Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit / hacker problem [Solved]

Started by _The_Nothing_ , Mar 20 2010 03:02 AM

  • This topic is locked This topic is locked

#1
_The_Nothing_
Posted 20 March 2010 - 03:02 AM

_The_Nothing_

    Member

  • Member
  • PipPip
  • 72 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:51:01 AM, on 3/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Process Hacker\ProcessHacker.exe
C:\Program Files\UnHackMe\gwebupdate.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\leave me alone\Desktop\RootRepeal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\MGtools\analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...rio&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Process Hacker] "C:\Program Files\Process Hacker\ProcessHacker.exe" -m
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onec...s/wlscctrl2.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8021 bytes
  • 0

Advertisements

#2
_The_Nothing_
Posted 20 March 2010 - 03:16 AM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
sorry the scan just got done and they keep kicking off my connection so I can't post lol if i'm really on this site

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/03/20 03:40
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x90D01000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x90CF6000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA13D9000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{0a013865-33ea-11df-a764-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0bfa1fde-31f8-11df-b36a-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2b950bb0-31f6-11df-87dd-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{34f16c9c-32c4-11df-b1e7-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{4c9d04c0-16b5-11cc-97c8-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b10c4bc-31fd-11df-8184-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6b10c4e1-31fd-11df-8184-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8ad4b917-337f-11df-bdc5-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9376e08f-3252-11df-88fc-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a2955-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a2959-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d3a295d-32c6-11df-91c4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a55a6416-3124-11df-9b04-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b3416dea-318c-11df-8963-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b341706c-318c-11df-8963-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e371089e-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710972-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710986-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e3710994-331d-11df-8b27-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb32275-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb322a0-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebb322a8-3380-11df-8ff4-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f56c1003-33e4-11df-808a-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a55a6507-3124-11df-9b04-001f16d01c66}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.1.6001.22000_none_449cd701f2cb8c19\$$DeleteMe.fundisc.dll.01cac4d81d346e13.003a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01cac4d81fc56993.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01cac4d81d027133.0038
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01cac4d81b47b173.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01cac07a48f89c20.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01cac4d81f0238d3.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiodg.exe.01cac4d81b4ed593.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.AudioSes.dll.01cac4d81ecdda93.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769fc426e49fbfda\$$DeleteMe.audiosrv.dll.01cac4d81f95ce13.008b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01cac4d81f4740b3.007e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01cac4d81ea7c493.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-azman_31bf3856ad364e35_6.0.6001.18000_none_56571935b2b95c99\$$DeleteMe.azroles.dll.01cac4d81b408d53.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936cef65a88f\$$DeleteMe.bcrypt.dll.01cac4d81b6904b3.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\$$DeleteMe.qmgr.dll.01cac4d81e3f0813.005a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b16c3d098f004f58\$$DeleteMe.bitsigd.dll.01cac4d81e05e713.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01cac4d81f910b53.008a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40dcad71051f6\$$DeleteMe.Query.dll.01cac4d81e30bfd3.0057
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..fe-catsrvut-comsvcs_31bf3856ad364e35_6.0.6001.18000_none_72c2652d9fddfafd\$$DeleteMe.comsvcs.dll.01cac4d81ef8b353.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71173946e986845\$$DeleteMe.diagperf.dll.01cac4d822188153.00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01cac4d823955d53.00b9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01cac4d81d9d2a93.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\$$DeleteMe.rpcss.dll.01cac07a42230980.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\$$DeleteMe.rpcss.dll.01cac4d81f8785d3.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01cac4d81d5ce573.003e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01cac4d821c79293.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374cc18eed7408\$$DeleteMe.credui.dll.01cac4d81abb4053.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01cac4d81f1543d3.0075
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\$$DeleteMe.cryptsvc.dll.01cac4d81d93a513.0045
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414bd31fb37\$$DeleteMe.uxsms.dll.01cac4d821a8a0b3.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dfsr-core-clientonly_31bf3856ad364e35_6.0.6001.18000_none_b6798caa9a04157b\$$DeleteMe.dfsr.exe.01cac4d81e0d0b33.0054
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01cac4d821ad6373.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01cac4d81ace4b53.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01cac4d81e299bb3.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01cac4d81b324513.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\$$DeleteMe.winrnr.dll.01cac4d822377333.00a9
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsapi.dll.01cac4d81b15b493.0016
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\$$DeleteMe.dnsrslvr.dll.01cac4d81bf31473.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01cac4d81ace4b53.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01cac4d822115d33.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll.01cac4d81f238c13.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01cac4d81eb14a13.0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c654a3267\$$DeleteMe.wevtapi.dll.01cac4d81ad30e13.000f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01cac4d81b408d53.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.0.6001.18000_none_2076b21605e43be9\$$DeleteMe.wer.dll.01cac4d81db03593.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01cac4d821d37973.009f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18000_none_79cbf36190e59fa9\$$DeleteMe.wersvc.dll.01cac07a40364ce0.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b70991018b47\$$DeleteMe.wersvc.dll.01cac4d81effd773.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-font-truetype-meiryo_31bf3856ad364e35_6.0.6000.16386_none_7228d3744a853f0e\$$DeleteMe.meiryo.ttc.01cac07a29758840.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee04971f856\$$DeleteMe.gdi32.dll.01cac4d81f12e273.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18000_none_a9d318785a865d4c\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18344_none_a9abdfa25aa329e1\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18005_none_abbe918457a82898\$$DeleteMe.lpk.dll.01cac4d821df6053.00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01cac4d81e3a4553.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18000_none_f5ac3cff9d4bd9d3\$$DeleteMe.httpapi.dll.01cac245a51cd3bc.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18356_none_f57c34d19d6ef507\$$DeleteMe.httpapi.dll.01cac4d81fbe4573.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.01cac07a4630e100.0020
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..mentation.resources_31bf3856ad364e35_6.0.6000.16386_en-us_1619e9095cbe2181\$$DeleteMe.wininet.dll.mui.01cac07a466a0200.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a945c1d1\$$DeleteMe.locale.nls.01cac4d8222dedb3.00a7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.18000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll.01cac4d81652f493.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll.01cac07a45a20e80.001e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\$$DeleteMe.iertutil.dll.01cac07a45b9dc40.001f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01cac4d81bb2cf53.002a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e2bb384bf01\$$DeleteMe.msi.dll.01cac4d81b265e33.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01cac07a40b475c0.0013
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01cac4d81bae0c93.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01cac4d81e30bfd3.0058
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01cac4d81690d853.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01cac4d816613cd3.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01cac4d816a3e353.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-components-jetcore_31bf3856ad364e35_6.0.6001.18000_none_048ebb9ba7b2fc3a\$$DeleteMe.msjet40.dll.01cac4d81bdda813.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsasrv.dll.01cac07a403d7100.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01cac07a42c285a0.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.secur32.dll.01cac07a404957e0.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjint40.dll.01cac4d81d6b2db3.0040
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.msjter40.dll.01cac4d81f06fb93.0071
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..mponents-jetintlerr_31bf3856ad364e35_6.0.6000.16386_none_0d3a1215c37f298f\$$DeleteMe.mswstr10.dll.01cac4d81d809a13.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..s-components-jetole_31bf3856ad364e35_6.0.6001.18000_none_7750886b9104ab81\$$DeleteMe.msjetoledb40.dll.01cac4d81b09cdb3.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..ss-components-jetes_31bf3856ad364e35_6.0.6001.18000_none_36b216b9cce86273\$$DeleteMe.msjtes40.dll.01cac4d81df2dc13.0050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\$$DeleteMe.WMVCORE.DLL.01cac4d81fb72153.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98ad53755122\$$DeleteMe.mfplat.dll.01cac4d81af6c2b3.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_55044397b961da8a\$$DeleteMe.MMDevAPI.dll.01cac4d821fe5233.00a3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84ec53049b39\$$DeleteMe.mprapi.dll.01cac4d81ac00313.000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c97257f151a1\$$DeleteMe.mpr.dll.01cac4d81d7975f3.0042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353cea8765257\$$DeleteMe.msasn1.dll.01cac07a2cd7fcc0.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c\$$DeleteMe.msasn1.dll.01cac4d81ecdda93.006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01cac4d81f095cf3.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01cac4d81df53d73.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d47896e90b40\$$DeleteMe.msxml3.dll.01cac07a498e92c0.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18306_none_8874480896d0b1bb\$$DeleteMe.msxml3.dll.01cac4d81f8c4893.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\$$DeleteMe.msxml6.dll.01cac07a49876ea0.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\$$DeleteMe.msxml6.dll.01cac4d8224cdf93.00ab
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.FwRemoteSvr.dll.01cac4d81e782913.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.FwRemoteSvr.dll.01cac4d81e782913.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01cac4d81dcf2773.004d
Status: Locked to the Windows API!

PProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1164 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x882f2600

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x882f26c0

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e77a0

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x88e556c0

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x88bf8db0

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x88522650

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8c9a6

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8cb98

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x884bcf80

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x891743f0

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x88bf8e90

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x880db990

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e7600

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x88522740

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x882f2540

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8776a8f0

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x881e7520

#: 184 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x88522570

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x880dbb30

#: 195 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x89178548

#: 197 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x885223b0

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x880dba60

#: 210 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x88bf8cc0

#: 282 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8875c3a8

#: 289 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x91fd5440

#: 305 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x91fd5500

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x88bf8f70

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x88522490

#: 331 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x882f2780

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8c656

#: 335 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x91fd5380

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x91fd55d0

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x881e76d0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x88bf8bc0

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x89f8cda0

Shadow SSDT
-------------------
#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "<unknown>" at address 0x87b0e3d8

#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x87b14428

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "<unknown>" at address 0x877673d8

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "<unknown>" at address 0x86589820

#: 442 Function Name: NtUserGetRawInputData
Status: Hooked by "<unknown>" at address 0x88ba49a8

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "<unknown>" at address 0x87a77eb0

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "<unknown>" at address 0x88ba22f0

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "<unknown>" at address 0x87a77f80

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "<unknown>" at address 0x88ba1240

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "<unknown>" at address 0x88ba12c8

==EOF==
  • 0

#3
azarl
Posted 26 March 2010 - 02:46 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

» Step 1 «
ComboFix
Download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Antivirus and Antispyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

» Step 2 «
Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
«®»
  • 0

#4
_The_Nothing_
Posted 26 March 2010 - 12:32 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
OTL logfile created on: 3/26/2010 12:57:10 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 109.19 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.74 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.56 Gb Free Space | 7.54% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
PRC - [2010/03/16 15:44:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/09 17:09:24 | 001,186,016 | ---- | M] (Greais Software) -- C:\Program Files\UnHackMe\GWebUpdate.exe
PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/26 12:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 14:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/23 14:46:31 | 000,000,000 | ---D | M]

[2010/03/11 03:23:05 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Extensions
[2010/03/26 02:22:48 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions
[2010/03/13 03:51:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 03:02:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/21 17:18:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/26 12:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe (AnalogX, LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Process Hacker] C:\Program Files\Process Hacker\ProcessHacker.exe (wj32)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.180.99.2 216.180.122.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/14 00:29:38 | 000,000,016 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/26 12:47:53 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\temp
[2010/03/26 12:47:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/26 12:30:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/26 12:30:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/26 12:30:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/26 12:30:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/26 12:30:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 12:29:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/26 12:26:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/26 00:52:50 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Desktop\New Folder
[2010/03/25 02:24:42 | 001,105,120 | ---- | C] (Piriform Ltd) -- C:\Users\leave me alone\Desktop\spsetup100.exe
[2010/03/24 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Documents\SnagIt
[2010/03/24 13:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/03/24 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\TechSmith
[2010/03/24 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/03/24 13:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/24 02:20:51 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\ComodoGroup
[2010/03/24 02:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/03/24 01:37:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Vidalia
[2010/03/24 01:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/23 01:11:13 | 000,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\TFC.exe
[2010/03/21 22:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/21 01:05:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Tor
[2010/03/21 01:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2010/03/20 19:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\AnalogX
[2010/03/20 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Auslogics
[2010/03/20 13:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/03/20 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\dwhelper
[2010/03/20 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/20 03:15:41 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Simply Super Software
[2010/03/19 03:42:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/19 03:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/19 02:29:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\PC Tools
[2010/03/19 01:04:10 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Lunarsoft
[2010/03/19 01:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2010/03/18 14:10:28 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Uniblue
[2010/03/18 14:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/03/18 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\WinRAR
[2010/03/18 14:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/17 12:53:53 | 000,206,256 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/17 12:53:53 | 000,086,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/17 12:53:40 | 000,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\Windows\System32\drivers\AVHook.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\Windows\System32\drivers\AVFilter.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\Windows\System32\drivers\AVRec.sys
[2010/03/17 12:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/17 12:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2010/03/17 02:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2010/03/16 18:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/03/16 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/03/16 13:31:02 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\ElevatedDiagnostics
[2010/03/16 13:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/03/16 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/03/16 01:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/16 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/03/15 13:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/15 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/15 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\FreeFixer
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\FreeFixer
[2010/03/15 01:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/03/14 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/03/14 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/03/14 16:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/14 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/14 15:36:30 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/03/14 01:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\S.N.Safe&Software
[2010/03/13 17:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/13 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\DoctorWeb
[2010/03/13 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/12 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\URSoft
[2010/03/12 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2008

========== Files - Modified Within 14 Days ==========

[2010/03/26 12:57:17 | 001,835,008 | -HS- | M] () -- C:\Users\leave me alone\ntuser.dat
[2010/03/26 12:55:00 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
[2010/03/26 12:43:07 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/26 12:22:23 | 003,903,349 | R--- | M] () -- C:\Users\leave me alone\Desktop\fixme.exe
[2010/03/26 12:18:29 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/26 12:14:41 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/26 12:14:39 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/26 12:14:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 12:14:16 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/26 12:13:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/26 12:13:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/26 12:12:51 | 000,524,288 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/26 12:12:51 | 000,065,536 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/26 12:12:46 | 003,320,535 | -H-- | M] () -- C:\Users\leave me alone\AppData\Local\IconCache.db
[2010/03/26 03:37:22 | 000,313,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/26 01:39:28 | 003,058,654 | ---- | M] () -- C:\Users\leave me alone\Desktop\3-26-2010 1-38-52 AM.bmp
[2010/03/26 01:38:35 | 000,075,832 | ---- | M] () -- C:\Users\leave me alone\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/25 02:25:16 | 001,105,120 | ---- | M] (Piriform Ltd) -- C:\Users\leave me alone\Desktop\spsetup100.exe
[2010/03/25 02:19:44 | 000,038,075 | ---- | M] () -- C:\Users\leave me alone\Desktop\index.php.htm
[2010/03/23 02:12:55 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/03/23 00:54:05 | 000,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/03/21 01:33:03 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/21 01:33:03 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/21 01:33:03 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/16 18:15:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 13:19:22 | 002,293,760 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/15 14:40:35 | 000,035,621 | ---- | M] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | M] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | M] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | M] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | M] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 14:33:20 | 000,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys

========== Files Created - No Company Name ==========

[2010/03/26 12:30:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/26 12:30:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/26 12:30:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/26 12:30:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/26 12:30:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/26 12:25:13 | 003,903,349 | R--- | C] () -- C:\Users\leave me alone\Desktop\fixme.exe
[2010/03/26 01:38:52 | 003,058,654 | ---- | C] () -- C:\Users\leave me alone\Desktop\3-26-2010 1-38-52 AM.bmp
[2010/03/25 02:19:42 | 000,038,075 | ---- | C] () -- C:\Users\leave me alone\Desktop\index.php.htm
[2010/03/24 02:21:05 | 000,017,664 | ---- | C] () -- C:\Windows\System32\drivers\EnumProcessesDriver.sys
[2010/03/20 03:15:41 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/03/20 03:15:41 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/03/20 03:15:41 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/03/20 03:15:41 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/03/17 12:53:53 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/16 18:15:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/16 13:18:45 | 002,293,760 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 01:45:02 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/03/16 01:45:01 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/03/16 01:44:55 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/03/16 01:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/16 01:44:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/16 01:44:52 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/03/16 01:44:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/03/16 01:44:46 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/03/16 01:44:37 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/03/16 01:44:35 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/03/16 01:44:09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/03/15 14:40:34 | 000,035,621 | ---- | C] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | C] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | C] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | C] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | C] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/03/12 12:46:15 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/12 02:56:33 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\QSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\DSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\AtStart.txt
[2010/03/09 17:12:54 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/09 17:12:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/09 17:12:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/09 17:11:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/09 17:10:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/09 17:10:36 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 07:27:52 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 07:21:52 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 07:19:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 07:18:27 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/03/20 13:38:01 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Auslogics
[2010/03/15 02:35:12 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\FreeFixer
[2010/03/10 03:25:55 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Process Hacker
[2008/04/21 08:39:24 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Simply Super Software
[2010/03/18 14:18:43 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Uniblue
[2010/03/12 13:53:18 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\URSoft
[2010/03/26 12:12:53 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/26 12:55:00 | 000,000,440 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:B3D74A13
< End of report >





OTL Extras logfile created on: 3/26/2010 12:57:10 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 109.19 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.74 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.56 Gb Free Space | 7.54% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{284289C5-CCA6-40EF-AA01-E5651B6DB83B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{74479465-BBFE-4EB5-8D33-805D7A2E2680}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B630EEC1-2091-40F5-8B06-CDC8E1987AA8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{ED5344BB-D7A2-47A4-9A76-BB7B8C2F6260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EED59F82-F238-4260-AB51-DA393F916824}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2808065-4945-419C-AEBA-18901C8193D4}" = COMODO Cloud Scanner
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnalogX CookieWall" = AnalogX CookieWall
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Greatis Reanimator_is1" = RegRun Reanimator
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker_is1" = Process Hacker 1.11
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnHackMe_is1" = UnHackMe 5.70 release
"WildTangent hp Master Uninstall" = My HP Games
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 3:38:56 PM | Computer Name = leavemealone-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\peerblock.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/24/2010 4:05:05 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 4:07:57 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 1:59:49 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 3:46:07 AM | Computer Name = leavemealone-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\peerblock.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/25/2010 4:13:00 AM | Computer Name = leavemealone-PC | Source = Application Error | ID = 1000
Description = Faulting application ProcessHacker.exe, version 1.11.0.0, time stamp
0x4b5c152b, faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xe053534f, fault offset 0x0003fbae, process id 0x4Ôù 4Ôù , application
start time 0x4Ôù 4Ôù .

Error - 3/25/2010 4:20:27 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 4:23:27 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 1:16:57 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 3:44:55 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/26/2010 4:37:51 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 4:37:51 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2010 5:23:39 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 5:23:39 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2010 12:38:41 PM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 12:38:41 PM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

had to upload the combo-fix log said it was marked for deletion bad reg key
  • 0

#5
_The_Nothing_
Posted 26 March 2010 - 12:39 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
lol my connection keeps getting reset when I try and upload the combo fix log and I can't open it back up with edit or winword says marked for deletion illegal operation attempt on reg key that has been marked for deletion
also it's to large for upload
  • 0

#6
_The_Nothing_
Posted 26 March 2010 - 01:37 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
lol here ya go couldn't open up the log so I went to portable apps and got a portable notepad editor and save it as an nfo and reopened it up lol and copied it sorry it took so long but here it is oh yeah I found a AUTORUN.INF on one of my flash drives I can't delete it might be part of the problem



ComboFix 10-03-26.01 - leave me alone 03/26/2010 12:33:10.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2814.1868 [GMT -5:00]
Running from: c:\users\leave me alone\Desktop\fixme.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-151925211-960758612-2286447814-500

.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 17:42 . 2010-03-26 17:43 -------- d-----w- c:\users\leave me alone\AppData\Local\temp
2010-03-26 17:42 . 2010-03-26 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-26 17:14 . 2010-02-12 23:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-03-26 17:14 . 2010-02-02 01:20 165240 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-03-24 18:09 . 2010-03-24 18:09 -------- d-----w- c:\programdata\TechSmith
2010-03-24 18:09 . 2010-03-24 18:09 -------- d-----w- c:\users\leave me alone\AppData\Local\TechSmith
2010-03-24 18:09 . 2010-03-24 18:09 -------- d-----w- c:\program files\TechSmith
2010-03-24 18:07 . 2010-03-24 18:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-24 07:21 . 2009-12-07 14:49 17664 ----a-w- c:\windows\system32\drivers\EnumProcessesDriver.sys
2010-03-24 07:20 . 2010-03-24 07:20 -------- d-----w- c:\users\leave me alone\AppData\Roaming\ComodoGroup
2010-03-24 07:17 . 2010-03-24 07:19 -------- d-----w- c:\program files\COMODO
2010-03-24 06:37 . 2010-03-24 06:37 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Vidalia
2010-03-24 06:31 . 2010-03-24 06:31 -------- d-----w- c:\program files\trend micro
2010-03-24 06:01 . 2010-03-06 00:55 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\Scxpx86.dll
2010-03-24 06:01 . 2010-03-06 00:55 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSxpx86.dll
2010-03-24 06:01 . 2010-03-06 00:55 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSviA64.sys
2010-03-24 06:01 . 2010-03-06 00:55 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSvix86.sys
2010-03-24 06:01 . 2010-03-06 00:55 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100317.002\IDSXpx86.sys
2010-03-22 03:08 . 2010-03-22 03:14 -------- d-----w- c:\program files\CCleaner
2010-03-21 06:05 . 2010-03-24 06:37 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Tor
2010-03-21 06:05 . 2010-03-24 06:37 -------- d-----w- c:\program files\Vidalia Bundle
2010-03-21 00:31 . 2010-03-21 00:31 -------- d-----w- c:\program files\AnalogX
2010-03-20 18:38 . 2010-03-20 18:38 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Auslogics
2010-03-20 18:37 . 2010-03-20 18:37 -------- d-----w- c:\program files\Auslogics
2010-03-20 17:00 . 2010-03-21 06:05 -------- d-----w- c:\users\leave me alone\dwhelper
2010-03-20 08:15 . 2010-03-20 08:15 -------- d-----w- c:\programdata\Simply Super Software
2010-03-20 08:15 . 2008-03-17 22:28 576592 ----a-w- c:\users\leave me alone\AppData\Roaming\Simply Super Software\Trojan Remover\trupd.exe
2010-03-20 08:15 . 2008-04-21 13:39 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Simply Super Software
2010-03-20 08:15 . 2006-06-19 18:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-03-20 08:15 . 2006-05-25 20:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-03-20 08:15 . 2005-08-26 06:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-03-20 08:15 . 2003-02-03 01:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-03-20 08:15 . 2002-03-06 06:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-03-19 08:21 . 2010-03-19 08:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-19 07:29 . 2010-03-19 07:29 -------- d-----w- c:\users\leave me alone\AppData\Roaming\PC Tools
2010-03-19 06:04 . 2010-03-19 06:04 -------- d-----w- c:\users\leave me alone\AppData\Local\Lunarsoft
2010-03-19 06:04 . 2010-03-19 06:04 -------- d-----w- c:\program files\Lunarsoft
2010-03-18 19:10 . 2010-03-18 19:18 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Uniblue
2010-03-18 19:10 . 2010-03-18 19:18 -------- d-----w- c:\program files\Uniblue
2010-03-17 17:53 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-17 17:53 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-17 17:53 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
2010-03-17 17:53 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
2010-03-17 17:53 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
2010-03-17 17:53 . 1993-03-02 09:13 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-17 17:53 . 2010-03-19 18:07 -------- d-----w- c:\program files\PC Tools AntiVirus
2010-03-17 07:42 . 2010-03-22 02:02 -------- d-----w- c:\program files\ThreatExpert Memory Scanner
2010-03-16 23:16 . 2010-03-16 23:16 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-16 19:11 . 2010-03-16 19:15 -------- d-----w- c:\program files\PeerGuardian2
2010-03-16 18:45 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-03-16 18:45 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-03-16 18:45 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-03-16 18:39 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-03-16 18:39 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2010-03-16 18:39 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-03-16 18:39 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-03-16 18:39 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-03-16 18:39 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-03-16 18:39 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-03-16 18:39 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-03-16 18:39 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-03-16 18:39 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-03-16 18:39 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-03-16 18:39 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-03-16 18:38 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-16 18:38 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-16 18:38 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-16 18:31 . 2010-03-16 18:31 -------- d-----w- c:\users\leave me alone\AppData\Local\ElevatedDiagnostics
2010-03-16 18:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-16 18:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-16 18:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-16 18:17 . 2010-03-16 18:18 -------- d-----w- c:\program files\Microsoft ATS
2010-03-16 07:12 . 2010-03-16 07:13 -------- d-----w- c:\windows\system32\ca-ES
2010-03-16 07:12 . 2010-03-16 07:13 -------- d-----w- c:\windows\system32\eu-ES
2010-03-16 07:12 . 2010-03-16 07:13 -------- d-----w- c:\windows\system32\vi-VN
2010-03-16 06:52 . 2010-03-22 02:17 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-16 06:51 . 2010-03-16 06:51 -------- d-----w- c:\windows\system32\EventProviders
2010-03-16 06:44 . 2009-04-11 06:28 282624 ----a-w- c:\windows\system32\mstext40.dll
2010-03-16 06:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-03-16 06:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-03-16 06:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-03-16 06:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-03-16 06:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-03-16 06:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-03-16 06:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-03-16 06:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-03-16 06:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-03-16 06:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-03-16 06:43 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-03-15 18:55 . 2010-03-15 18:55 3584 ----a-r- c:\users\leave me alone\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-03-15 18:55 . 2010-03-15 18:55 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-03-15 18:55 . 2010-03-15 18:55 -------- d-----w- c:\program files\MSECACHE
2010-03-15 18:05 . 2010-03-15 18:05 -------- d-----w- c:\program files\Common Files\Scanner
2010-03-15 06:06 . 2010-03-15 07:35 -------- d-----w- c:\users\leave me alone\AppData\Roaming\FreeFixer
2010-03-15 06:06 . 2010-03-15 06:06 -------- d-----w- c:\users\leave me alone\AppData\Local\FreeFixer
2010-03-15 06:06 . 2010-03-15 06:06 -------- d-----w- c:\program files\FreeFixer
2010-03-15 00:33 . 2010-03-21 04:59 -------- d-----w- c:\program files\Unlocker
2010-03-15 00:23 . 2010-03-15 00:56 -------- d-----w- c:\program files\FileHippo.com
2010-03-14 21:27 . 2010-03-14 21:27 -------- d-----w- c:\program files\Java
2010-03-14 20:36 . 2010-03-17 20:00 -------- d-----w- c:\windows\RestoreSafeDeleted
2010-03-14 06:59 . 2010-03-14 06:59 -------- d-----w- c:\program files\S.N.Safe&Software
2010-03-13 22:55 . 2010-03-13 22:55 -------- d-----w- c:\programdata\WindowsSearch
2010-03-13 22:44 . 2010-03-15 00:27 -------- d-----w- c:\users\leave me alone\DoctorWeb
2010-03-13 21:28 . 2010-03-26 17:27 -------- d-----w- c:\program files\PeerBlock
2010-03-12 18:53 . 2010-03-12 18:53 -------- d-----w- c:\users\leave me alone\AppData\Roaming\URSoft
2010-03-12 18:52 . 2010-03-12 19:12 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-03-11 21:11 . 2010-03-11 21:11 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2010-03-11 20:58 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-03-11 20:52 . 2009-11-03 19:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 20:52 . 2009-11-03 21:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 20:52 . 2009-11-03 21:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 20:24 . 2010-03-11 20:24 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-11 20:10 . 2010-03-14 19:53 -------- d-----w- c:\program files\Norton Security Scan
2010-03-11 20:10 . 2010-03-12 19:43 -------- d-----w- c:\programdata\Symantec
2010-03-11 20:10 . 2010-03-11 20:10 -------- d-----w- c:\windows\system32\drivers\NSS
2010-03-11 19:40 . 2010-03-11 19:40 -------- d-----w- c:\users\leave me alone\AppData\Roaming\Malwarebytes
2010-03-11 19:38 . 2010-03-11 19:38 -------- d-----w- c:\programdata\Malwarebytes
2010-03-11 19:38 . 2010-03-23 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 08:29 . 2010-01-20 21:03 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-03-11 08:21 . 2010-03-11 08:21 0 ----a-w- c:\windows\nsreg.dat
2010-03-11 08:19 . 2010-03-11 08:19 -------- d-----w- c:\users\leave me alone\AppData\Local\Mozilla
2010-03-11 07:55 . 2010-03-11 07:55 -------- d-----w- c:\program files\Sophos
2010-03-10 20:46 . 2010-03-14 21:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-10 20:43 . 2010-03-10 20:43 -------- d-----w- c:\programdata\McAfee
2010-03-10 20:39 . 2010-03-15 00:15 38784 ----a-w- c:\users\leave me alone\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 17:14 . 2010-03-12 07:56 32726 ----a-w- c:\programdata\nvModes.dat
2010-03-19 00:54 . 2010-03-26 06:43 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG.SYS
2010-03-19 00:54 . 2010-03-26 06:43 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVENG32.DLL
2010-03-19 00:54 . 2010-03-26 06:43 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX32A.DLL
2010-03-19 00:54 . 2010-03-26 06:43 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\NAVEX15.SYS
2010-03-19 00:54 . 2010-03-26 06:43 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\EECTRL.SYS
2010-03-19 00:54 . 2010-03-26 06:43 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\CCERASER.DLL
2010-03-19 00:54 . 2010-03-26 06:43 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ECMSVR32.DLL
2010-03-19 00:54 . 2010-03-26 06:43 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100325.002\ERASER.SYS
2010-03-16 23:16 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-16 23:15 . 2010-03-16 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-16 07:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-03-16 07:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-03-16 07:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-16 07:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-16 07:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-03-16 07:13 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-03-15 19:09 . 2009-04-20 11:10 -------- d-----w- c:\programdata\Hewlett-Packard
2010-03-15 08:13 . 2009-04-20 12:11 -------- d-----w- c:\programdata\Microsoft Help
2010-03-15 02:07 . 2009-04-20 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-15 02:02 . 2009-04-20 11:28 -------- d-----w- c:\programdata\WildTangent
2010-03-14 21:30 . 2009-04-20 12:31 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 06:46 . 2009-04-20 12:35 -------- d-----w- c:\program files\SMINST
2010-03-11 21:16 . 2009-04-20 11:59 -------- d-----w- c:\program files\Microsoft Works
2010-03-11 20:10 . 2009-04-20 11:12 -------- d-----w- c:\programdata\Norton
2010-03-11 20:10 . 2009-04-20 11:12 -------- d-----w- c:\program files\NortonInstaller
2010-03-11 07:45 . 2009-04-20 12:17 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-11 07:28 . 2010-03-10 19:01 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-11 07:28 . 2010-03-10 19:01 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-10 18:56 . 2010-03-10 18:56 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE91906XN_E508240-002_4A_I303C_SWistron_V08.60_F.54_T090818_WV2-1_L409_M2814_J160_7AMD_8F31_92.10_#100309_N168C001C;10DE0760_(NV243UA#ABA)_XMOBILE_CN10_Z_2F.54.MRK
2010-03-10 18:48 . 2010-03-10 18:48 11264 ----a-w- c:\windows\system32\drivers\UZI4NDQ1.del
2010-03-09 22:12 . 2009-04-20 11:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-09 22:10 . 2009-04-20 12:18 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-03-09 22:10 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-03-09 22:10 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
2010-03-09 22:10 . 2009-04-20 12:18 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-03-09 22:10 . 2009-04-20 12:18 -------- d-----w- c:\programdata\CyberLink
2010-03-09 22:10 . 2009-04-20 12:18 36864 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
2010-03-09 22:09 . 2009-04-20 12:35 -------- d-----w- c:\program files\HP
2010-03-09 22:09 . 2009-04-20 11:10 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-09 22:09 . 2009-04-20 10:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-03-09 22:04 . 2010-03-09 22:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-03-06 00:55 . 2010-03-26 06:43 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-06 00:55 . 2010-03-26 06:43 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-06 00:55 . 2010-03-26 06:43 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-06 00:55 . 2010-03-26 06:43 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-06 00:55 . 2010-03-26 06:43 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-06 00:55 . 2009-04-20 11:12 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2010-03-06 00:55 . 2009-04-20 11:12 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-03-06 00:55 . 2009-04-20 11:12 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2010-03-06 00:55 . 2009-04-20 11:12 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2010-03-06 00:55 . 2009-04-20 11:12 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2010-02-26 23:13 . 2010-03-15 18:59 17160 ----a-w- c:\windows\Help\OEM\scripts\HPHCDisableObject.exe
2010-02-22 19:28 . 2010-03-10 19:58 1282824 ----a-w- c:\windows\Help\OEM\scripts\SamsungHDDFW1HC.exe
2010-02-04 22:51 . 2010-03-10 19:58 49152 ----a-w- c:\windows\Help\OEM\scripts\Interop.TaskScheduler.dll
2010-01-06 15:38 . 2010-03-16 18:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-03-16 18:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-03-16 18:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 15:38 . 2010-03-16 18:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-02 06:38 . 2010-03-10 17:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-10 17:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-10 17:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-10 17:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-20 11:26 . 2009-04-20 11:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"UnHackMe Monitor"="c:\program files\UnHackMe\hackmon.exe" [2009-12-22 594144]
"Process Hacker"="c:\program files\Process Hacker\ProcessHacker.exe" [2010-01-24 2880512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CookieWall"="c:\program files\AnalogX\CookieWall\cookie.exe" [2010-03-21 159216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6c,2a,66,a5,d9,c4,ca,01

R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2010-03-12 34760]
R3 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [2009-12-07 17664]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2010-03-23 24416]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-08-24 206256]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2010-01-20 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2010-01-20 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-03-11 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100326.001\IDSvix86.sys [2010-03-06 343088]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-19 102448]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-08-22 66592]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2010-01-20 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-10 c:\windows\Tasks\HPCeeScheduleForleave me alone.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]

2010-03-26 c:\windows\Tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
- c:\windows\system32\msfeedssync.exe [2010-03-10 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 12:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-26 12:47:50
ComboFix-quarantined-files.txt 2010-03-26 17:47

Pre-Run: 117,570,076,672 bytes free
Post-Run: 117,198,938,112 bytes free

- - End Of File - - 6E32BFE6DC425F5DE6E627A2E00B3B95
  • 0

#7
azarl
Posted 27 March 2010 - 04:00 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Can you explain exactly what problems you are having please?

» Step 1 «
Posted Image OTL
OTL is currently our primary tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Important note: HijackThis has been replaced by OTL in this guide. Since being acquired by TrendMicro, HijackThis has not been regularly updated. Many infections are now able to hide partly, or completely from a HijackThis scan. OTL is authored by one of our staff members (OldTimer). It includes all the scan locations of HijackThis and more. It's not only a more comprehensive scan tool, but also offers more powerful removal features.

  • Download OTL to your Desktop
  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

» Step 2 «
Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.
«®»
  • 0

#8
_The_Nothing_
Posted 27 March 2010 - 02:19 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
this is all very strange

I kept seeing strange IP's like bogon and Akamai Technologies AKAMAI-207-246-192-0-24 (NET-207-246-192-0-2)
it all started when I ran AVZ / Kasperskys virus removal tool

I also found an AUTORUN.INF on one of my flash drive which I can not delete. I tried re-downloading unlocker but everytime I did it came up with a virus. I tried other stuff and the sites wouldn't have it (not found on server) or my connection would mystrieously stop and start in the middle of it to stop the download or would redirect me to something completly off the wall

if I open a folder to upload at virus total I can see a network shortcut on my desktop and a public folder Which is not there

I tried to upload a picture of it 620 KB (635,754 bytes but the site keeps telling me Attachment space used 2.46MB of 2MB how's that ?


regquery.bat
User accounts for \\LEAVEMEALONE-PC

-------------------------------------------------------------------------------
Administrator Guest leave me alone
The command completed successfully.

User name Guest
Full Name
Comment Built-in account for guest access to the computer/domain
User's comment
Country code 000 (System Default)
Account active No
Account expires Never

Password last set 3/23/2010 1:45:03 PM
Password expires Never
Password changeable 3/23/2010 1:45:03 PM
Password required No
User may change password No

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/20/2010 4:31:24 PM

Logon hours allowed All

Local Group Memberships *Guests
Global Group memberships *None
The command completed successfully.





<AVZ_CollectSysInfo>
--------------------
Start time: 3/22/2010 1:33:37 PM
Duration: 00:04:51
Finish time: 3/22/2010 1:38:28 PM


<AVZ_CollectSysInfo>
--------------------
Time Event
---- -----
3/22/2010 1:33:41 PM Windows version: Windows Vista ™ Home Basic, Build=6002, SP="Service Pack 2"
3/22/2010 1:33:42 PM System Restore: enabled
3/22/2010 1:33:51 PM 1.1 Searching for user-mode API hooks
3/22/2010 1:33:52 PM Analysis: kernel32.dll, export table found in section .text
3/22/2010 1:33:52 PM Function kernel32.dll:CreateProcessA (151) intercepted, method ProcAddressHijack.GetProcAddress ->772F1C28->61F03F42
3/22/2010 1:33:52 PM Hook kernel32.dll:CreateProcessA (151) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:CreateProcessW (154) intercepted, method ProcAddressHijack.GetProcAddress ->772F1BF3->61F04040
3/22/2010 1:33:52 PM Hook kernel32.dll:CreateProcessW (154) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:FreeLibrary (335) intercepted, method ProcAddressHijack.GetProcAddress ->77333DB4->61F041FC
3/22/2010 1:33:52 PM Hook kernel32.dll:FreeLibrary (335) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetModuleFileNameA (503) intercepted, method ProcAddressHijack.GetProcAddress ->7733B6BD->61F040FB
3/22/2010 1:33:52 PM Hook kernel32.dll:GetModuleFileNameA (503) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetModuleFileNameW (504) intercepted, method ProcAddressHijack.GetProcAddress ->7733B27E->61F041A0
3/22/2010 1:33:52 PM Hook kernel32.dll:GetModuleFileNameW (504) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:GetProcAddress (548) intercepted, method ProcAddressHijack.GetProcAddress ->7733903B->61F04648
3/22/2010 1:33:52 PM Hook kernel32.dll:GetProcAddress (548) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryA (759) intercepted, method ProcAddressHijack.GetProcAddress ->773194DC->61F03C6F
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryA (759) blocked
3/22/2010 1:33:52 PM >>> Functions LoadLibraryA - preventing AVZ process from being intercepted by address replacement !!)
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryExA (760) intercepted, method ProcAddressHijack.GetProcAddress ->773194B4->61F03DAF
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryExA (760) blocked
3/22/2010 1:33:52 PM >>> Functions LoadLibraryExA - preventing AVZ process from being intercepted by address replacement !!)
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryExW (761) intercepted, method ProcAddressHijack.GetProcAddress ->77319109->61F03E5A
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryExW (761) blocked
3/22/2010 1:33:52 PM Function kernel32.dll:LoadLibraryW (762) intercepted, method ProcAddressHijack.GetProcAddress ->77319362->61F03D0C
3/22/2010 1:33:52 PM Hook kernel32.dll:LoadLibraryW (762) blocked
3/22/2010 1:33:52 PM IAT modification detected: LoadLibraryW - 01BD0010<>77319362
3/22/2010 1:33:52 PM Analysis: ntdll.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: user32.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: advapi32.dll, export table found in section .text
3/22/2010 1:33:52 PM Analysis: ws2_32.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: wininet.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: rasapi32.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: urlmon.dll, export table found in section .text
3/22/2010 1:33:53 PM Analysis: netapi32.dll, export table found in section .text
3/22/2010 1:33:55 PM >> Danger ! Process masking detected
3/22/2010 1:33:55 PM 1.2 Searching for kernel-mode API hooks
3/22/2010 1:35:21 PM Driver loaded successfully
3/22/2010 1:35:21 PM SDT found (RVA=137B00)
3/22/2010 1:35:21 PM Kernel ntkrnlpa.exe found in memory at address 81C41000
3/22/2010 1:35:21 PM SDT = 81D78B00
3/22/2010 1:35:21 PM KiST = 81CED84C (391)
3/22/2010 1:35:21 PM Function NtAlertResumeThread (0D) intercepted (81ED3F0D->88616A20), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAlertThread (0E) intercepted (81E4CE07->88616B00), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAllocateVirtualMemory (12) intercepted (81E88F19->88402C50), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAlpcConnectPort (15) intercepted (81E2B4B2->88511A00), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:21 PM Function NtAssignProcessToJobObject (2A) intercepted (81DFEAEF->87E60F28), hook not defined
3/22/2010 1:35:21 PM >>> Function restored successfully !
3/22/2010 1:35:21 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateMutant (43) intercepted (81E613BC->88616770), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateProcess (48) intercepted (81ED274B->89F7F9A6), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateProcessEx (49) intercepted (81ED2796->89F7FB98), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateSymbolicLinkObject (4D) intercepted (81E01306->87E60B48), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtCreateThread (4E) intercepted (81ED2580->87CF1530), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtDebugActiveProcess (74) intercepted (81EA56EA->886162A8), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtDuplicateObject (81) intercepted (81E3916E->87C13230), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtFreeVirtualMemory (93) intercepted (81CC5F5F->88402A70), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtImpersonateAnonymousToken (9C) intercepted (81DFBEBE->88616860), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtImpersonateThread (9E) intercepted (81E114C0->88616940), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtLoadDriver (A5) intercepted (81DACDF0->87A8D228), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtMapViewOfSection (B1) intercepted (81E5144C->88402970), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:22 PM Function NtOpenEvent (B8) intercepted (81E3A9ED->88616690), hook not defined
3/22/2010 1:35:22 PM >>> Function restored successfully !
3/22/2010 1:35:22 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenProcess (C2) intercepted (81E61B58->87C13390), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenProcessToken (C3) intercepted (81E425FE->88402D20), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenSection (C5) intercepted (81E5221F->886164D0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtOpenThread (C9) intercepted (81E5D0AA->87C13300), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtProtectVirtualMemory (D2) intercepted (81E5AE8D->87E60E38), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtResumeThread (11A) intercepted (81E5C6F5->889183D8), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetContextThread (121) intercepted (81ED3253->88616DA0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetInformationProcess (131) intercepted (81E5547A->88616E80), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSetSystemInformation (13D) intercepted (81E27B16->88616388), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSuspendProcess (14A) intercepted (81ED3E47->886165B0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtSuspendThread (14B) intercepted (81DDB929->88616BE0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtTerminateProcess (14E) intercepted (81E31D60->89F7F656), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtTerminateThread (14F) intercepted (81E5D0DF->88616CC0), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtUnmapViewOfSection (15C) intercepted (81E5170F->88616F70), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtWriteVirtualMemory (166) intercepted (81E4E4DF->88402B60), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtCreateThreadEx (17E) intercepted (81E5CB94->87E60C38), hook not defined
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:23 PM Function NtCreateUserProcess (17F) intercepted (81E0AB82->89F7FDA0), hook C:\Windows\system32\drivers\PCTCore.sys
3/22/2010 1:35:23 PM >>> Function restored successfully !
3/22/2010 1:35:23 PM >>> Hook code blocked
3/22/2010 1:35:26 PM Functions checked: 391, intercepted: 35, restored: 35
3/22/2010 1:35:26 PM 1.3 Checking IDT and SYSENTER
3/22/2010 1:35:26 PM Analysis for CPU 1
3/22/2010 1:35:26 PM Checking IDT and SYSENTER - complete
3/22/2010 1:35:28 PM 1.4 Searching for masking processes and drivers
3/22/2010 1:35:28 PM Checking not performed: extended monitoring driver (AVZPM) is not installed
3/22/2010 1:35:28 PM Driver loaded successfully
3/22/2010 1:35:28 PM 1.5 Checking of IRP handlers
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_CREATE_NAMED_PIPE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_READ] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:28 PM \driver\tcpip[IRP_MJ_WRITE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_QUERY_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_SET_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:29 PM \driver\tcpip[IRP_MJ_QUERY_EA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_SET_EA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_FLUSH_BUFFERS] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:30 PM \driver\tcpip[IRP_MJ_QUERY_VOLUME_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_SET_VOLUME_INFORMATION] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_DIRECTORY_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_FILE_SYSTEM_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:31 PM \driver\tcpip[IRP_MJ_SHUTDOWN] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_LOCK_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_CREATE_MAILSLOT] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:32 PM \driver\tcpip[IRP_MJ_QUERY_SECURITY] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_SET_SECURITY] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_POWER] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_SYSTEM_CONTROL] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:33 PM \driver\tcpip[IRP_MJ_DEVICE_CHANGE] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_QUERY_QUOTA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_SET_QUOTA] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM \driver\tcpip[IRP_MJ_PNP] = 81C69A22 -> C:\Windows\system32\ntkrnlpa.exe, driver recognized as trusted
3/22/2010 1:35:34 PM Checking - complete
3/22/2010 1:35:56 PM >>> F:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
3/22/2010 1:35:57 PM >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
3/22/2010 1:35:57 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
3/22/2010 1:35:57 PM >> Security: administrative shares (C$, D$ ...) are enabled
3/22/2010 1:35:57 PM >> Security: anonymous user access is enabled
3/22/2010 1:35:57 PM >> Security: sending Remote Assistant queries is enabled
3/22/2010 1:36:02 PM System Analysis in progress
3/22/2010 1:38:28 PM System Analysis - complete
3/22/2010 1:38:28 PM Delete file:F:\portable apps\Malware Trojan spyware removers\Kaspersky\KVR\LOG\avptool_syscheck.htm
3/22/2010 1:38:28 PM Delete file:F:\portable apps\Malware Trojan spyware removers\Kaspersky\KVR\LOG\avptool_syscheck.xml
3/22/2010 1:38:28 PM Deleting service/driver: uti4ndq1
3/22/2010 1:38:28 PM Delete file:C:\Windows\system32\Drivers\uti4ndq1.sys
3/22/2010 1:38:28 PM Deleting service/driver: uji4ndq1
3/22/2010 1:38:28 PM Script executed without errors




OTL logfile created on: 3/27/2010 11:59:03 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 108.05 Gb Free Space | 77.91% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.74 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded (don't have H)
I: Drive not present or media not loaded (don't have I)

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
PRC - [2010/03/20 19:31:36 | 000,159,216 | ---- | M] (AnalogX, LLC) -- C:\Program Files\AnalogX\CookieWall\cookie.exe
PRC - [2010/03/16 15:44:31 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
PRC - [2010/01/24 09:38:54 | 002,880,512 | ---- | M] (wj32) -- C:\Program Files\Process Hacker\ProcessHacker.exe
PRC - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/12/22 15:38:24 | 000,594,144 | ---- | M] (Greatis Software) -- C:\Program Files\UnHackMe\hackmon.exe
PRC - [2009/09/28 02:02:42 | 001,529,432 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009/08/21 03:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2010/01/20 16:03:39 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/03/23 02:12:55 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/03/18 19:54:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100326.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/03/18 19:54:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/18 19:54:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100326.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/12 14:33:20 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/03/11 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/11 02:28:30 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/03/11 02:28:01 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010/03/05 19:55:08 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/01/20 16:03:40 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/01/20 16:03:40 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2010/01/20 16:03:40 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2010/01/20 16:03:39 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2010/01/20 16:03:39 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2010/01/20 16:03:39 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/01/20 16:03:39 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/01/20 16:03:28 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/12/07 09:49:26 | 000,017,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EnumProcessesDriver.sys -- (EnumProcessesDriver)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/08/24 14:05:06 | 000,206,256 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/08/21 21:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 22:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/17 07:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/04/20 06:26:14 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/04/20 06:26:14 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/04/20 06:26:14 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/02/10 10:13:18 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVRec.sys -- (AVRec)
DRV - [2009/02/10 10:13:16 | 000,028,560 | ---- | M] (PC Tools Research Pty Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVHook.sys -- (AVHook)
DRV - [2009/02/10 10:13:16 | 000,021,904 | ---- | M] (PC Tools Research Pty Ltd) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\AVFilter.sys -- (AVFilter)
DRV - [2008/12/20 03:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 13:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/29 08:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/01/20 21:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 21:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 20:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 20:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...rio&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/03/27 11:41:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/23 14:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/23 14:46:31 | 000,000,000 | ---D | M]

[2010/03/11 03:23:05 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Extensions
[2010/03/27 11:59:10 | 000,000,000 | ---D | M] -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions
[2010/03/13 03:51:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/15 03:02:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/03/21 17:18:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\leave me alone\AppData\Roaming\Mozilla\Firefox\Profiles\igfjcixl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/27 11:59:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe (AnalogX, LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Process Hacker] C:\Program Files\Process Hacker\ProcessHacker.exe (wj32)
O4 - HKCU..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.180.99.2 216.180.122.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/03/27 03:10:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/27 02:43:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/27 01:14:59 | 000,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\TFC.exe
[2010/03/27 01:14:38 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Adobe
[2010/03/26 12:47:53 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\temp
[2010/03/26 12:30:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/26 12:30:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/26 12:30:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/03/26 12:30:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/03/26 12:30:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/26 12:26:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/26 00:52:50 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Desktop\New Folder
[2010/03/25 02:24:42 | 001,105,120 | ---- | C] (Piriform Ltd) -- C:\Users\leave me alone\Desktop\spsetup100.exe
[2010/03/24 13:10:59 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Documents\SnagIt
[2010/03/24 13:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010/03/24 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\TechSmith
[2010/03/24 13:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/03/24 13:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/24 02:20:51 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\ComodoGroup
[2010/03/24 02:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/03/24 01:37:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Vidalia
[2010/03/24 01:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/21 22:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/21 01:05:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Tor
[2010/03/21 01:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2010/03/20 19:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\AnalogX
[2010/03/20 13:38:01 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Auslogics
[2010/03/20 13:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/03/20 12:00:14 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\dwhelper
[2010/03/20 03:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/20 03:15:41 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/03/20 03:15:41 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Simply Super Software
[2010/03/19 03:42:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/19 03:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/19 02:29:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\PC Tools
[2010/03/19 01:04:10 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Lunarsoft
[2010/03/19 01:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lunarsoft
[2010/03/18 14:10:28 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Uniblue
[2010/03/18 14:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/03/18 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\WinRAR
[2010/03/18 14:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/03/17 12:53:53 | 000,206,256 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/17 12:53:53 | 000,086,888 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/03/17 12:53:40 | 000,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\Windows\System32\drivers\AVHook.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\Windows\System32\drivers\AVFilter.sys
[2010/03/17 12:53:40 | 000,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\Windows\System32\drivers\AVRec.sys
[2010/03/17 12:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/03/17 12:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2010/03/17 02:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatExpert Memory Scanner
[2010/03/16 18:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/03/16 14:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/03/16 13:45:42 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/03/16 13:45:40 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/03/16 13:45:39 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/03/16 13:44:37 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/03/16 13:44:35 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/03/16 13:44:32 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/03/16 13:44:32 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/03/16 13:44:30 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/03/16 13:44:30 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/03/16 13:44:30 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/03/16 13:44:29 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/03/16 13:44:29 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/03/16 13:44:29 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/03/16 13:44:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/03/16 13:44:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/03/16 13:44:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/03/16 13:44:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/03/16 13:44:25 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/03/16 13:44:25 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/03/16 13:44:25 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/03/16 13:44:25 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/03/16 13:44:24 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/03/16 13:44:24 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/03/16 13:44:24 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/03/16 13:44:24 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/03/16 13:44:24 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/03/16 13:44:24 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/03/16 13:44:24 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/03/16 13:39:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/03/16 13:39:58 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/03/16 13:39:49 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/03/16 13:39:45 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/03/16 13:39:45 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/03/16 13:39:45 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/03/16 13:39:45 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/03/16 13:39:45 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/03/16 13:39:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/03/16 13:38:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/03/16 13:38:12 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/03/16 13:31:02 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\ElevatedDiagnostics
[2010/03/16 13:21:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/03/16 13:19:13 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/03/16 13:19:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/03/16 13:19:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/03/16 13:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/03/16 02:12:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/03/16 01:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/03/16 01:51:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/03/16 01:45:31 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/03/16 01:45:29 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/03/16 01:45:28 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/03/16 01:45:28 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/03/16 01:45:27 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/03/16 01:45:26 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/03/16 01:45:25 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/03/16 01:45:24 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/03/16 01:45:23 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/03/16 01:45:22 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/03/16 01:45:20 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/03/16 01:45:19 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/03/16 01:45:19 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/03/16 01:45:19 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/03/16 01:45:18 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/03/16 01:45:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/03/16 01:45:16 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/03/16 01:45:16 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/03/16 01:45:16 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/03/16 01:45:15 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/03/16 01:45:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/03/16 01:45:13 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/03/16 01:45:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/03/16 01:45:12 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/03/16 01:45:12 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/03/16 01:45:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/03/16 01:45:10 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/03/16 01:45:10 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/03/16 01:45:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/03/16 01:45:09 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/03/16 01:45:09 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/03/16 01:45:09 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/03/16 01:45:09 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/03/16 01:45:09 | 000,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/03/16 01:45:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/03/16 01:45:07 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/03/16 01:45:06 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/03/16 01:45:05 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/03/16 01:45:05 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/03/16 01:45:04 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/03/16 01:45:04 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/03/16 01:45:04 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/03/16 01:45:03 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/03/16 01:45:03 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/03/16 01:45:03 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/03/16 01:45:03 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/03/16 01:45:03 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/03/16 01:45:02 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/03/16 01:45:02 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/03/16 01:45:02 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/03/16 01:45:02 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/03/16 01:45:01 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/03/16 01:45:01 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/03/16 01:45:01 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/03/16 01:45:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/03/16 01:45:01 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/03/16 01:45:00 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/03/16 01:45:00 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/03/16 01:45:00 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/03/16 01:44:59 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/03/16 01:44:59 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/03/16 01:44:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/03/16 01:44:59 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/03/16 01:44:58 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/03/16 01:44:58 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/03/16 01:44:58 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/03/16 01:44:58 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/03/16 01:44:58 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/03/16 01:44:58 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/03/16 01:44:57 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/03/16 01:44:57 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/03/16 01:44:56 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/03/16 01:44:56 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/03/16 01:44:56 | 000,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/03/16 01:44:56 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/03/16 01:44:56 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/03/16 01:44:55 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/03/16 01:44:55 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/03/16 01:44:55 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/03/16 01:44:55 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/03/16 01:44:54 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/03/16 01:44:54 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/03/16 01:44:54 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/03/16 01:44:54 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/03/16 01:44:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/03/16 01:44:54 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/03/16 01:44:53 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/03/16 01:44:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/03/16 01:44:52 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/03/16 01:44:52 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/03/16 01:44:51 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/03/16 01:44:51 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/03/16 01:44:51 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/03/16 01:44:49 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/03/16 01:44:49 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/03/16 01:44:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/03/16 01:44:48 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/03/16 01:44:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/03/16 01:44:46 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/03/16 01:44:46 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/03/16 01:44:46 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/03/16 01:44:46 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/03/16 01:44:46 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/03/16 01:44:45 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/03/16 01:44:45 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/03/16 01:44:45 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/03/16 01:44:44 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/03/16 01:44:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/03/16 01:44:44 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/03/16 01:44:43 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/03/16 01:44:42 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/03/16 01:44:42 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/03/16 01:44:42 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/03/16 01:44:42 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/03/16 01:44:42 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/03/16 01:44:42 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/03/16 01:44:42 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/03/16 01:44:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/03/16 01:44:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/03/16 01:44:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/03/16 01:44:41 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/03/16 01:44:41 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/03/16 01:44:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/03/16 01:44:40 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/03/16 01:44:40 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/03/16 01:44:40 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/03/16 01:44:40 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/03/16 01:44:40 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/03/16 01:44:40 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/03/16 01:44:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/03/16 01:44:40 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/03/16 01:44:40 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/03/16 01:44:40 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/03/16 01:44:40 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/03/16 01:44:39 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/03/16 01:44:39 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/03/16 01:44:39 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/03/16 01:44:39 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/03/16 01:44:39 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/03/16 01:44:39 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/03/16 01:44:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/03/16 01:44:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/03/16 01:44:39 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/03/16 01:44:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/03/16 01:44:38 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/03/16 01:44:38 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/03/16 01:44:38 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/03/16 01:44:38 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/03/16 01:44:38 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/03/16 01:44:38 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/03/16 01:44:38 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/03/16 01:44:37 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/03/16 01:44:37 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/03/16 01:44:37 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/03/16 01:44:37 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/03/16 01:44:37 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/03/16 01:44:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/03/16 01:44:37 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/03/16 01:44:36 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/03/16 01:44:36 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/03/16 01:44:36 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/03/16 01:44:35 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/03/16 01:44:35 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/03/16 01:44:35 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/03/16 01:44:35 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/03/16 01:44:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/03/16 01:44:35 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/03/16 01:44:35 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/03/16 01:44:35 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/03/16 01:44:35 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/03/16 01:44:34 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/03/16 01:44:34 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/03/16 01:44:33 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/03/16 01:44:33 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/03/16 01:44:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/03/16 01:44:33 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/03/16 01:44:32 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/03/16 01:44:32 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/03/16 01:44:32 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/03/16 01:44:32 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/03/16 01:44:32 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/03/16 01:44:32 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/03/16 01:44:32 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/03/16 01:44:32 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/03/16 01:44:32 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/03/16 01:44:31 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/03/16 01:44:31 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/03/16 01:44:31 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/03/16 01:44:31 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/03/16 01:44:31 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/03/16 01:44:30 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/03/16 01:44:30 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/03/16 01:44:30 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/03/16 01:44:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/03/16 01:44:30 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/03/16 01:44:30 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/03/16 01:44:30 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/03/16 01:44:30 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/03/16 01:44:30 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/03/16 01:44:30 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/03/16 01:44:30 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/03/16 01:44:29 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/03/16 01:44:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/03/16 01:44:29 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/03/16 01:44:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/03/16 01:44:28 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/03/16 01:44:28 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/03/16 01:44:28 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/03/16 01:44:28 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/03/16 01:44:28 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/03/16 01:44:28 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/03/16 01:44:28 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/03/16 01:44:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/03/16 01:44:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/03/16 01:44:28 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/03/16 01:44:28 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/03/16 01:44:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/03/16 01:44:28 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/03/16 01:44:27 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/03/16 01:44:27 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/03/16 01:44:27 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/03/16 01:44:27 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/03/16 01:44:27 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/03/16 01:44:27 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/03/16 01:44:27 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/03/16 01:44:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/03/16 01:44:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/03/16 01:44:27 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/03/16 01:44:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/03/16 01:44:27 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/03/16 01:44:27 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/03/16 01:44:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/03/16 01:44:26 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/03/16 01:44:26 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/03/16 01:44:26 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/03/16 01:44:25 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/03/16 01:44:25 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2010/03/16 01:44:25 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/03/16 01:44:25 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/03/16 01:44:25 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/03/16 01:44:25 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/03/16 01:44:24 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/03/16 01:44:24 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/03/16 01:44:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/03/16 01:44:24 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/03/16 01:44:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/03/16 01:44:24 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/03/16 01:44:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/03/16 01:44:24 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/03/16 01:44:24 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/03/16 01:44:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/03/16 01:44:24 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/03/16 01:44:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/03/16 01:44:23 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/03/16 01:44:23 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/03/16 01:44:23 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/03/16 01:44:23 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/03/16 01:44:23 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/03/16 01:44:23 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/03/16 01:44:23 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/03/16 01:44:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/03/16 01:44:23 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/03/16 01:44:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/03/16 01:44:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/03/16 01:44:22 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/03/16 01:44:22 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/03/16 01:44:22 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/03/16 01:44:22 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2010/03/16 01:44:22 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/03/16 01:44:22 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/03/16 01:44:22 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/03/16 01:44:22 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/03/16 01:44:22 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/03/16 01:44:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/03/16 01:44:22 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/03/16 01:44:21 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/03/16 01:44:21 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/03/16 01:44:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/03/16 01:44:21 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/03/16 01:44:21 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/03/16 01:44:21 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/03/16 01:44:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/03/16 01:44:20 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/03/16 01:44:20 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/03/16 01:44:20 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/03/16 01:44:20 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/03/16 01:44:20 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/03/16 01:44:20 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/03/16 01:44:20 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/03/16 01:44:20 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/03/16 01:44:20 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/03/16 01:44:20 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/03/16 01:44:20 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/03/16 01:44:20 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/03/16 01:44:20 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/03/16 01:44:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/03/16 01:44:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/03/16 01:44:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/03/16 01:44:20 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/03/16 01:44:20 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/03/16 01:44:19 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/03/16 01:44:19 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/03/16 01:44:19 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/03/16 01:44:19 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/03/16 01:44:19 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/03/16 01:44:19 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/03/16 01:44:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/03/16 01:44:19 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/03/16 01:44:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/03/16 01:44:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/03/16 01:44:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/03/16 01:44:19 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/03/16 01:44:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/03/16 01:44:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/03/16 01:44:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/03/16 01:44:19 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/03/16 01:44:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/03/16 01:44:18 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/03/16 01:44:18 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/03/16 01:44:18 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/03/16 01:44:18 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/03/16 01:44:18 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/03/16 01:44:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/03/16 01:44:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/03/16 01:44:18 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/03/16 01:44:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/03/16 01:44:18 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/03/16 01:44:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/03/16 01:44:18 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/03/16 01:44:18 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/03/16 01:44:18 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/03/16 01:44:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/03/16 01:44:17 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/03/16 01:44:17 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/03/16 01:44:17 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/03/16 01:44:17 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/03/16 01:44:17 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/03/16 01:44:17 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/03/16 01:44:17 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/03/16 01:44:17 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/03/16 01:44:17 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/03/16 01:44:16 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/03/16 01:44:16 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/03/16 01:44:16 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/03/16 01:44:16 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/03/16 01:44:16 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/03/16 01:44:16 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/03/16 01:44:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/03/16 01:44:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/03/16 01:44:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/03/16 01:44:15 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/03/16 01:44:15 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/03/16 01:44:15 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/03/16 01:44:15 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/03/16 01:44:15 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/03/16 01:44:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/03/16 01:44:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/03/16 01:44:15 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/03/16 01:44:15 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/03/16 01:44:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/03/16 01:44:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/03/16 01:44:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/03/16 01:44:14 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/03/16 01:44:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/03/16 01:44:14 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/03/16 01:44:14 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/03/16 01:44:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/03/16 01:44:14 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/03/16 01:44:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/03/16 01:44:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/03/16 01:44:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/03/16 01:44:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/03/16 01:44:14 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/03/16 01:44:14 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/03/16 01:44:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/03/16 01:44:14 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/03/16 01:44:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/03/16 01:44:13 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/03/16 01:44:13 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/03/16 01:44:13 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/03/16 01:44:13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/03/16 01:44:13 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/03/16 01:44:13 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/03/16 01:44:13 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/03/16 01:44:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/03/16 01:44:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/03/16 01:44:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/03/16 01:44:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/03/16 01:44:13 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/03/16 01:44:12 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/03/16 01:44:12 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/03/16 01:44:12 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/03/16 01:44:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/03/16 01:44:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/03/16 01:44:12 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/03/16 01:44:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/03/16 01:44:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/03/16 01:44:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/03/16 01:44:11 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/03/16 01:44:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/03/16 01:44:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/03/16 01:44:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/03/16 01:44:10 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/03/16 01:44:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/03/16 01:44:10 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/03/16 01:44:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/03/16 01:44:10 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/03/16 01:44:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/03/16 01:44:10 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/03/16 01:44:10 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/03/16 01:44:08 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/03/16 01:44:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/03/16 01:44:07 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/03/16 01:44:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/03/16 01:44:07 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/03/16 01:43:47 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/03/16 01:43:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/03/16 01:43:44 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/03/16 01:43:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/03/15 13:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/15 13:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/15 13:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\FreeFixer
[2010/03/15 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\FreeFixer
[2010/03/15 01:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2010/03/14 19:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/03/14 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010/03/14 16:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/14 16:28:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/14 16:28:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/14 16:28:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/14 16:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/14 15:36:30 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2010/03/14 01:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\S.N.Safe&Software
[2010/03/13 17:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/03/13 17:44:25 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\DoctorWeb
[2010/03/13 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/03/12 13:53:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\URSoft
[2010/03/12 13:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2008
[2010/03/11 15:52:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/03/11 15:52:56 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/11 15:50:13 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/03/11 15:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/03/11 15:10:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010/03/11 14:40:00 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Malwarebytes
[2010/03/11 14:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/11 14:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/11 03:29:01 | 000,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2010/03/11 03:19:03 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Mozilla
[2010/03/11 03:19:03 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Mozilla
[2010/03/11 03:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/03/11 02:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/03/10 15:46:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/10 15:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/03/10 15:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/10 15:18:55 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\WindowsUpdate
[2010/03/10 15:03:40 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/03/10 14:12:02 | 000,035,040 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/03/10 14:12:02 | 000,034,760 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/03/10 14:11:56 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\Documents\RegRun2
[2010/03/10 14:11:51 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/03/10 14:11:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2010/03/10 14:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/03/10 14:01:49 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/03/10 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/03/10 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/03/10 14:01:43 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Hewlett-Packard
[2010/03/10 14:01:13 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Searches
[2010/03/10 14:01:07 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Identities
[2010/03/10 14:01:05 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Contacts
[2010/03/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\hewlett-packard
[2010/03/10 13:58:15 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\HP TCS
[2010/03/10 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\VirtualStore
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\Temporary Internet Files
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Templates
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Start Menu
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\SendTo
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Recent
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\PrintHood
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\NetHood
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\My Documents
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Local Settings
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\History
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Cookies
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\Application Data
[2010/03/10 13:55:46 | 000,000,000 | -HSD | C] -- C:\Users\leave me alone\AppData\Local\Application Data
[2010/03/10 13:55:45 | 000,000,000 | --SD | C] -- C:\Users\leave me alone\AppData\Roaming\Microsoft
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Videos
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Saved Games
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Pictures
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Music
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Links
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Favorites
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Downloads
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Documents
[2010/03/10 13:55:45 | 000,000,000 | R--D | C] -- C:\Users\leave me alone\Desktop
[2010/03/10 13:55:45 | 000,000,000 | -H-D | C] -- C:\Users\leave me alone\AppData
[2010/03/10 13:55:45 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Microsoft
[2010/03/10 12:31:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/03/10 12:31:27 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/03/10 12:31:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/03/10 12:31:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/03/10 12:31:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/03/10 12:31:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/03/10 12:31:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/03/10 12:31:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/03/10 12:31:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/03/10 12:31:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/03/10 12:31:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/03/10 12:31:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/03/10 12:31:23 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/03/10 12:31:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/03/10 12:29:55 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/03/10 12:29:55 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/03/10 12:29:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/03/10 12:29:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/03/10 12:29:54 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/03/10 12:29:54 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/03/10 12:29:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/03/10 12:29:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/03/10 12:29:53 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/03/10 12:29:53 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/03/10 12:29:53 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/03/10 12:29:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/03/10 12:29:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/03/10 12:29:53 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/03/10 12:29:53 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/03/10 12:29:52 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/03/10 12:29:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/03/10 12:29:51 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/03/10 12:29:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/03/10 12:29:51 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/03/10 12:29:50 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/03/10 12:29:50 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/03/10 12:29:49 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/03/10 12:29:49 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/03/10 12:29:49 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/03/10 12:29:49 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/03/10 12:29:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/03/10 04:25:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/03/10 04:23:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/03/10 04:20:37 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/03/10 04:20:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/03/10 04:20:34 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/03/10 04:20:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/03/10 04:20:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/03/10 04:17:00 | 001,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/03/10 04:16:16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/03/10 04:16:15 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/03/10 04:16:15 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/03/10 04:16:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/03/10 04:16:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/03/10 04:16:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/03/10 04:16:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/03/10 04:16:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/03/10 04:16:11 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/03/10 04:15:09 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/03/10 04:14:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/03/10 04:14:56 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/03/10 04:14:16 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/03/10 04:14:16 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/03/10 04:14:16 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/03/10 04:14:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/03/10 04:14:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/03/10 04:04:45 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/03/10 04:04:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/03/10 04:04:39 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2010/03/10 04:04:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2010/03/10 04:04:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2010/03/10 04:04:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2010/03/10 03:54:32 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/03/10 03:54:30 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/03/10 03:53:05 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/03/10 03:53:05 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/03/10 03:53:01 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/03/10 03:53:01 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/03/10 03:52:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/03/10 03:52:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/03/10 03:52:51 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/03/10 03:52:50 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/03/10 03:52:50 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/03/10 03:51:16 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/03/10 03:50:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/03/10 03:50:16 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010/03/10 03:50:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/03/10 03:50:15 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/03/10 03:50:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010/03/10 03:48:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010/03/10 03:48:30 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010/03/10 03:47:09 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/03/10 03:46:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/03/10 03:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/03/10 03:44:24 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\CrashDumps
[2010/03/10 03:33:02 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/03/10 03:32:46 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/03/10 03:32:21 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/03/10 03:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2010/03/10 03:15:47 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/03/10 03:15:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/03/10 03:15:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/03/10 03:15:36 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/03/10 03:09:22 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Process Hacker
[2010/03/10 03:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker
[2010/03/10 02:48:29 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/03/10 02:41:32 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/10 02:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/03/10 02:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/03/10 02:14:05 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Macromedia
[2010/03/10 02:13:18 | 000,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2010/03/10 02:13:18 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Roaming\Adobe
[2010/03/10 02:12:39 | 000,000,000 | ---D | C] -- C:\Users\leave me alone\AppData\Local\Symantec
[2010/03/10 02:10:57 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/03/10 02:10:57 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/03/10 02:10:42 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/03/10 02:10:42 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/03/10 02:10:42 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/03/10 02:10:30 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/03/10 02:10:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/03/09 17:52:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/03/09 17:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/09 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\muvee Technologies
[2010/03/09 17:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/03/09 17:09:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2010/03/09 17:09:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2010/03/09 17:09:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl71.dll
[2010/03/09 17:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2010/03/09 17:05:02 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/03/09 17:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/03/09 17:03:40 | 001,079,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2010/03/09 17:03:40 | 000,313,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2010/03/09 17:01:53 | 000,442,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvusmb.exe
[2010/03/09 17:01:23 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010/03/09 17:00:44 | 001,093,120 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2010/03/09 17:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2010/03/09 17:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2010/03/09 16:59:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/03/09 16:53:53 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

========== Files - Modified Within 30 Days ==========

[2010/03/27 12:02:36 | 001,835,008 | -HS- | M] () -- C:\Users\leave me alone\ntuser.dat
[2010/03/27 11:55:45 | 000,156,759 | ---- | M] () -- C:\Users\leave me alone\Desktop\topic114351.html
[2010/03/27 11:54:59 | 000,293,376 | ---- | M] () -- C:\df37z391.exe
[2010/03/27 11:46:56 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
[2010/03/27 11:42:11 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/27 11:42:05 | 000,000,680 | ---- | M] () -- C:\Users\leave me alone\AppData\Local\d3d9caps.dat
[2010/03/27 11:41:39 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/27 11:41:38 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/27 11:41:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 11:41:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 11:41:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 11:41:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 03:15:43 | 000,524,288 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 03:15:43 | 000,065,536 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/27 02:59:52 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/27 02:22:55 | 000,006,018 | ---- | M] () -- C:\Users\leave me alone\Documents\cc_20100327_022250.reg
[2010/03/27 02:22:31 | 000,030,924 | ---- | M] () -- C:\Users\leave me alone\Documents\cc_20100327_022226.reg
[2010/03/27 02:20:50 | 000,334,985 | ---- | M] () -- C:\Users\leave me alone\Desktop\look at all this it won't go away.png
[2010/03/26 14:04:15 | 000,012,582 | ---- | M] () -- C:\Users\leave me alone\Desktop\3-26-2010 2-04-03 PM.png
[2010/03/26 12:24:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\leave me alone\Desktop\OTL.exe
[2010/03/26 12:22:23 | 003,903,349 | R--- | M] () -- C:\Users\leave me alone\Desktop\fixme.exe
[2010/03/26 12:12:46 | 003,320,535 | -H-- | M] () -- C:\Users\leave me alone\AppData\Local\IconCache.db
[2010/03/26 03:37:22 | 000,313,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/03/26 01:39:28 | 003,058,654 | ---- | M] () -- C:\Users\leave me alone\Desktop\3-26-2010 1-38-52 AM.bmp
[2010/03/26 01:38:35 | 000,075,832 | ---- | M] () -- C:\Users\leave me alone\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/25 02:25:16 | 001,105,120 | ---- | M] (Piriform Ltd) -- C:\Users\leave me alone\Desktop\spsetup100.exe
[2010/03/25 02:19:44 | 000,038,075 | ---- | M] () -- C:\Users\leave me alone\Desktop\index.php.htm
[2010/03/23 02:12:55 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/03/23 00:54:05 | 000,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/03/21 01:33:03 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/21 01:33:03 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/21 01:33:03 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/16 18:15:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 13:19:22 | 002,293,760 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:19:21 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/15 14:40:35 | 000,035,621 | ---- | M] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | M] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | M] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | M] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | M] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 16:27:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/03/14 16:27:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/03/14 16:27:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/14 16:27:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[2010/03/12 14:33:20 | 000,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/03/11 15:10:09 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/03/11 03:21:16 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/11 02:53:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/03/11 02:53:00 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/03/11 02:53:00 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/03/11 02:43:26 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/03/11 02:28:30 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/03/11 02:28:30 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/03/11 02:28:30 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/03/10 15:21:45 | 000,000,005 | ---- | M] () -- C:\Windows\System32\Band4
[2010/03/10 13:56:50 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE91906XN_E508240-002_4A_I303C_SWistron_V08.60_F.54_T090818_WV2-1_L409_M2814_J160_7AMD_8F31_92.10_#100309_N168C001C;10DE0760_(NV243UA#ABA)_XMOBILE_CN10_Z_2F.54.MRK
[2010/03/10 13:55:46 | 000,000,020 | -HS- | M] () -- C:\Users\leave me alone\ntuser.ini
[2010/03/10 13:48:35 | 000,011,264 | ---- | M] () -- C:\Windows\System32\drivers\UZI4NDQ1.del
[2010/03/10 12:54:00 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForleave me alone.job
[2010/03/10 12:52:16 | 000,524,288 | -HS- | M] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 02:51:12 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/03/09 17:10:32 | 001,053,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/03/09 17:10:32 | 000,505,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010/03/09 17:10:32 | 000,353,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010/03/09 17:10:31 | 001,066,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/03/09 17:04:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

========== Files Created - No Company Name ==========

[2010/03/27 11:55:44 | 000,156,759 | ---- | C] () -- C:\Users\leave me alone\Desktop\topic114351.html
[2010/03/27 11:54:23 | 000,293,376 | ---- | C] () -- C:\df37z391.exe
[2010/03/27 11:42:05 | 000,000,680 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\d3d9caps.dat
[2010/03/27 02:22:53 | 000,006,018 | ---- | C] () -- C:\Users\leave me alone\Documents\cc_20100327_022250.reg
[2010/03/27 02:22:29 | 000,030,924 | ---- | C] () -- C:\Users\leave me alone\Documents\cc_20100327_022226.reg
[2010/03/27 02:20:08 | 000,334,985 | ---- | C] () -- C:\Users\leave me alone\Desktop\look at all this it won't go away.png
[2010/03/26 14:04:03 | 000,012,582 | ---- | C] () -- C:\Users\leave me alone\Desktop\3-26-2010 2-04-03 PM.png
[2010/03/26 12:30:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/26 12:30:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/26 12:30:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/26 12:30:53 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/26 12:30:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/26 12:25:13 | 003,903,349 | R--- | C] () -- C:\Users\leave me alone\Desktop\fixme.exe
[2010/03/26 01:38:52 | 003,058,654 | ---- | C] () -- C:\Users\leave me alone\Desktop\3-26-2010 1-38-52 AM.bmp
[2010/03/25 02:19:42 | 000,038,075 | ---- | C] () -- C:\Users\leave me alone\Desktop\index.php.htm
[2010/03/24 02:21:05 | 000,017,664 | ---- | C] () -- C:\Windows\System32\drivers\EnumProcessesDriver.sys
[2010/03/20 03:15:41 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/03/20 03:15:41 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/03/20 03:15:41 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/03/20 03:15:41 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/03/17 12:53:53 | 000,007,396 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/03/16 18:15:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/03/16 13:18:46 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/03/16 13:18:45 | 002,293,760 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/03/16 01:45:02 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/03/16 01:45:01 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/03/16 01:44:55 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/03/16 01:44:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/16 01:44:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/16 01:44:52 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/03/16 01:44:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/03/16 01:44:46 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/03/16 01:44:37 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/03/16 01:44:35 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/03/16 01:44:09 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/03/15 14:40:34 | 000,035,621 | ---- | C] () -- C:\Users\leave me alone\Documents\Cannot Update Windows using Windows Update.htm
[2010/03/15 14:07:55 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\HP Help and Support.lnk
[2010/03/14 21:03:56 | 000,016,244 | ---- | C] () -- C:\Windows\System32\rrt_is.wav
[2010/03/14 21:03:56 | 000,007,148 | ---- | C] () -- C:\Windows\System32\rrt_tv.wav
[2010/03/14 21:03:56 | 000,006,282 | ---- | C] () -- C:\Windows\System32\rrt_tn.wav
[2010/03/14 21:03:55 | 000,007,302 | ---- | C] () -- C:\Windows\System32\rrt_vf.wav
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/03/14 01:40:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/03/12 12:46:15 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/12 02:56:33 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/11 15:10:09 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010/03/11 03:21:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/10 15:21:45 | 000,000,005 | ---- | C] () -- C:\Windows\System32\Band4
[2010/03/10 14:29:13 | 000,000,440 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{C68BB805-3B64-4C69-A90F-46E4D6ED70D5}.job
[2010/03/10 14:12:27 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/03/10 14:01:49 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/03/10 14:01:49 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\QSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\DSwitch.txt
[2010/03/10 14:01:38 | 000,000,000 | ---- | C] () -- C:\Users\leave me alone\AppData\Local\AtStart.txt
[2010/03/10 14:00:55 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForleave me alone.job
[2010/03/10 13:56:50 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE91906XN_E508240-002_4A_I303C_SWistron_V08.60_F.54_T090818_WV2-1_L409_M2814_J160_7AMD_8F31_92.10_#100309_N168C001C;10DE0760_(NV243UA#ABA)_XMOBILE_CN10_Z_2F.54.MRK
[2010/03/10 13:55:46 | 000,000,020 | -HS- | C] () -- C:\Users\leave me alone\ntuser.ini
[2010/03/10 13:55:45 | 001,835,008 | -HS- | C] () -- C:\Users\leave me alone\ntuser.dat
[2010/03/10 13:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2010/03/10 13:55:45 | 000,524,288 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/10 13:55:45 | 000,065,536 | -HS- | C] () -- C:\Users\leave me alone\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/10 13:48:35 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\UZI4NDQ1.del
[2010/03/10 12:31:25 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/03/10 03:50:23 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/03/09 17:12:54 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/03/09 17:12:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/03/09 17:12:22 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/03/09 17:11:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/03/09 17:10:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/03/09 17:10:36 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/03/09 17:04:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/03/09 17:02:06 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/03/09 17:01:52 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/20 07:27:52 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/04/20 07:21:52 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/04/20 07:19:51 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/04/20 07:18:27 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/27 11:54:59 | 000,293,376 | ---- | M] () -- C:\df37z391.exe


< MD5 for: AGP440.SYS >
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/04/20 06:26:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/20 21:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/20 21:34:20 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7E95B6FD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:B3D74A13
< End of report >




OTL Extras logfile created on: 3/26/2010 12:57:10 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\leave me alone\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.69 Gb Total Space | 109.19 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive D: | 10.36 Gb Total Space | 1.74 Gb Free Space | 16.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 7.45 Gb Total Space | 0.56 Gb Free Space | 7.54% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEAVEMEALONE-PC
Current User Name: leave me alone
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{284289C5-CCA6-40EF-AA01-E5651B6DB83B}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{74479465-BBFE-4EB5-8D33-805D7A2E2680}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B630EEC1-2091-40F5-8B06-CDC8E1987AA8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{ED5344BB-D7A2-47A4-9A76-BB7B8C2F6260}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EED59F82-F238-4260-AB51-DA393F916824}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}" = SnagIt 9
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{AA668889-AA01-AA01-AADC-65462C3DE344}" = FreeFixer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2808065-4945-419C-AEBA-18901C8193D4}" = COMODO Cloud Scanner
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnalogX CookieWall" = AnalogX CookieWall
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Greatis Reanimator_is1" = RegRun Reanimator
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Process_Hacker_is1" = Process Hacker 1.11
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnHackMe_is1" = UnHackMe 5.70 release
"WildTangent hp Master Uninstall" = My HP Games
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2010 3:38:56 PM | Computer Name = leavemealone-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\peerblock.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/24/2010 4:05:05 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/24/2010 4:07:57 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 1:59:49 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 3:46:07 AM | Computer Name = leavemealone-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "F:\peerblock.exe". Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/25/2010 4:13:00 AM | Computer Name = leavemealone-PC | Source = Application Error | ID = 1000
Description = Faulting application ProcessHacker.exe, version 1.11.0.0, time stamp
0x4b5c152b, faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e037dd,
exception code 0xe053534f, fault offset 0x0003fbae, process id 0x4Ôù 4Ôù , application
start time 0x4Ôù 4Ôù .

Error - 3/25/2010 4:20:27 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 4:23:27 AM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 1:16:57 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/25/2010 3:44:55 PM | Computer Name = leavemealone-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/26/2010 4:34:54 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/26/2010 4:37:51 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 4:37:51 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2010 5:23:39 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 5:23:39 AM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/26/2010 12:38:41 PM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/26/2010 12:38:41 PM | Computer Name = leavemealone-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-27 14:00:06
Windows 6.0.6002 Service Pack 2
Running: df37z391.exe; Driver: C:\Users\LEAVEM~1\AppData\Local\Temp\pxkdipow.sys


---- System - GMER 1.0.15 ----

SSDT 88151A20 ZwAlertResumeThread
SSDT 88151AE0 ZwAlertThread
SSDT 8824D230 ZwAllocateVirtualMemory
SSDT 887C4B30 ZwAlpcConnectPort
SSDT 88D50E10 ZwAssignProcessToJobObject
SSDT 88151770 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A38C9A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A38CB98]
SSDT 88D50B30 ZwCreateSymbolicLinkObject
SSDT 88413B70 ZwCreateThread
SSDT 88D50EF0 ZwDebugActiveProcess
SSDT 8824D388 ZwDuplicateObject
SSDT 8824D090 ZwFreeVirtualMemory
SSDT 88151860 ZwImpersonateAnonymousToken
SSDT 88151940 ZwImpersonateThread
SSDT 885D1490 ZwLoadDriver
SSDT 88151F70 ZwMapViewOfSection
SSDT 88151690 ZwOpenEvent
SSDT 8824D528 ZwOpenProcess
SSDT 88D50088 ZwOpenProcessToken
SSDT 881514D0 ZwOpenSection
SSDT 8824D458 ZwOpenThread
SSDT 88D50D20 ZwProtectVirtualMemory
SSDT 8830F738 ZwResumeThread
SSDT 88151D20 ZwSetContextThread
SSDT 88151DE0 ZwSetInformationProcess
SSDT 88D50FD0 ZwSetSystemInformation
SSDT 881515B0 ZwSuspendProcess
SSDT 88151BA0 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A38C656]
SSDT 88151C60 ZwTerminateThread
SSDT 88151EB0 ZwUnmapViewOfSection
SSDT 8824D160 ZwWriteVirtualMemory
SSDT 88D50C20 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A38CDA0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820C5880 8 Bytes [20, 1A, 15, 88, E0, 1A, 15, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820C5894 4 Bytes [30, D2, 24, 88] {XOR DL, DL; AND AL, 0x88}
.text ntkrnlpa.exe!KeSetEvent + 13D 820C58A0 4 Bytes [30, 4B, 7C, 88]
.text ntkrnlpa.exe!KeSetEvent + 191 820C58F4 4 Bytes [10, 0E, D5, 88] {ADC [ESI], CL; AAD 0x88}
.text ntkrnlpa.exe!KeSetEvent + 1F5 820C5958 4 Bytes [70, 17, 15, 88]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PeerBlock\peerblock.exe[1008] kernel32.dll!SetUnhandledExceptionFilter 775FA84F 5 Bytes JMP 0043F0C0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74D47817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74D9A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74D4BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74D3F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74D475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74D3E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74D78395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74D4DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74D3FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74D3FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74D371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74DCCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74D6C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74D3D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74D36853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74D3687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2840] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74D42AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVHook.sys (PC Tools Filter Driver for Windows 2000/XP/PC Tools Research Pty Ltd.)

---- EOF - GMER 1.0.15 ----
  • 0

#9
azarl
Posted 27 March 2010 - 03:03 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Thanks, I'll go through that. I'm away tomorrow, I'll get back to you monday

Cheers
  • 0

#10
azarl
Posted 29 March 2010 - 05:57 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step 1 «
Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
» Step 2 «
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 3 «
Kaspersky WebScanner
Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA technology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest vision.

Upgrading Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586-p.exe and select "Run as an Administrator.")
Running Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Diallers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
«®»
  • 0

Advertisements

#11
_The_Nothing_
Posted 29 March 2010 - 01:12 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
first of all thanks for your quick response to me !
second I live by using TFC Oldtimer is so cool to put out his tools like this !
I'm downloading everything else right now
also I'm not really sure if combofix ran right it didn't dawn on me until last night I didn't remember seeing it tell me anything about changing my clock and setting it back. did they change it ?
soon as the java update come in I'll start everything, oh yeah I've tried to get to the Kaspersky scanner and it always tells me they are working on it with a new version so I couldn't ever use it, so thanks for the link !
  • 0

#12
azarl
Posted 29 March 2010 - 02:07 PM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OT makes a few tools - they're all excellent

ComboFix ran fine, it was all complete.

I'll wait to here from you then,

Cheers
  • 0

#13
_The_Nothing_
Posted 30 March 2010 - 12:22 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, March 30, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, March 30, 2010 03:34:27
Records in database: 3898752
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 148198
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:12:23


File name / Threat / Threats count
F:\New Folder\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.bsvq 1

Selected area has been scanned.



Malwarebytes' Anti-Malware 1.44
Database version: 3929
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/29/2010 3:09:33 PM
mbam-log-2010-03-29 (15-09-33).txt

Scan type: Quick Scan
Objects scanned: 105556
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
_The_Nothing_
Posted 30 March 2010 - 12:38 PM

_The_Nothing_

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
do you need a rootrepal scan
these two really bother me


regquery.bat report


Combofix report
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
  • 0

#15
azarl
Posted 31 March 2010 - 02:44 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
  • The registry entry from ComboFix is OK, it's nothing to be concerned about,
  • AVZ is a scanning tool rather than an Antivirus, it's not a tool I would run without a lot of research.
  • AKAMAI is a download service, lots of reputable vendors use
  • Have a look here , at Panda's USB vaccine program. Very good and free
  • MGTools is OK, ComboFix misidentifies it as malware

Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.

We'll move on to the cleanup now. There's quite A bit to do here, just take your time

Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE

Follow these steps to uninstall ComboFix and tools used in the removal of malware
  • Click START then RUN
  • Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.
    Posted Image
OTL Cleanup
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection

It is critical that you have both a firewall and antivirus to protect your system and to keep them updated.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware

Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.


Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • Run Internet Explorer
  • Click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
«®»
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP