6245613.exe\setupapi.dll
8/9/2011 4:07:49 PM OK 6245613.exe\ole32.dll
8/9/2011 4:07:49 PM OK C:\WINDOWS\system32\sensapi.dll
8/9/2011 4:07:49 PM OK C:\WINDOWS\system32\lpk.dll
8/9/2011 4:07:49 PM OK 6245613.exe\comctl32.dll
8/9/2011 4:07:49 PM OK C:\WINDOWS\system32\netapi32.dll
8/9/2011 4:07:49 PM OK C:\WINDOWS\system32\uxtheme.dll
8/9/2011 4:07:49 PM OK 6245613.exe\oleaut32.dll
8/9/2011 4:07:49 PM OK 6245613.exe\comres.dll
8/9/2011 4:07:48 PM OK 6245613.exe\clbcatq.dll
8/9/2011 4:07:48 PM OK 6245613.exe\wldap32.dll
8/9/2011 4:07:48 PM OK C:\WINDOWS\system32\winhttp.dll
8/9/2011 4:07:48 PM OK 6245613.exe\imagehlp.dll
8/9/2011 4:07:48 PM OK C:\WINDOWS\system32\fltlib.dll
8/9/2011 4:07:48 PM OK 6245613.exe\sfc_os.dll
8/9/2011 4:07:48 PM OK C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll
8/9/2011 4:07:47 PM OK 6245613.exe\wintrust.dll
8/9/2011 4:07:47 PM OK 6245613.exe\psapi.dll
8/9/2011 4:07:47 PM OK 6245613.exe\atl.dll
8/9/2011 4:07:47 PM OK 6245613.exe\userenv.dll
8/9/2011 4:07:47 PM OK 6245613.exe\ntshrui.dll
8/9/2011 4:07:47 PM OK 6245613.exe\linkinfo.dll
8/9/2011 4:07:47 PM OK 6245613.exe\imm32.dll
8/9/2011 4:07:47 PM OK 6245613.exe\cryptnet.dll
8/9/2011 4:07:46 PM OK 6245613.exe\msctfime.ime
8/9/2011 4:07:46 PM OK 6245613.exe\cabinet.dll
8/9/2011 4:07:46 PM OK C:\WINDOWS\system32\xpsp2res.dll
8/9/2011 4:07:46 PM OK 6245613.exe\usp10.dll
8/9/2011 4:07:45 PM OK 6245613.exe\msctf.dll
8/9/2011 4:07:45 PM OK 6245613.exe\scecli.dll
8/9/2011 4:07:45 PM OK 6245613.exe\dciman32.dll
8/9/2011 4:07:44 PM OK 6245613.exe\sensapi.dll
8/9/2011 4:07:44 PM OK 6245613.exe\rsaenh.dll
8/9/2011 4:07:44 PM OK 6245613.exe\lpk.dll
8/9/2011 4:07:43 PM OK 6245613.exe\netapi32.dll
8/9/2011 4:07:43 PM OK 6245613.exe\uxtheme.dll
8/9/2011 4:07:42 PM OK 6245613.exe\fltlib.dll
8/9/2011 4:07:42 PM OK 6245613.exe\GdiPlus.dll
8/9/2011 4:07:41 PM OK 6245613.exe\winhttp.dll
8/9/2011 4:07:41 PM OK 6245613.exe\xpsp2res.dll
8/9/2011 4:07:41 PM OK 6245613.exe\6245613.exe
8/9/2011 4:07:40 PM OK System Memory
8/9/2011 4:07:38 PM Task started

OTL logs:

08092011_184232:

All processes killed
========== OTL ==========
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
========== FILES ==========
File\Folder C:\Documents and Settings\Fred\Local Settings\Temp\65.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Fred\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Fred\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Fred
->Temp folder emptied: 154823 bytes
->Temporary Internet Files folder emptied: 52591 bytes
->Java cache emptied: 488 bytes
->FireFox cache emptied: 42883386 bytes
->Flash cache emptied: 2009 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33636 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 16889004 bytes

Total Files Cleaned = 57.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Fred
->Flash cache emptied: 0 bytes

User: Guest

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.26.1 log created on 08092011_184232

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.Txt:

OTL logfile created on: 8/9/2011 6:49:46 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Fred\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.36 Mb Total Physical Memory | 88.58 Mb Available Physical Memory | 17.32% Memory free
5.22 Gb Paging File | 4.86 Gb Available in Paging File | 93.10% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 30.12 Gb Total Space | 9.71 Gb Free Space | 32.24% Space Free | Partition Type: NTFS
Drive D: | 25.77 Gb Total Space | 21.39 Gb Free Space | 82.98% Space Free | Partition Type: NTFS
Drive F: | 149.01 Gb Total Space | 9.79 Gb Free Space | 6.57% Space Free | Partition Type: FAT32

Computer Name: HT-ENO6HHHY4BDE | User Name: Fred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/06/03 16:01:14 | 002,734,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/11/24 07:06:36 | 000,204,296 | ---- | M] (NTWind Software) -- C:\Program Files\VistaSwitcher\vswitch.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe


========== Modules (SafeList) ==========

MOD - [2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (MotoHelper)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/03 16:02:48 | 000,183,904 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe -- (ESHASRV)
SRV - [2011/06/03 16:01:24 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/08/14 15:21:16 | 000,200,704 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe -- (GhostStartService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/03 16:01:48 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/06/03 16:01:20 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/06/03 16:00:16 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/12/11 11:05:28 | 002,209,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2006/07/06 13:44:10 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/04/06 15:49:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2006/03/08 22:49:20 | 001,506,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 13:46:38 | 000,190,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/24 11:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/08/14 15:11:16 | 000,005,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys -- (GhPciScan)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 05:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/02 15:11:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/05 22:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/07/26 19:43:11 | 000,000,000 | ---D | M]

[2011/02/26 20:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Extensions
[2011/08/08 21:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions
[2011/03/17 16:13:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\9ofzju4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/26 20:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/08/27 20:49:44 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/07/28 12:17:05 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch.exe (NTWind Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1176225459906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1176229303515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fred\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/10 09:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/15 12:08:04 | 000,000,036 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/07 21:32:04 | 000,000,000 | --SD | C] -- C:\mesograt
[2011/08/07 18:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/08/06 10:04:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/05 22:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/05 13:32:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:57:55 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Malwarebytes
[2011/08/04 15:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/04 15:55:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/04 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/04 15:55:25 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/04 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 13:50:23 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/02 13:47:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/02 13:47:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/02 13:47:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/02 13:47:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/02 13:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/02 13:45:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 13:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\Administrative Tools
[2011/07/28 11:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/07/28 11:26:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2011/07/28 11:25:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/07/27 19:05:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/07/27 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/07/27 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\VistaSwitcher
[2011/07/27 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\MixenSoft_WBINC
[2011/07/27 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Local Settings\Application Data\ViCon_Remastered
[2011/07/27 16:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/27 16:44:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/07/27 15:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/27 15:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\IconTweaker
[2011/07/27 15:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 15:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CodeGazer
[2011/07/27 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2011/07/27 15:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Styler
[2011/07/26 19:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/26 19:42:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 16:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/26 16:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/26 16:14:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2011/07/26 15:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Application Data\WinRAR
[2011/07/26 15:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/26 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\Start Menu\Programs\WinRAR
[2011/07/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/13 21:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fred\My Documents\Essays

========== Files - Modified Within 30 Days ==========

[2011/08/09 18:46:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/09 18:46:36 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/09 18:46:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/09 18:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/08 16:27:22 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/06 21:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-117609710-688789844-839522115-1003.job
[2011/08/05 22:37:25 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/05 13:33:04 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Fred\Desktop\OTL.com
[2011/08/04 15:58:11 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Fred\Desktop\dds.scr
[2011/08/04 15:55:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,506 | RHS- | M] () -- C:\boot.ini
[2011/07/28 11:47:54 | 000,021,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/28 11:44:49 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 17:48:22 | 000,001,676 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\WinAVI.lnk
[2011/07/27 17:48:05 | 000,001,655 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/27 17:47:44 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\iTunes.lnk
[2011/07/27 17:47:27 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/07/27 17:47:08 | 000,001,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/07/27 16:50:00 | 000,000,389 | ---- | M] () -- C:\Boot.bak
[2011/07/26 19:43:13 | 000,001,765 | ---- | M] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:25 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/07/23 21:39:56 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/13 20:36:18 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 13:59:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper MUM.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Update.job

========== Files Created - No Company Name ==========

[2011/08/05 22:37:25 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/05 22:37:25 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/08/05 14:02:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\MBR.dat
[2011/08/04 15:55:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 13:50:29 | 000,000,389 | ---- | C] () -- C:\Boot.bak
[2011/08/02 13:50:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/02 13:47:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/02 13:47:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/02 13:47:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/02 13:47:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/02 13:47:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/28 11:44:49 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/07/27 17:48:38 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/07/27 17:48:37 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/07/27 15:41:24 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\IconTweaker.lnk
[2011/07/27 15:34:23 | 000,169,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 19:43:13 | 000,001,765 | ---- | C] () -- C:\Documents and Settings\Fred\Desktop\ESET NOD32 Antivirus.lnk
[2011/07/26 16:52:31 | 000,021,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/07/26 16:52:25 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/06/19 19:02:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Fred\Application Data\winscp.rnd
[2011/03/25 17:28:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/25 17:28:01 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/03/11 19:50:07 | 000,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Turn Off Monitor.ini
[2011/02/28 16:36:52 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/02/26 21:02:47 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/02/26 20:35:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/09 22:43:20 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Fred\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/10 11:14:56 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/04/10 11:14:56 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/04/10 11:14:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/04/10 11:14:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/04/10 11:14:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/04/10 10:07:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2007/04/10 09:45:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/04/10 09:40:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/04/10 02:36:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/04/10 02:35:14 | 000,273,376 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/02 13:54:50 | 000,124,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,493,182 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,083,664 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/26 15:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/26 19:42:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/26 19:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/07/26 17:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2011/07/26 15:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/27 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/07/27 16:44:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/02/26 21:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\AVG10
[2011/08/09 18:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\BitTorrent
[2011/07/27 19:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Broad Intelligence
[2011/07/28 11:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ElevatedDiagnostics
[2011/03/23 17:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FreeBurner
[2010/03/28 17:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\FrostWire
[2011/07/27 15:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\IconTweaker
[2011/03/23 16:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\ImgBurn
[2007/05/05 21:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\InterVideo
[2011/07/27 15:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\Styler
[2011/07/27 16:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Fred\Application Data\TuneUp Software
[2011/07/12 18:33:23 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/09 18:33:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/12 18:33:13 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job

========== Purity Check ==========



< End of report >

Virscan gives me an error message saying that the uploaded file "cannot be found". I used Internet Explorer (I'm not sure which version I have, if this makes a difference. I don't update my IE because I don't usually use it.) and copy/pasted the filepath you gave me. Suggestions?

Also, ignore BitTorrent in the AVP scan. My friend re-downloaded it onto my laptop so he could download something and I hadn't realized when I ran the AVP scan.

Edited by mesograt, 09 August 2011 - 08:10 PM.

  • 0

#14
Aaron
Posted 10 August 2011 - 05:52 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Hi

No redirections anymore or IP-blocks from MBAM?


I think we got them :)

We'll give Combofix another try as extra check, it should work. Try downloading the latest version.
  • 0

#15
Aaron
Posted 14 August 2011 - 02:41 AM

Aaron

    Expert

  • Expert
  • 3,155 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP