Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help Removing Browser Redirect Whenever I Search for Anti-Malware Site

Started by monsieurd , Oct 08 2011 06:42 PM

Please log in to reply

#16
RKinner

Posted 11 October 2011 - 01:32 AM

Malware Expert

Expert
24,625 posts

With Vista you are always a regular user. It doesn't matter that you logged in as an administrator you still need to right click and Run As Administrator if you want to really be an administrator. When you run any of our tools or most .exe files you need to right click and Run As Administrator.

The command sc config BCM42RLY start= disabled /c does nothing but tell Windows to stop trying to start the service for which there is no file. That just makes it boot a bit faster.

You should install the latest version of Java if it is something you use. http://www.java.com/...nload/index.jsp

Ron

#17
monsieurd

Posted 11 October 2011 - 03:44 AM

Member

Topic Starter
Member
17 posts

Except I did try running those programs with "Run as administrator" and still got the same message. I notice that I get this message if I try to run the tools I downloaded to get rid of the infection in my computer, like Vino's Event Viewer, and (I think) after uninstalling ComboFix. I'm not sure what the connection is.

#18
RKinner

Posted 11 October 2011 - 08:41 AM

Malware Expert

Expert
24,625 posts

This is something that the infection did. It changes permissions on files that it feels attacked it so they can't be run again.

Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Rightclick on the zip file and Extract All. This should create a folder called GrantPerms on your desktop. In the folder find GrantPerms.exe and right click it and run as administrator.

It should bring up a small window after a delay of about 30 seconds. Type in the full path to a file you are having problems with. Example. george.exe on your desktop would be:

c:\users\***\Desktop\george.exe

Since there is a space in your username I would add quotes around the whole thing: "c:\users\***\Desktop\george.exe"

Then hit List Permissions. Copy and paste the text.

For Combofix on my PC it says:

GrantPerms by Farbar
Ran by Ron at 2011-10-11 07:31:18

===============================================
\\?\c:\users\Ron\Desktop\combofix.exe

Owner: BigGuy\Ron

DACL(not_protected):
BigGuy\Ron FULL ALLOW pseudo_(I)

For a more normal file like Speedfan it says:

GrantPerms by Farbar
Ran by Ron at 2011-10-11 07:34:58

===============================================
\\?\C:\Program Files\SpeedFan\speedfan.exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)

What does your problem file say? If it doesn't say FULL ALLOW for BUILTIN\Administrators then click on Unblock. Then List Permissions again. Does it change any? IF it changed it then try and run the file by right clicking and Run As Administrator. Any luck?

Ron

#19
monsieurd

Posted 11 October 2011 - 11:58 AM

Member

Topic Starter
Member
17 posts

<UPDATE>: I did a little research, and this appears to be related to Vista Group Policy Control. However, I also found that Vista Home Premium editions do not have Group Policy Control, so that cannot be the problem. Apparently, this infection has messed up my registry, but I'll wait for you to tell me how to fix this.
<UPDATE>

Ok, so I ran the Grantperms file for otl.exe, and it listed "FULL ALLOW pseudo_(I)" for "BUILTIN\Administrators". So I clicked on "Unblocked" then tried to run OTL as an administrator, but same thing.

However, when I right-clicked on OTL and clicked on Properties, I noticed under the "General" tab, at the very bottom was another option I don't recall ever seeing, and that was an "Unblock" option, with a message adjacent saying "Windows has blocked access to this file because it came from another computer and might be blocked to protect the computer". So I clicked on Unblocked and viola, now it works.

Yet, this seems to be happening with every .exe file I download, I get this problem even when I tried to download Vista service packs, I have to click on "Unblock" to run the file. Is this problem also related to the infection, because I don't recall Vista ever doing this?

Edited by monsieurd, 11 October 2011 - 12:29 PM.

#20
RKinner

Posted 11 October 2011 - 12:58 PM

Malware Expert

Expert
24,625 posts

I think you may have IE's security controls set too tight or have the Internet in the Restricted Zone.

In IE, Tools, Internet options, Security, Restricted Sites, Sites. Do you see anything in the bottom pane? click on it and remove it unless you know what it is.

In IE, Tools, Internet options, Security,Reset All Zones to Default Levels. Restart IE. This won't effect files you have already downloaded. They will still need to be unblocked.

There is a registry fix for this problem but it says it is for XP so don't know if it will work on vista:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001

Copy the text in the code box and then open Notepad (start, Run, notepad, OK).

Edit, Paste or Ctrl + v to paste the copied text into the notepad. File, Save As, (to your desktop), "fix.reg" OK (make sure you use the quotation marks or it won't work right.)

Close notepad then right click on fix.reg and Merge into the registry. May need to restart.

#21
monsieurd

Posted 12 October 2011 - 02:40 AM

Member

Topic Starter
Member
17 posts

I did default the IE settings as you recommended, but that did not seem to have an effect, because whenever I try downloading any .exe file, that file still has the "Unblock" feature attached to it. Furthermore, I use Chrome or Firefox, and I still I get the same problem.

I haven't yet tried the registry fix. I actually looked for that specific registry location that you asked me to modify, but there is no "...\Attachments" key. So I'm wary of using the fix you recommended to me.

Edited by monsieurd, 12 October 2011 - 02:46 AM.

#22
RKinner

Posted 12 October 2011 - 08:21 AM

Malware Expert

Expert
24,625 posts

Let's see if OTL can offer any hints:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Standard Registry group
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#23
monsieurd

Posted 12 October 2011 - 11:48 AM

Member

Topic Starter
Member
17 posts

Here are the logs. First, the OTL log:

OTL logfile created on: 10/12/2011 10:27:03 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.28% Memory free
4.23 Gb Paging File | 2.91 Gb Available in Paging File | 68.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 12.45 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCHOOLAPTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 17:17:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011/09/30 08:12:41 | 001,030,200 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/09/06 13:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/30 09:37:06 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/06/26 13:31:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/23 20:32:46 | 000,578,611 | ---- | M] () -- C:\Program Files\Droid Explorer\SDK\tools\adb.exe
PRC - [2009/06/10 06:22:22 | 000,334,224 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/07 10:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/08/28 22:54:58 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/27 07:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/04/16 15:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/11 12:26:05 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2011/10/11 12:25:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2011/10/11 12:23:47 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2011/10/11 12:23:27 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2011/09/30 08:12:40 | 000,412,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\ppgooglenaclpluginchrome.dll
MOD - [2011/09/30 08:12:39 | 003,696,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
MOD - [2011/09/30 08:11:13 | 000,142,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avutil-51.dll
MOD - [2011/09/30 08:11:12 | 000,253,320 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avformat-53.dll
MOD - [2011/09/30 08:11:10 | 002,403,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\avcodec-53.dll
MOD - [2011/09/29 13:06:57 | 008,587,936 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/27 07:34:24 | 000,103,968 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 13:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/30 09:37:28 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/22 00:14:40 | 000,253,952 | ---- | M] (Ryan Conrad) [Auto | Stopped] -- C:\Program Files\Droid Explorer\DroidExplorer.Service.exe -- (DroidExplorerService)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/09/07 10:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/08/29 13:25:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/09/06 13:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 13:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 13:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 13:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 13:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 13:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/06/30 09:37:58 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/06/30 09:37:56 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/06/30 09:37:56 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/05/25 00:59:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/05/25 00:59:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/05/25 00:59:24 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/05/25 00:59:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/04/26 19:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 19:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 19:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/03/02 16:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/06/30 23:16:26 | 000,018,912 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC) Litex Media Virtual Audio Cable (WDM)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/12 14:37:28 | 008,235,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/30 11:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/09/07 10:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/28 22:55:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 22:54:56 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/10 23:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 05:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 05:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 05:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/28 22:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/05/02 22:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [1997/04/22 11:16:00 | 000,006,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ASLM75.SYS -- (aslm75)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com|news.bbc.co.uk|http://www.france24.com/fr/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 11:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/06/28 15:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/09 01:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/09 01:16:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 22:51:46 | 000,000,000 | ---D | M]

[2008/08/28 23:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2008/08/28 23:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/08/21 23:24:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vi184zgi.default\extensions
[2010/01/17 12:32:09 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vi184zgi.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/12/25 00:34:35 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vi184zgi.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2011/02/06 03:29:21 | 000,001,982 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\duckduckgo-ssl.xml
[2011/10/06 11:07:23 | 000,001,835 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\weathercom.xml
[2008/07/17 01:21:41 | 000,002,354 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-french.xml
[2008/03/15 13:42:27 | 000,002,379 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\vi184zgi.default\searchplugins\wr-english-spanish.xml
[2011/10/09 12:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/09 01:16:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/10/09 01:25:21 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/09/14 11:20:13 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VI184ZGI.DEFAULT\EXTENSIONS\[email protected]
[2011/06/28 15:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/10/09 01:16:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2011/01/09 00:10:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2011/09/05 10:04:56 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 11:24:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 11:24:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 11:24:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 11:24:40 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 11:24:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 11:24:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 11:24:41 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/09 01:16:49 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2010/09/02 23:42:12 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/10/09 01:16:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/09/02 23:42:13 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/09 01:16:49 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/09 01:16:49 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/10/09 01:16:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/09 01:16:49 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Clouds Theme (Aero) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcciaadkjghlekmecfilhfakgmmgheei\1.1_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2011/10/09 17:34:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76346A94-60B1-4E73-86D7-C54221E750B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76346A94-60B1-4E73-86D7-C54221E750B1}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B0903FB-158E-4BB8-ADBB-F2259D9DA527}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/03/11 12:21:36 | 000,000,148 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/11 11:53:35 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/10/11 11:19:55 | 000,047,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2011/10/11 11:19:54 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2011/10/11 11:00:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/10/11 11:00:28 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll
[2011/10/11 10:59:56 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vsp1cln.exe
[2011/10/11 10:59:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll
[2011/10/11 10:58:07 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2011/10/11 10:58:07 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/10/11 10:58:07 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll
[2011/10/11 10:58:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/10/11 10:58:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/10/11 10:58:06 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/10/11 10:58:06 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2011/10/11 10:58:06 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2011/10/11 10:58:06 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/11 10:58:06 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll
[2011/10/11 10:58:05 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/10/11 10:58:05 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/10/11 10:58:05 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/10/11 10:58:05 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/10/11 10:58:04 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/10/11 10:58:04 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/10/11 10:58:04 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/10/11 10:58:03 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe
[2011/10/11 10:58:03 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/10/11 10:58:03 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/10/11 10:58:03 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll
[2011/10/11 10:58:03 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll
[2011/10/11 10:58:02 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll
[2011/10/11 10:58:02 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/10/11 10:58:02 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL
[2011/10/11 10:58:02 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/10/11 10:58:02 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/10/11 10:58:02 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll
[2011/10/11 10:58:01 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
[2011/10/11 10:58:01 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2011/10/11 10:58:00 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2011/10/11 10:57:59 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2011/10/11 10:57:59 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll
[2011/10/11 10:57:59 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/11 10:57:58 | 001,052,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/10/11 10:57:58 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/10/11 10:57:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll
[2011/10/11 10:57:58 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll
[2011/10/11 10:57:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/11 10:57:55 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll
[2011/10/11 10:57:54 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/10/11 10:57:54 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/10/11 10:57:54 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/10/11 10:57:54 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll
[2011/10/11 10:57:54 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll
[2011/10/11 10:57:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe
[2011/10/11 10:57:54 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll
[2011/10/11 10:57:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll
[2011/10/11 10:57:54 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2011/10/11 10:57:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/10/11 10:57:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2011/10/11 10:57:54 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2011/10/11 10:57:53 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL
[2011/10/11 10:57:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2011/10/11 10:57:53 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2011/10/11 10:57:53 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2011/10/11 10:57:53 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll
[2011/10/11 10:57:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/10/11 10:57:53 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/11 10:57:53 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll
[2011/10/11 10:57:52 | 000,588,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2011/10/11 10:57:52 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2011/10/11 10:57:52 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll
[2011/10/11 10:57:52 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/10/11 10:57:52 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/10/11 10:57:52 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/10/11 10:57:52 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2011/10/11 10:57:52 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll
[2011/10/11 10:57:49 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2011/10/11 10:57:49 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/10/11 10:57:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2011/10/11 10:57:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2011/10/11 10:57:47 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll
[2011/10/11 10:57:44 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll
[2011/10/11 10:57:44 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/10/11 10:57:43 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/10/11 10:57:42 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll
[2011/10/11 10:57:42 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/10/11 10:57:42 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/10/11 10:57:41 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/10/11 10:57:41 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/10/11 10:57:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/10/11 10:57:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2011/10/11 10:57:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2011/10/11 10:57:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/10/11 10:57:40 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/10/11 10:57:39 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe
[2011/10/11 10:57:39 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/10/11 10:57:39 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/10/11 10:57:38 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/10/11 10:57:38 | 000,223,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/10/11 10:57:38 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/10/11 10:57:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/10/11 10:57:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2011/10/11 10:57:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/10/11 10:57:38 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/10/11 10:57:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/10/11 10:57:37 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/10/11 10:57:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2011/10/11 10:57:37 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/10/11 10:57:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/10/11 10:57:36 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE
[2011/10/11 10:57:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/10/11 10:57:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe
[2011/10/11 10:57:36 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll
[2011/10/11 10:57:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2011/10/11 10:57:36 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe
[2011/10/11 10:57:35 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/10/11 10:57:35 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2011/10/11 10:57:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll
[2011/10/11 10:57:34 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll
[2011/10/11 10:57:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2011/10/11 10:57:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe
[2011/10/11 10:57:33 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2011/10/11 10:57:32 | 000,939,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/10/11 10:57:32 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/10/11 10:57:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe
[2011/10/11 10:57:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/10/11 10:57:31 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/10/11 10:57:31 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/10/11 10:57:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll
[2011/10/11 10:57:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/10/11 10:57:31 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe
[2011/10/11 10:57:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll
[2011/10/11 10:57:30 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr
[2011/10/11 10:57:30 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/10/11 10:57:30 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/10/11 10:57:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/10/11 10:57:29 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/10/11 10:57:29 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/10/11 10:57:29 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL
[2011/10/11 10:57:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll
[2011/10/11 10:57:28 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/10/11 10:57:28 | 000,376,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/10/11 10:57:28 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/10/11 10:57:28 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll
[2011/10/11 10:57:28 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll
[2011/10/11 10:57:28 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/10/11 10:57:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys
[2011/10/11 10:57:27 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/10/11 10:57:27 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll
[2011/10/11 10:57:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/10/11 10:57:26 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/11 10:57:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/10/11 10:57:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2011/10/11 10:57:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll
[2011/10/11 10:57:25 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2011/10/11 10:57:25 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/10/11 10:57:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/10/11 10:57:25 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll
[2011/10/11 10:57:25 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2011/10/11 10:57:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/10/11 10:57:25 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/10/11 10:57:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2011/10/11 10:57:25 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe
[2011/10/11 10:57:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll
[2011/10/11 10:57:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll
[2011/10/11 10:57:24 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll
[2011/10/11 10:57:24 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/10/11 10:57:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/10/11 10:57:24 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll
[2011/10/11 10:57:24 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/11 10:57:24 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe
[2011/10/11 10:57:24 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll
[2011/10/11 10:57:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll
[2011/10/11 10:57:23 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl
[2011/10/11 10:57:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL
[2011/10/11 10:57:21 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll
[2011/10/11 10:57:21 | 000,021,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2011/10/11 10:57:21 | 000,019,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2011/10/11 10:57:21 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL
[2011/10/11 10:57:20 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/10/11 10:57:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe
[2011/10/11 10:57:18 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL
[2011/10/11 10:57:18 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/10/11 10:57:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/11 10:57:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/10/11 10:57:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/10/11 10:57:17 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL
[2011/10/11 10:57:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2011/10/11 10:57:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL
[2011/10/11 10:57:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/10/11 10:57:15 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/10/11 10:57:15 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll
[2011/10/11 10:57:11 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2011/10/11 10:57:11 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll
[2011/10/11 10:57:10 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/10/11 10:57:10 | 000,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2011/10/11 10:57:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/10/11 10:57:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/10/11 10:57:07 | 002,011,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2011/10/11 10:57:07 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/10/11 10:57:07 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe
[2011/10/11 10:57:05 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll
[2011/10/11 10:57:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe
[2011/10/11 10:57:04 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/10/11 10:57:04 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/10/11 10:57:04 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/10/11 10:57:03 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/10/11 10:56:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll
[2011/10/11 10:56:58 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/10/11 10:56:58 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe
[2011/10/11 10:56:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/10/11 10:56:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/10/11 10:56:57 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe
[2011/10/11 10:56:56 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2011/10/11 10:56:56 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/10/11 10:56:56 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll
[2011/10/11 10:56:56 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2011/10/11 10:56:55 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2011/10/11 10:56:55 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2011/10/11 10:56:55 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2011/10/11 10:56:55 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2011/10/11 10:56:55 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2011/10/11 10:56:55 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2011/10/11 10:56:55 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2011/10/11 10:56:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys
[2011/10/11 10:56:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/10/11 10:56:54 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/10/11 10:56:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/10/11 10:56:54 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2011/10/11 10:56:53 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/10/11 10:56:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/10/11 10:56:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/10/11 10:56:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/10/11 10:56:53 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
[2011/10/11 10:56:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll
[2011/10/11 10:56:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe
[2011/10/11 10:56:50 | 001,823,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/10/11 10:56:50 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2011/10/11 10:56:50 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2011/10/11 10:56:50 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/10/11 10:56:50 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll
[2011/10/11 10:56:50 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/11 10:56:50 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2011/10/11 10:56:49 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/10/11 10:56:49 | 000,272,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/10/11 10:56:49 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/10/11 10:56:49 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2011/10/11 10:56:49 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2011/10/11 10:56:49 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/10/11 10:56:49 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/10/11 10:56:49 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll
[2011/10/11 10:56:49 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/10/11 10:56:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll
[2011/10/11 10:56:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll
[2011/10/11 10:56:48 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/10/11 10:56:48 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/11 10:56:48 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll
[2011/10/11 10:56:48 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/10/11 10:56:48 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2011/10/11 10:56:48 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/10/11 10:56:48 | 000,051,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2011/10/11 10:56:47 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2011/10/11 10:56:47 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/11 10:56:47 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/10/11 10:56:47 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/10/11 10:56:47 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/10/11 10:56:47 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/10/11 10:56:46 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll
[2011/10/11 10:56:46 | 000,336,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2011/10/11 10:56:46 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll
[2011/10/11 10:56:46 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe
[2011/10/11 10:56:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll
[2011/10/11 10:56:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll
[2011/10/11 10:56:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll
[2011/10/11 10:56:45 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll
[2011/10/11 10:56:45 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2011/10/11 10:56:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2011/10/11 10:56:45 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll
[2011/10/11 10:56:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/10/11 10:56:45 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll
[2011/10/11 10:56:44 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2011/10/11 10:56:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe
[2011/10/11 10:56:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll
[2011/10/11 10:56:44 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll
[2011/10/11 10:56:43 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2011/10/11 10:56:42 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/10/11 10:56:42 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/10/11 10:56:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/10/11 10:56:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2011/10/11 10:56:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE
[2011/10/11 10:56:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2011/10/11 10:56:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/10/11 10:56:41 | 000,045,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2011/10/11 10:56:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
[2011/10/11 10:56:40 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/10/11 10:56:40 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/10/11 10:56:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/10/11 10:56:40 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll
[2011/10/11 10:56:40 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/10/11 10:56:39 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll
[2011/10/11 10:56:39 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/10/11 10:56:38 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/10/11 10:56:38 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/10/11 10:56:38 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/10/11 10:56:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL
[2011/10/11 10:56:38 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll
[2011/10/11 10:56:38 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/10/11 10:56:38 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll
[2011/10/11 10:56:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe
[2011/10/11 10:56:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/10/11 10:56:37 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/10/11 10:56:37 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/10/11 10:56:37 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/10/11 10:56:37 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2011/10/11 10:56:37 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/10/11 10:56:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rndismpx.sys
[2011/10/11 10:56:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2011/10/11 10:56:36 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/10/11 10:56:36 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/10/11 10:56:36 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/10/11 10:56:36 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/10/11 10:56:36 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/10/11 10:56:36 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe
[2011/10/11 10:56:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe
[2011/10/11 10:56:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/10/11 10:56:35 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/10/11 10:56:34 | 000,889,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/10/11 10:56:34 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2011/10/11 10:56:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll
[2011/10/11 10:56:34 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2011/10/11 10:56:34 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe
[2011/10/11 10:56:34 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll
[2011/10/11 10:56:33 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/10/11 10:56:33 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/10/11 10:56:30 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/10/11 10:56:30 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/10/11 10:56:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/10/11 10:56:30 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2011/10/11 10:56:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/10/11 10:56:29 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/10/11 10:56:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/10/11 10:56:28 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/10/11 10:56:28 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2011/10/11 10:56:28 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/10/11 10:56:28 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/10/11 10:56:28 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2011/10/11 10:56:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe
[2011/10/11 10:56:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2011/10/11 10:56:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe
[2011/10/11 10:56:27 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll
[2011/10/11 10:56:27 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2011/10/11 10:56:27 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2011/10/11 10:56:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe
[2011/10/11 10:56:27 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2011/10/11 10:56:27 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll
[2011/10/11 10:56:27 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe
[2011/10/11 10:56:26 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll
[2011/10/11 10:56:26 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll
[2011/10/11 10:56:26 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/10/11 10:56:26 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/10/11 10:56:26 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/10/11 10:56:26 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/10/11 10:56:25 | 001,788,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/10/11 10:56:25 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/10/11 10:56:25 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
[2011/10/11 10:56:25 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/10/11 10:56:25 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
[2011/10/11 10:56:25 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
[2011/10/11 10:56:24 | 001,855,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/10/11 10:56:24 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
[2011/10/11 10:56:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll
[2011/10/11 10:56:24 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll
[2011/10/11 10:56:23 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll
[2011/10/11 10:56:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/10/11 10:56:23 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2011/10/11 10:56:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/10/11 10:56:23 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2011/10/11 10:56:22 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/10/11 10:56:22 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe
[2011/10/11 10:56:22 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe
[2011/10/11 10:56:22 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/10/11 10:56:22 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe
[2011/10/11 10:56:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll
[2011/10/11 10:56:22 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
[2011/10/11 10:56:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll
[2011/10/11 10:56:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/10/11 10:56:21 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/10/11 10:56:21 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/10/11 10:56:21 | 000,377,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2011/10/11 10:56:21 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2011/10/11 10:56:21 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe
[2011/10/11 10:56:21 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe
[2011/10/11 10:56:21 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL
[2011/10/11 10:56:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll
[2011/10/11 10:56:21 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe
[2011/10/11 10:56:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll
[2011/10/11 10:56:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll
[2011/10/11 10:56:20 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2011/10/11 10:56:20 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/10/11 10:56:20 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll
[2011/10/11 10:56:19 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll
[2011/10/11 10:56:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2011/10/11 10:56:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe
[2011/10/11 10:56:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll
[2011/10/11 10:56:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll
[2011/10/11 10:56:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2011/10/11 10:56:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2011/10/11 10:56:18 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll
[2011/10/11 10:56:18 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll
[2011/10/11 10:56:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll
[2011/10/11 10:56:18 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll
[2011/10/11 10:56:18 | 000,127,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2011/10/11 10:56:18 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll
[2011/10/11 10:56:18 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2011/10/11 10:56:18 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe
[2011/10/11 10:56:17 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/10/11 10:56:17 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll
[2011/10/11 10:56:17 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2011/10/11 10:56:17 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe
[2011/10/11 10:56:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/10/11 10:56:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2011/10/11 10:56:17 | 000,036,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2011/10/11 10:56:17 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll
[2011/10/11 10:56:17 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/10/11 10:56:17 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe
[2011/10/11 10:56:16 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL
[2011/10/11 10:56:16 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/10/11 10:56:16 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll
[2011/10/11 10:56:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll
[2011/10/11 10:56:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll
[2011/10/11 10:56:15 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll
[2011/10/11 10:56:13 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/10/11 10:56:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2011/10/11 10:56:13 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe
[2011/10/11 10:56:13 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll
[2011/10/11 10:56:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL
[2011/10/11 10:56:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll
[2011/10/11 10:56:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll
[2011/10/11 10:56:12 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/10/11 10:56:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2011/10/11 10:56:12 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2011/10/11 10:56:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2011/10/11 10:56:12 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2011/10/11 10:56:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/10/11 10:56:11 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe
[2011/10/11 10:56:11 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl
[2011/10/11 10:56:11 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/10/11 10:56:11 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
[2011/10/11 10:56:11 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll
[2011/10/11 10:56:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/10/11 10:56:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll
[2011/10/11 10:56:10 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/10/11 10:56:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/10/11 10:56:10 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe
[2011/10/11 10:56:10 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe
[2011/10/11 10:56:10 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2011/10/11 10:56:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/10/11 10:56:10 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/10/11 10:56:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll
[2011/10/11 10:56:10 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2011/10/11 10:56:09 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2011/10/11 10:56:09 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2011/10/11 10:56:09 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/10/11 10:56:09 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/10/11 10:56:09 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll
[2011/10/11 10:56:09 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2011/10/11 10:56:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/10/11 10:56:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe
[2011/10/11 10:56:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll
[2011/10/11 10:56:08 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll
[2011/10/11 10:56:08 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2011/10/11 10:56:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll
[2011/10/11 10:56:08 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll
[2011/10/11 10:56:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe
[2011/10/11 10:56:08 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2011/10/11 10:56:08 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll
[2011/10/11 10:56:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll
[2011/10/11 10:56:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll
[2011/10/11 10:56:08 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll
[2011/10/11 10:56:08 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/10/11 10:56:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll
[2011/10/11 10:56:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/10/11 10:56:07 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/10/11 10:56:07 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/10/11 10:56:07 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll
[2011/10/11 10:56:07 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE
[2011/10/11 10:56:07 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2011/10/11 10:56:07 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx
[2011/10/11 10:56:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/10/11 10:56:07 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2011/10/11 10:56:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll
[2011/10/11 10:56:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys
[2011/10/11 10:56:06 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2011/10/11 10:56:06 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/11 10:56:06 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/10/11 10:56:06 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/11 10:56:06 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/10/11 10:56:06 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/10/11 10:56:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll
[2011/10/11 10:56:06 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2011/10/11 10:56:06 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/10/11 10:56:06 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll
[2011/10/11 10:56:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
[2011/10/11 10:56:06 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/10/11 10:56:05 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2011/10/11 10:56:05 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2011/10/11 10:56:05 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/10/11 10:56:05 | 000,029,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2011/10/11 10:56:04 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/10/11 10:56:04 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr
[2011/10/11 10:56:04 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll
[2011/10/11 10:56:04 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2011/10/11 10:56:04 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll
[2011/10/11 10:56:04 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/10/11 10:56:04 | 000,110,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/10/11 10:56:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2011/10/11 10:56:04 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe
[2011/10/11 10:56:04 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe
[2011/10/11 10:56:02 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/10/11 10:56:02 | 000,131,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/10/11 10:56:02 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/10/11 10:56:02 | 000,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys
[2011/10/11 10:56:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll
[2011/10/11 10:56:01 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/10/11 10:56:01 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2011/10/11 10:56:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/10/11 10:56:01 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/10/11 10:56:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll
[2011/10/11 10:56:01 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/10/11 10:56:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll
[2011/10/11 10:56:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys
[2011/10/11 10:56:00 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/10/11 10:56:00 | 001,186,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/10/11 10:56:00 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/10/11 10:56:00 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/10/11 10:56:00 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2011/10/11 10:55:59 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll
[2011/10/11 10:55:59 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/10/11 10:55:59 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/10/11 10:55:59 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/10/11 10:55:59 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb
[2011/10/11 10:55:59 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/10/11 10:55:59 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe
[2011/10/11 10:55:59 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/10/11 10:55:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
[2011/10/11 10:55:58 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll
[2011/10/11 10:55:58 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys
[2011/10/11 10:55:57 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/10/11 10:55:56 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2011/10/11 10:55:56 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll
[2011/10/11 10:55:56 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/10/11 10:55:55 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2011/10/11 10:55:55 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll
[2011/10/11 10:55:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll
[2011/10/11 10:55:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2011/10/11 10:55:55 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/10/11 10:55:54 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/10/11 10:55:54 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/10/11 10:55:53 | 000,990,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/10/11 10:55:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll
[2011/10/11 10:55:52 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2011/10/11 10:55:52 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll
[2011/10/11 10:55:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe
[2011/10/11 10:55:52 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL
[2011/10/11 10:55:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll
[2011/10/11 10:55:52 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll
[2011/10/11 10:55:51 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/10/11 10:55:51 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2011/10/11 10:55:51 | 000,632,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2011/10/11 10:55:51 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2011/10/11 10:55:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2011/10/11 10:55:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe
[2011/10/11 10:55:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe
[2011/10/11 10:55:50 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/10/11 10:55:49 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/10/11 10:55:49 | 001,671,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/10/11 10:55:49 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/10/11 10:55:49 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll
[2011/10/11 10:55:49 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2011/10/11 10:55:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll
[2011/10/11 10:55:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/10/11 10:55:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe
[2011/10/11 10:55:48 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2011/10/11 10:55:47 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/10/11 10:55:38 | 000,882,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/10/11 10:55:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2011/10/11 10:55:38 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/11 10:55:36 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2011/10/11 10:55:36 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/10/11 10:55:36 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/10/11 10:55:36 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2011/10/11 10:55:35 | 001,827,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/11 10:55:35 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/10/11 10:55:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2011/10/11 10:55:34 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2011/10/11 10:55:33 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/10/11 10:55:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe
[2011/10/11 10:55:32 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/10/11 10:55:31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2011/10/11 10:55:31 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/10/11 10:55:31 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll
[2011/10/11 10:55:30 | 000,445,952 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2011/10/11 10:55:30 | 000,251,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2011/10/11 10:55:30 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2011/10/11 10:55:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2011/10/11 10:55:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2011/10/11 10:55:29 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/10/11 10:55:29 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2011/10/11 10:55:27 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/11 10:55:27 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/10/11 10:55:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/11 10:55:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2011/10/11 10:55:26 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll
[2011/10/11 10:55:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/11 10:55:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe
[2011/10/11 10:55:25 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
[2011/10/11 10:55:25 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/11 10:55:25 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll
[2011/10/11 10:55:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/11 10:55:25 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe
[2011/10/11 10:55:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll
[2011/10/11 10:55:23 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll
[2011/10/11 10:55:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/10/11 10:55:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll
[2011/10/11 10:55:21 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/10/11 10:55:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2011/10/11 10:55:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/10/11 10:55:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll
[2011/10/11 10:55:18 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/10/11 10:55:18 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/10/11 10:55:18 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2011/10/11 10:55:18 | 000,101,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/10/11 10:55:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll
[2011/10/11 10:55:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/10/11 10:55:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe
[2011/10/11 10:55:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll
[2011/10/11 10:55:17 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/10/11 10:55:17 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2011/10/11 10:55:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2011/10/11 10:55:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/10/11 10:55:16 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2011/10/11 10:55:15 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2011/10/11 10:55:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll
[2011/10/11 10:55:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/10/11 10:55:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe
[2011/10/11 10:55:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll
[2011/10/11 10:55:14 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/10/11 10:55:13 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/10/11 10:55:13 | 000,936,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2011/10/11 10:55:13 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2011/10/11 10:55:13 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2011/10/11 10:55:13 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com
[2011/10/11 10:55:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2011/10/11 10:55:09 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe
[2011/10/11 10:55:08 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2011/10/11 10:55:06 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/10/11 10:55:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/10/11 10:55:06 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe
[2011/10/11 10:55:06 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2011/10/11 10:55:05 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2011/10/11 10:55:05 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2011/10/11 10:55:05 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll
[2011/10/11 10:55:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/10/11 10:55:05 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/11 10:55:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll
[2011/10/11 10:55:04 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll
[2011/10/11 10:55:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/10/11 10:55:03 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/10/11 10:55:03 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL
[2011/10/11 10:55:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2011/10/11 10:55:02 | 003,216,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/10/11 10:55:02 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/10/11 10:55:02 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/10/11 10:55:01 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll
[2011/10/11 10:55:01 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll
[2011/10/11 10:55:00 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/10/11 10:55:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll
[2011/10/11 10:54:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/10/11 10:54:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/10/11 10:54:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/10/11 10:54:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
[2011/10/11 10:54:57 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/10/11 10:54:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/10/11 10:54:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/10/11 10:54:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2011/10/11 10:54:56 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/10/11 10:54:56 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe
[2011/10/11 10:54:55 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe
[2011/10/11 10:54:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll
[2011/10/11 10:54:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/10/11 10:54:52 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2011/10/11 10:54:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/10/11 10:54:52 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/10/11 10:54:52 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2011/10/11 10:54:52 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2011/10/11 10:54:52 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/10/11 10:54:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
[2011/10/11 10:54:52 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/10/11 10:54:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll
[2011/10/11 10:54:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl
[2011/10/11 10:54:49 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/10/11 10:54:49 | 000,035,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/10/11 10:54:48 | 001,532,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2011/10/11 10:54:48 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2011/10/11 10:54:48 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2011/10/11 10:54:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll
[2011/10/11 10:54:47 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2011/10/11 10:54:47 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll
[2011/10/11 10:54:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll
[2011/10/11 10:54:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2011/10/11 10:54:47 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/10/11 10:54:47 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/10/11 10:54:47 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2011/10/11 10:54:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
[2011/10/11 10:54:46 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/10/11 10:54:46 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2011/10/11 10:54:46 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2011/10/11 10:54:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/10/11 10:54:45 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/10/11 10:54:45 | 000,349,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/10/11 10:54:45 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/10/11 10:54:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll
[2011/10/11 10:54:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/10/11 10:54:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe
[2011/10/11 10:54:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe
[2011/10/11 10:54:44 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/10/11 10:54:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/10/11 10:54:43 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll
[2011/10/11 10:54:42 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/10/11 10:54:42 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/10/11 10:54:42 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/10/11 10:54:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/10/11 10:54:42 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll
[2011/10/11 10:54:42 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll
[2011/10/11 10:54:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/10/11 10:54:41 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/10/11 10:54:41 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/10/11 10:54:41 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/10/11 10:54:41 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/10/11 10:54:41 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmProv.dll
[2011/10/11 10:54:41 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/10/11 10:54:41 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/10/11 10:54:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/10/11 10:54:41 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmCl.dll
[2011/10/11 10:54:40 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll
[2011/10/11 10:54:40 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/10/11 10:54:39 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/10/11 10:54:39 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll
[2011/10/11 10:54:38 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/10/11 10:54:38 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/10/11 10:54:38 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll
[2011/10/11 10:54:38 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll
[2011/10/11 10:54:38 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys
[2011/10/11 10:54:37 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll
[2011/10/11 10:54:37 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll
[2011/10/11 10:54:37 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/10/11 10:54:37 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/10/11 10:54:37 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll
[2011/10/11 10:54:36 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL
[2011/10/11 10:54:36 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/10/11 10:54:36 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/10/11 10:54:36 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/10/11 10:54:36 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
[2011/10/11 10:54:36 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2011/10/11 10:54:35 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL
[2011/10/11 10:54:35 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/10/11 10:54:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/10/11 10:54:33 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/10/11 10:54:33 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL
[2011/10/11 10:54:33 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2011/10/11 10:54:33 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2011/10/11 10:54:33 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll
[2011/10/11 10:54:32 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2011/10/11 10:54:32 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/10/11 10:54:32 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll
[2011/10/11 10:54:31 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/10/11 10:54:31 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/10/11 10:54:29 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll
[2011/10/11 10:54:26 | 000,842,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/10/11 10:54:26 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll
[2011/10/11 10:54:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe
[2011/10/11 10:54:18 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/10/11 10:54:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe
[2011/10/11 10:54:18 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe
[2011/10/11 10:54:17 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2011/10/11 10:54:17 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/10/11 10:54:17 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll
[2011/10/11 10:54:16 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/10/11 10:54:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/10/11 10:54:16 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll
[2011/10/11 10:54:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/10/11 10:54:15 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/10/11 10:54:15 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll
[2011/10/11 10:54:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys
[2011/10/11 10:54:14 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/10/11 10:54:14 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/10/11 10:54:14 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/10/11 10:54:14 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/10/11 10:54:14 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/10/11 10:54:13 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll
[2011/10/11 10:54:13 | 000,520,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/10/11 10:54:13 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/10/11 10:54:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll
[2011/10/11 10:54:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll
[2011/10/11 10:54:10 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr
[2011/10/11 10:54:08 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2011/10/11 10:54:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/10/11 10:54:07 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll
[2011/10/11 10:54:07 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2011/10/11 10:54:07 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/10/11 10:54:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/10/11 10:54:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/10/11 10:54:06 | 002,204,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/10/11 10:54:06 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2011/10/11 10:54:06 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2011/10/11 10:54:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe
[2011/10/11 10:54:06 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/10/11 10:54:05 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll
[2011/10/11 10:54:03 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/10/11 10:54:03 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/10/11 10:54:03 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe
[2011/10/11 10:54:02 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/10/11 10:54:02 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll
[2011/10/11 10:54:02 | 000,123,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2011/10/11 10:54:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2011/10/11 10:54:01 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/10/11 10:54:01 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2011/10/11 10:54:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2011/10/11 10:54:00 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll
[2011/10/11 10:53:59 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/10/11 10:53:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/11 10:53:59 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll
[2011/10/11 10:53:59 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe
[2011/10/11 10:53:58 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/10/11 10:53:58 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll
[2011/10/11 10:53:57 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/10/11 10:53:57 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/10/11 10:53:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2011/10/11 10:53:57 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/10/11 10:53:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll
[2011/10/11 10:53:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga64k.dll
[2011/10/11 10:53:56 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll
[2011/10/11 10:53:55 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL
[2011/10/11 10:53:55 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/10/11 10:53:55 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys
[2011/10/11 10:53:54 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2011/10/11 10:53:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/10/11 10:53:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll
[2011/10/11 10:53:54 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/10/11 10:53:54 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/10/11 10:53:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2011/10/11 10:53:53 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2011/10/11 10:53:53 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.dll
[2011/10/11 10:53:53 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/10/11 10:53:53 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/10/11 10:53:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\verifier.exe
[2011/10/11 10:53:53 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/10/11 10:53:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmredir.dll
[2011/10/11 10:53:53 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds_ps.dll
[2011/10/11 10:53:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsldr.exe
[2011/10/11 10:53:52 | 001,298,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
[2011/10/11 10:53:52 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tracerpt.exe
[2011/10/11 10:53:52 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TpmInit.exe
[2011/10/11 10:53:51 | 001,505,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/10/11 10:53:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2011/10/11 10:53:50 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/10/11 10:53:50 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/10/11 10:53:50 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2011/10/11 10:53:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsddd.dll
[2011/10/11 10:53:49 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2011/10/11 10:53:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TimeDateMUICallback.dll
[2011/10/11 10:53:48 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/10/11 10:53:48 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/10/11 10:53:47 | 002,588,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIHub.dll
[2011/10/11 10:53:47 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2011/10/11 10:53:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/10/11 10:53:45 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/10/11 10:53:44 | 000,736,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unbcl.dll
[2011/10/11 10:53:44 | 000,201,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/10/11 10:53:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattendedjoin.exe
[2011/10/11 10:53:43 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ucsvc.exe
[2011/10/11 10:53:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txfw32.dll
[2011/10/11 10:53:42 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\txflog.dll
[2011/10/11 10:53:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2011/10/11 10:53:41 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/11 10:53:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uexfat.dll
[2011/10/11 10:53:39 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2011/10/11 10:53:39 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ufat.dll
[2011/10/11 10:49:03 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2011/10/11 10:37:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/11 10:27:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\GrantPerms
[2011/10/10 22:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/10 01:55:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/10 01:55:27 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/10 01:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/10/10 01:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/10 01:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/10/10 01:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/10/09 23:21:07 | 000,061,440 | ---- | C] ( ) -- C:\Users\***\Desktop\VEW.exe
[2011/10/09 23:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/09 23:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/10/09 20:14:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2011/10/09 20:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/09 20:14:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/10/09 20:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/09 17:44:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2011/10/09 17:34:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/10/09 17:32:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/09 17:23:35 | 000,000,000 | ---D | C] -- C:\george
[2011/10/09 15:34:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Paralgl 101
[2011/10/09 15:34:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Paralgl 111
[2011/10/09 15:34:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Paralgl 108
[2011/10/09 13:39:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/09 13:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/09 01:25:49 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/09 01:25:49 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/09 01:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/09 01:25:47 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/09 01:25:47 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/09 01:25:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/09 01:25:45 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/09 01:25:07 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/09 01:25:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/09 01:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/09 01:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/09 01:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/09 01:00:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/09 01:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/09 00:17:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/09 00:12:48 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011/10/09 00:12:48 | 001,558,320 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2011/10/08 17:17:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2011/10/12 10:26:40 | 000,664,848 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 10:26:40 | 000,128,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 10:21:31 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2011/10/12 10:21:30 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2011/10/12 10:21:28 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/10/12 10:21:06 | 000,006,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 10:21:06 | 000,006,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 10:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 10:20:54 | 2145,431,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 03:10:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/10/12 01:20:14 | 000,145,920 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 21:38:20 | 237,153,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/11 12:35:41 | 000,000,945 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/11 12:18:01 | 000,323,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/11 11:41:19 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/10/11 11:41:14 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/10/11 11:32:11 | 000,196,608 | ---- | M] () -- C:\Windows\SPInstall.etl
[2011/10/11 10:48:06 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPWizUI.dll
[2011/10/11 10:48:06 | 000,047,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SPReview.exe
[2011/10/11 10:26:27 | 000,450,862 | ---- | M] () -- C:\Users\***\Desktop\GrantPerms.zip
[2011/10/11 01:59:58 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/11 01:57:44 | 000,087,412 | ---- | M] () -- C:\Users\***\Documents\regbackupofromcc.reg
[2011/10/10 22:51:46 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/10 22:03:00 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/10 01:55:27 | 003,598,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/10/10 01:55:27 | 003,545,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/10/10 01:32:50 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/10/09 23:21:07 | 000,061,440 | ---- | M] ( ) -- C:\Users\***\Desktop\VEW.exe
[2011/10/09 23:07:07 | 000,000,814 | ---- | M] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2011/10/09 17:34:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/09 13:36:05 | 000,001,973 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011/10/09 13:36:05 | 000,001,957 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/09 11:44:58 | 000,095,130 | ---- | M] () -- C:\avastbootlog.jpg
[2011/10/09 01:33:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/09 01:25:49 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/09 01:16:14 | 000,000,512 | ---- | M] () -- C:\Users\***\Documents\MBR.dat
[2011/10/09 01:00:22 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/08 23:59:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011/10/08 23:57:24 | 001,558,320 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2011/10/08 17:17:07 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011/09/30 01:29:46 | 000,028,884 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2011/09/28 20:13:54 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/17 01:15:26 | 000,001,288 | ---- | M] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk

========== Files Created - No Company Name ==========

[2011/10/11 21:37:38 | 237,153,757 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/10/11 10:57:55 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011/10/11 10:56:55 | 000,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/10/11 10:56:43 | 000,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/10/11 10:56:40 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011/10/11 10:56:34 | 000,009,987 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/10/11 10:56:34 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2011/10/11 10:56:34 | 000,000,150 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/10/11 10:56:08 | 000,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/10/11 10:56:07 | 000,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/10/11 10:55:19 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011/10/11 10:55:14 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/10/11 10:55:06 | 000,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/10/11 10:54:59 | 000,195,122 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/10/11 10:54:26 | 000,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/10/11 10:54:01 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/10/11 10:48:09 | 000,196,608 | ---- | C] () -- C:\Windows\SPInstall.etl
[2011/10/11 10:26:40 | 000,450,862 | ---- | C] () -- C:\Users\***\Desktop\GrantPerms.zip
[2011/10/11 01:57:32 | 000,087,412 | ---- | C] () -- C:\Users\***\Documents\regbackupofromcc.reg
[2011/10/10 22:51:46 | 000,002,451 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/10 22:51:46 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/10/10 01:32:50 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/10/09 23:07:07 | 000,000,814 | ---- | C] () -- C:\Users\***\Desktop\SpywareBlaster.lnk
[2011/10/09 20:14:31 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/09 13:36:05 | 000,001,973 | ---- | C] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011/10/09 13:36:05 | 000,001,957 | ---- | C] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/09 11:44:58 | 000,095,130 | ---- | C] () -- C:\avastbootlog.jpg
[2011/10/09 01:25:49 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/09 01:16:14 | 000,000,512 | ---- | C] () -- C:\Users\***\Documents\MBR.dat
[2011/10/09 01:00:22 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 00:26:22 | 2145,431,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/17 01:15:03 | 000,001,288 | ---- | C] () -- C:\Users\***\Desktop\Vids - Shortcut.lnk
[2011/06/28 16:02:00 | 000,000,173 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/06/14 22:12:13 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2010/02/05 12:22:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\prvlcl.dat
[2010/01/27 14:47:37 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/12/22 03:27:40 | 000,018,073 | ---- | C] () -- C:\Windows\CSTBox.INI
[2009/07/10 15:36:11 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/03/23 18:54:34 | 000,172,175 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/10/23 01:07:31 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI
[2008/10/22 01:24:30 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2008/08/18 16:08:21 | 000,133,329 | ---- | C] () -- C:\Windows\hppins20.dat
[2008/08/18 16:07:49 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2008/06/26 00:26:36 | 000,007,431 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/05/01 00:00:37 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2008/01/27 03:34:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/09 22:31:11 | 000,006,272 | ---- | C] () -- C:\Windows\System32\drivers\ASLM75.SYS
[2008/01/07 01:53:35 | 000,000,287 | ---- | C] () -- C:\Windows\game.ini
[2008/01/06 18:28:29 | 000,145,920 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/05 22:41:36 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008/01/05 22:33:51 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2008/01/05 22:18:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/01/05 22:16:50 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/03 17:18:02 | 000,001,462 | ---- | C] () -- C:\Windows\mozver.dat
[2008/01/03 15:34:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/03 15:15:53 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008/01/03 15:15:47 | 000,028,884 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2007/12/23 11:51:12 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/12/23 11:51:12 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/12/23 11:50:44 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2007/12/23 11:48:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2006/11/10 15:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,323,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,664,848 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,128,592 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:62E2D794

< End of report >

==================================================================================================================================================================

And now the Extras log:

OTL Extras logfile created on: 10/12/2011 10:27:03 AM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.28% Memory free
4.23 Gb Paging File | 2.91 Gb Available in Paging File | 68.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.21 Gb Total Space | 12.45 Gb Free Space | 12.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.57 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive E: | 565.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SCHOOLAPTOP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3526270071-1006874356-967301786-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F949595-4125-432E-8D53-A67BFD3020C9}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{13BBA6C7-56F7-4120-918B-980BAFE71E39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F8C76C1-9DFF-4806-BD85-1E5C249D3ED6}" = lport=137 | protocol=17 | dir=in | name=netbios name service |
"{23963DFE-E31C-49F3-9D34-D0BD2721F8A0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3B9DAC19-AA44-4610-BB84-381B0CED6748}" = lport=10421 | protocol=17 | dir=in | name=singleclick discovery protocol |
"{46105DA7-98E7-478C-865B-F3B6FC723EF2}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5CCE72DA-05F6-4E41-8A6B-65BFFB010D15}" = lport=139 | protocol=6 | dir=in | name=netbios file/printer sharing |
"{6303ACF3-A28E-41CF-8B76-3B0C4978A64C}" = lport=138 | protocol=17 | dir=in | name=netbios datagram service |
"{6C8E1351-16BC-4AD6-854C-35B1EE3ED977}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6D08E511-29DC-4E6B-9D03-490517E989EF}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{719C2947-3E86-448E-8D29-A5681AECF1F1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{78F822F8-B793-41CF-AC9A-C1117B1FA1C1}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{9721A575-AF3B-49CA-A922-95719C185BF8}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{9E259204-FCA4-4921-A8F4-C8129B27F456}" = lport=10426 | protocol=17 | dir=in | name=singleclick icc |
"{A08E53B7-EE35-465A-8392-6C234C6F4C5E}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7200D65-9A33-40F6-9615-AD5ACE7BD843}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C09D165B-10B3-4B67-90E3-200CED2E09A9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C27B26CF-D1F9-4F33-8BA9-796174C80E21}" = lport=445 | protocol=6 | dir=in | name=microsoft directory services |
"{D718E7FE-C512-400D-A410-D9F12465E85B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0233910E-AD15-4E54-9AA5-7D431F921F8A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09B8D017-6658-4804-A4F9-0F2E1A06910D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11F490F7-8294-4BB5-B433-E12115BA2F1B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13427B25-FA25-49B3-81FD-554D3C3A6691}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{25000507-37C6-4BBE-B40B-328307264DF8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C18517B-1958-47C8-9732-D46756888C33}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2ED0AE49-B5CE-48EC-8404-C45BAE6D3333}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4669D401-A058-47B1-8C3B-18EFBA7C9E41}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5B09A3D7-A681-4B8B-9491-74B030D7795C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C5F37F2-370F-4F0C-B8A3-19D912D62173}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67CEBBB7-C82B-4C03-9E7D-B7A21AF972A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69F34570-9387-4F47-A195-E9D6A1D636E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B21FC53-8C24-4A4D-9FA5-EB4E97AE600E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FD603D5-107D-40C9-8A14-20A293AA3223}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{85EE62F0-5D88-49E9-BED5-787E80367024}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D4FF3FD-1203-493C-96E1-9B2E043DC502}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8D5A63FC-E287-478D-9958-86CF3A70166F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90BF4F4B-7815-460B-A643-BF008C008429}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A173989D-51DE-4E60-8766-00CB05AE9D07}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AA08E7F1-7763-4081-9EA8-7FD72C99CC81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BE3B0B33-61D6-469B-9F8E-15B45A633D9C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C08AF392-B49A-4875-9DD9-87F121495ECF}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{D19CB956-5440-4E0F-8707-00B2FC6C6D4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D3F3FAF6-B4CB-41CD-9B97-8EB9C0D55649}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DC50BF77-9C07-4818-8790-8CDDAAE1F960}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FF320EF7-5E61-47BB-B5B5-73FF962D3C91}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1E516C7E-2312-4409-AE89-B76A39A68DD6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4312A57D-5F98-4002-B257-94F7DAA8C844}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{93F34E41-1FFE-4422-8F7C-FF5F72FA0A77}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{B1983687-3D75-426A-B2D4-F7B8C12B8E2E}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"TCP Query User{C190EB1C-1C37-48D2-9560-F1ED47E2EA05}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E132DDCA-6CED-4D97-8FD8-D06A55A4A402}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{40D3C31B-EDB8-47BB-8ACD-FF284877FDEE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7BE57FAF-DBC9-41DB-9AF5-C914BF4F7194}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |
"UDP Query User{8E99DF96-0C13-4B85-BD01-2879E94642B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{95CF6223-8A06-4C10-9458-5EF90D26BD42}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C0454706-FA46-4EE9-92EE-36CBCF4CBBAC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{D52F904B-CF3E-44A3-81E0-F1C9821FBCF0}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI 1.7
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty® 2 Patch 1.3
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92DF1607-ABCD-4511-8095-2436D94E952C}" = Microsoft DirectX SDK (March 2008)
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4346951-3962-4C93-9A49-79A62AD8A632}" = Droid Explorer 0.8.7.2 (x86)
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FB75E2EF-6016-4EF3-B954-F2C2A6EE5026}" = Microsoft Games for Windows - LIVE Redistributable
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ASUS Probe V2.25.02" = ASUS Probe V2.25.02
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"BlackBerry_{3EDE8B6E-FC21-48E7-A1A7-D2AC5D1F3040}" = BlackBerry Desktop Software 4.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Chopper_is1" = Chopper XP 2.7
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"CoreAAC" = CoreAAC
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Shrink_is1" = DVD Shrink 3.2
"FLV Player" = FLV Player 2.0, build 24
"FLV Player2.0.25" = FLV Player
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"ImgBurn" = ImgBurn (Remove Only)
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"O1BPLPPC" = Battery Pack Lite (Pocket PC) from Omega One
"RADVideo" = RAD Video Tools
"RivaTuner" = RivaTuner v2.06
"Shareaza_is1" = Shareaza 2.5.3.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Dell Touchpad
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WavePad" = WavePad Uninstall
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2011 2:10:18 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll_unloaded, version 0.0.0.0, time stamp
0x46a74f0c, exception code 0xc0000005, fault offset 0x02d822e0, process id 0xb28,
application start time 0x01cc87133802349a.

Error - 10/10/2011 2:58:07 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll, version 0.0.0.0, time stamp 0x46a74f0c,
exception code 0xc0000005, fault offset 0x001318ef, process id 0xd44, application
start time 0x01cc8719eef21e3a.

Error - 10/10/2011 3:14:56 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll, version 0.0.0.0, time stamp 0x46a74f0c,
exception code 0xc0000005, fault offset 0x000418ef, process id 0x1048, application
start time 0x01cc871c497f0c3a.

Error - 10/10/2011 3:15:39 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll_unloaded, version 0.0.0.0, time stamp
0x46a74f0c, exception code 0xc0000005, fault offset 0x029fc112, process id 0xe9c,
application start time 0x01cc871c517ca41a.

Error - 10/10/2011 3:15:42 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll, version 0.0.0.0, time stamp 0x46a74f0c,
exception code 0xc0000005, fault offset 0x0012c12c, process id 0x1254, application
start time 0x01cc871c6ba14c6a.

Error - 10/10/2011 3:16:03 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module xvidcore.dll, version 0.0.0.0, time stamp 0x46a74f0c,
exception code 0xc0000005, fault offset 0x00131468, process id 0x518, application
start time 0x01cc871c753318da.

Error - 10/11/2011 2:07:05 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x048492ba, process id 0x6b4, application start time
0x01cc87dbd4713f08.

Error - 10/11/2011 3:35:38 PM | Computer Name = schoolaptop | Source = ESENT | ID = 215
Description = WinMail (924) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 10/12/2011 12:39:26 AM | Computer Name = schoolaptop | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x01c49bd2, process id 0x6f4, application start time
0x01cc8898cb5bc477.

[ Broadcom Wireless LAN Events ]
Error - 10/9/2011 3:28:23 AM | Computer Name = schoolaptop | Source = WLAN-Tray | ID = 0
Description = 00:28:23, Sun, Oct 09, 11 Error - Unable to gain access to user store

[ System Events ]
Error - 10/12/2011 1:21:51 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:51 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7009
Description =

Error - 10/12/2011 1:21:51 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:52 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:53 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:54 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:55 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:56 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:57 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2011 1:21:57 PM | Computer Name = schoolaptop | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#24
RKinner

Posted 12 October 2011 - 12:15 PM

Malware Expert

Expert
24,625 posts

Are you downloading with this:

O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)

or some other download manager? That often causes the problem. See if uninstalling it helps.

Ron

#25
monsieurd

Posted 12 October 2011 - 12:38 PM

Member

Topic Starter
Member
17 posts

No effect.

Also, I've now noticed that if I use Firefox to download .exe files the download process terminates before the file is downloaded. I tried downloading CCLeaner and Spybot, in their .exe format, and the download terminated before completion. No other file extension seems to be affected since I was able to download tdsskiller.zip just to test the browser.

If I do this with Chrome, my default browser, I can download those same files, but with that "Unblock" feature attached to it.

Edited by monsieurd, 12 October 2011 - 12:43 PM.

#26
RKinner

Posted 12 October 2011 - 01:40 PM

Malware Expert

Expert
24,625 posts

You are still at SP1. Can you upgrade to SP2?

Ron

#27
monsieurd

Posted 12 October 2011 - 08:42 PM

Member

Topic Starter
Member
17 posts

I did successfully update to SP2, but no change. I even tried uninstalling, then reinstalling Firefox 7.01, but no dice, it still won't download .exe files/

#28
RKinner

Posted 12 October 2011 - 10:24 PM

Malware Expert

Expert
24,625 posts

See the bottom of this page:

http://support.mozil...d or save files

#29
monsieurd

Posted 13 October 2011 - 02:42 AM

Member

Topic Starter
Member
17 posts

Hey RKinner, that seemed to have done the trick, I can now download .exe files with firefox, and I can now click and run those applications without a Windows error warning (though I still get a box asking for my permission to run it). Either that, or perhaps this problem was due to an AVG plug-in that I also disabled in Firefox that for some reason did not uninstall when I uninstalled AVG.

Anyway, I believe that is it then. If so, thank you very much for your help, you guys are a godsend!

Edited by monsieurd, 13 October 2011 - 02:46 AM.

#30
RKinner

Posted 15 October 2011 - 12:43 PM

Malware Expert

Expert
24,625 posts

I'm not really supposed to delete topics tho I can. What I did instead was edit the topic to remove your full name and replace it with ***. That should take care of any privacy concerns tho I should warn you that sites like google will cache copies of websites and there is not much we can do about it after the fact.