Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unsure what virus...

Started by Wafflemonger , Mar 12 2011 02:28 PM

  • This topic is locked This topic is locked

#1
Wafflemonger
Posted 12 March 2011 - 02:28 PM

Wafflemonger

    Member

  • Member
  • PipPipPip
  • 548 posts
Alright so on a whim I performed a virus scan yesterday after noticing that my internet connection was somewhat laggy. I used MBAM quick scan and it found 2 trojan files in the temp directory. Successfully removed them, and upon reboot I performed another quick scan just to make sure nothing was there. Nothing was. Upon waking up this morning and attempting to connect to the internet I was unable to do so. All outgoing connections were being redirected to the loopback 127.0.0.1. I replaced the hosts file using a backup hosts file, however to do so I had to end the network application svchost.exe [which was NEVER needed in the past]. Upon replacing the hosts file I am now able to connect to the internet. However the svchost.exe process is still using 50% of my CPU which is higher than it has ever been. No scan [avast 5.0, superantispyware, spybot, or MBAM] finds any issues.

Another issue is that now when I open programs such as tfc.exe, otl.exe, or any other anti malware, it takes about 10 seconds to open it. But all other programs open instantaneously. TFC.exe causes a bluescreen. OTL log below.

OTL logfile created on: 12/03/2011 3:21:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Wafflemonger\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 21.34 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 406.13 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: PC-CSD21260 | User Name: Wafflemonger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 15:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
PRC - [2011/03/06 13:28:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 19:40:30 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/02/23 01:39:10 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/02/23 01:17:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/03/12 15:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/11/20 06:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VMUSBArbService)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/23 01:17:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/07 05:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/09/11 01:10:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/15 15:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\@dragon age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/23 03:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/06 16:35:01 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 18:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/08/05 13:08:04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/05 13:08:02 | 000,031,824 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B F3 82 C5 73 51 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://ca.search.yah...type=382950&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 13:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 13:28:32 | 000,000,000 | ---D | M]

[2010/09/11 00:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wafflemonger\AppData\Roaming\Mozilla\Extensions
[2010/12/15 14:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wafflemonger\AppData\Roaming\Mozilla\Firefox\Profiles\ilri6d8q.default\extensions
[2011/03/12 02:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 21:38:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/16 21:38:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/09/02 03:23:28 | 000,614,098 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16421 more lines...
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2b274784-0162-11e0-b1b1-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{2b274784-0162-11e0-b1b1-001cc03a48fe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{380d562a-e9b3-11df-8740-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{380d562a-e9b3-11df-8740-001cc03a48fe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ba96b5d2-be12-11df-8803-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ba96b5d2-be12-11df-8803-001cc03a48fe}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O33 - MountPoints2\{f16bfac0-19dc-11e0-8803-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f16bfac0-19dc-11e0-8803-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 15:15:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
[2011/03/10 23:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/03/10 00:45:15 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/10 00:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/09 23:27:09 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/03/09 23:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011/03/09 22:47:18 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Dragon.Age.21-RELOADED
[2011/03/03 20:01:05 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\S.A.D
[2011/03/03 19:50:56 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011/02/26 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Fallout FULL
[2011/02/26 00:42:38 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Doom 95
[2011/02/25 03:45:38 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/25 03:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/25 03:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/24 18:23:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/02/24 18:22:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/02/24 18:18:54 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/02/23 19:28:11 | 000,371,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/20 02:37:08 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Age Of Empires 2
[2011/02/20 02:34:29 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\GameRanger
[2011/02/20 02:32:46 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age Of Empires 2 & The Conquerors Expansion - Full Game
[2011/02/20 02:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game
[2011/02/19 23:49:03 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Documents\Teamviewer Recordings
[2011/02/19 14:20:45 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Rsbot
[2011/02/19 13:33:16 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\teamspeak2
[2011/02/16 21:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/16 14:38:45 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Documents\ZScreen
[2011/02/16 14:38:27 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Local\ZScreen
[2011/02/16 14:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZScreen
[2011/02/16 14:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZScreen
[2011/02/12 01:54:30 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Project Blackout
[2011/02/12 01:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Project Blackout
[2010/12/29 22:30:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.sys
[2010/12/15 13:40:21 | 000,047,616 | ---- | C] (Stirling Technologies, Inc.) -- C:\Users\Wafflemonger\AppData\Roaming\RunProcess.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/12 15:18:33 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 15:18:33 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/12 15:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
[2011/03/12 15:11:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/12 15:11:56 | 2414,354,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/12 04:09:11 | 001,034,148 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110312-133604.backup
[2011/03/12 03:35:58 | 000,000,117 | ---- | M] () -- C:\Users\Wafflemonger\jagex_runescape_preferences2.dat
[2011/03/12 03:06:54 | 000,000,046 | ---- | M] () -- C:\Users\Wafflemonger\jagex_runescape_preferences.dat
[2011/03/05 02:45:22 | 000,001,012 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\Play ZombieCraft.lnk
[2011/03/02 17:04:57 | 000,614,353 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110312-040911.backup
[2011/02/26 15:10:12 | 000,721,454 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/26 15:10:12 | 000,141,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/25 03:47:20 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/24 18:49:34 | 000,007,601 | ---- | M] () -- C:\Users\Wafflemonger\AppData\Local\Resmon.ResmonCfg
[2011/02/24 18:42:02 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/23 19:28:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/02/23 09:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/02/23 03:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/02/23 03:27:00 | 000,004,756 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/02/20 02:34:31 | 000,001,080 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\GameRanger.lnk
[2011/02/20 02:32:47 | 000,001,044 | ---- | M] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk
[2011/02/16 19:28:53 | 001,003,113 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\lmfao.png
[2011/02/16 14:38:20 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\ZScreen.lnk
[2011/02/12 01:54:30 | 000,001,031 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\Project Blackout.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/05 02:45:22 | 000,001,012 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\Play ZombieCraft.lnk
[2011/02/24 18:49:34 | 000,007,601 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\Resmon.ResmonCfg
[2011/02/24 18:19:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/24 18:19:46 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/02/24 18:18:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/24 18:18:36 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/02/24 18:18:26 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/02/20 02:34:31 | 000,001,080 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\GameRanger.lnk
[2011/02/20 02:34:31 | 000,001,066 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011/02/20 02:32:47 | 000,001,044 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk
[2011/02/16 19:28:52 | 001,003,113 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\lmfao.png
[2011/02/16 14:38:20 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\ZScreen.lnk
[2011/02/12 01:54:30 | 000,001,031 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\Project Blackout.lnk
[2011/01/12 23:19:22 | 000,005,120 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 02:35:00 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/29 23:12:42 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/12/29 23:12:42 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/12/29 23:12:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/12/29 23:12:42 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/29 22:30:02 | 000,087,608 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\inst.exe
[2010/12/29 22:30:02 | 000,007,887 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.cat
[2010/12/29 22:30:02 | 000,001,144 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.inf
[2010/12/05 19:57:42 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/27 13:19:52 | 000,001,836 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\ImperatorProfile0.dat
[2010/10/27 13:19:52 | 000,001,826 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\ImperatorProfile1.dat
[2010/10/26 21:37:09 | 000,000,906 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\RSBot_Accounts.ini
[2010/09/27 22:59:57 | 000,000,600 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\PUTTY.RND
[2010/09/11 19:25:42 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/11 10:52:03 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/11 00:48:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,721,454 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,141,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/15 14:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2004/02/29 22:53:00 | 000,000,796 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011/03/09 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\.minecraft
[2010/12/13 02:57:45 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\Auslogics
[2010/09/12 13:34:40 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\DAEMON Tools Lite
[2011/02/20 02:34:30 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\GameRanger
[2011/03/09 23:05:32 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\LimeWire
[2010/09/11 22:53:00 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\Publish Providers
[2010/12/25 13:01:22 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\Razer
[2011/03/03 20:01:05 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\S.A.D
[2010/09/11 22:52:57 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\Sony
[2010/09/11 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\Subversion
[2011/03/10 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\SystemRequirementsLab
[2010/12/10 16:31:51 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\TeamViewer
[2011/02/26 21:53:24 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\TS3Client
[2010/11/13 00:49:54 | 000,000,000 | ---D | M] -- C:\Users\Wafflemonger\AppData\Roaming\uTorrent
[2011/02/23 07:42:36 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 12/03/2011 3:21:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Wafflemonger\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 21.34 Gb Free Space | 28.64% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 406.13 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: PC-CSD21260 | User Name: Wafflemonger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.24
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB6694FB-30D9-42A8-A15E-019F127EE494}" = Wireless-G PCI Adapter
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Razer Imperator Firmware Updater
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age Of Empires 2 & The Conquerors Expansion - Full Game" = Age Of Empires 2 & The Conquerors Expansion - Full Game
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"jose-chess" = jose
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Project Blackout" = Project Blackout
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"ZScreen_is1" = ZScreen 3.27.3.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/03/2011 8:23:46 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 08/03/2011 8:23:54 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 09/03/2011 9:31:28 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/03/2011 9:33:21 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 09/03/2011 9:33:29 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 10/03/2011 9:32:56 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/03/2011 9:34:56 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/03/2011 9:35:05 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 11/03/2011 3:27:55 AM | Computer Name = PC-CSD21260 | Source = Application Error | ID = 1000
Description = Faulting application name: dplaysvr.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bcbb4 Faulting module name: GameRanger.dll, version: 0.0.0.0, time
stamp: 0x4d2c69eb Exception code: 0xc0000005 Fault offset: 0x000044b2 Faulting process
id: 0xf0c Faulting application start time: 0x01cbdfbdd5a7d4f4 Faulting application
path: C:\Windows\system32\dplaysvr.exe Faulting module path: C:\Users\WAFFLE~1\AppData\Local\Temp\{170804ec-ba12-4312-b458-9ac20ba3960d}\GameRanger.dll
Report
Id: 14204df9-4bb1-11e0-ad56-001676c8e2df

Error - 11/03/2011 7:59:40 PM | Computer Name = PC-CSD21260 | Source = Application Error | ID = 1000
Description = Faulting application name: DragonAge2.exe, version: 1.0.5174.0, time
stamp: 0x4d4b03e5 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00032239 Faulting process
id: 0xe44 Faulting application start time: 0x01cbe03a77c1dfb2 Faulting application
path: D:\GAMES\Dragon Age 2\bin_ship\DragonAge2.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 9fef6e67-4c3b-11e0-bd65-001676c8e2df

[ System Events ]
Error - 09/02/2011 9:08:52 AM | Computer Name = PC-CSD21260 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:53:02 PM on ?08/?02/?2011 was unexpected.

Error - 09/02/2011 9:09:16 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 09/02/2011 10:53:20 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/02/2011 8:58:09 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 11/02/2011 2:49:26 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 12/02/2011 5:50:18 AM | Computer Name = PC-CSD21260 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/02/2011 4:01:27 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 13/02/2011 1:52:07 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 13/02/2011 2:45:01 PM | Computer Name = PC-CSD21260 | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 14/02/2011 9:03:46 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2


< End of report >
  • 0

Advertisements

#2
Render
Posted 17 March 2011 - 09:18 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, Wafflemonger! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :D

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:

  • I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyze and fix your PC in the long run.

Sorry for the delay. I'm currently reviewing your logs.
  • 0

#3
Wafflemonger
Posted 17 March 2011 - 10:20 AM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
I would appreciate that if you tell me to do something, say add a custom fix for OTL, that you describe what each command/line does as I would like to learn :D, that way also I know what I am doing on my system to better understand it.
  • 0

#4
Render
Posted 17 March 2011 - 11:48 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi again

There's not much to see from provided OTL and Extras logs. We will start with master boot record check (steps 1 and 2), then I would like to have fresh OTL and Extras logs.

One note regarding delays when you're opening downloaded program from my teacher:

Avast may cause the slight delay as the autosandbox option checks the files first before allowing to run (downloaded and USB drives only). The delay has been reduced in version 6.


OK. Let's go. Please follow the steps below:

Step 1

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Posted Image OTL Default Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Under the Extra Registry section, check Use SafeList
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • MBRCheck log
  • aswMBR log
  • Fresh OTL and Extras logs

  • 0

#5
Wafflemonger
Posted 17 March 2011 - 05:10 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
I feel it necessary to point out that I updated from Avast! to NOD32 before I posted this topic, but I had run OTL before Avast! so there may be some discrepancies in the logs.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 201):
0x8341C000 \SystemRoot\system32\ntkrnlpa.exe
0x8382E000 \SystemRoot\system32\halmacpi.dll
0x80BA9000 \SystemRoot\system32\kdcom.dll
0x83A29000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83AAE000 \SystemRoot\system32\PSHED.dll
0x83ABF000 \SystemRoot\system32\BOOTVID.dll
0x83AC7000 \SystemRoot\system32\CLFS.SYS
0x83B09000 \SystemRoot\system32\CI.dll
0x8BA01000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BA72000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BA80000 \SystemRoot\System32\Drivers\sptd.sys
0x8BB90000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8BB99000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x83BB4000 \SystemRoot\system32\drivers\ACPI.sys
0x8BBBF000 \SystemRoot\system32\drivers\msisadrv.sys
0x8BBC7000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8BBD2000 \SystemRoot\system32\drivers\pci.sys
0x83A00000 \SystemRoot\System32\drivers\partmgr.sys
0x83A11000 \SystemRoot\system32\drivers\volmgr.sys
0x8BC31000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BC7C000 \SystemRoot\system32\drivers\intelide.sys
0x8BC83000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8BC91000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BCA7000 \SystemRoot\system32\drivers\vmbus.sys
0x8BCD1000 \SystemRoot\system32\drivers\winhv.sys
0x8BCE3000 \SystemRoot\system32\drivers\atapi.sys
0x8BCEC000 \SystemRoot\system32\drivers\ataport.SYS
0x8BD0F000 \SystemRoot\system32\drivers\amdxata.sys
0x8BD18000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BD4C000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BE21000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF50000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BF7B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BF8E000 \SystemRoot\System32\Drivers\cng.sys
0x8BFEB000 \SystemRoot\System32\drivers\pcw.sys
0x8BE00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C00C000 \SystemRoot\system32\drivers\ndis.sys
0x8C0C3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C101000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C215000 \SystemRoot\System32\drivers\tcpip.sys
0x8C35F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C390000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8C399000 \SystemRoot\system32\drivers\volsnap.sys
0x8C3D8000 \SystemRoot\System32\Drivers\spldr.sys
0x8C3E0000 \SystemRoot\system32\speedfan.sys
0x8C126000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C3E2000 \SystemRoot\System32\Drivers\mup.sys
0x8C3F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C3FA000 \SystemRoot\system32\giveio.sys
0x8C153000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C200000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C185000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C1DC000 \SystemRoot\system32\drivers\cdrom.sys
0x8C000000 \SystemRoot\System32\Drivers\Null.SYS
0x8BE09000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BD5D000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x8BE10000 \SystemRoot\System32\drivers\vga.sys
0x8BD7C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD9D000 \SystemRoot\System32\drivers\watchdog.sys
0x8BDAA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDB2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BDBA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8BDC2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BDCD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BDDB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BDF2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E11000 \SystemRoot\system32\drivers\afd.sys
0x90E6B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E9D000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90EA4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90EC3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90ED4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EE2000 \SystemRoot\system32\DRIVERS\serial.sys
0x90EFC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F0F000 \SystemRoot\system32\drivers\termdd.sys
0x90F20000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90F42000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90F48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F89000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F93000 \SystemRoot\system32\drivers\mssmbios.sys
0x90F9D000 \SystemRoot\System32\drivers\discache.sys
0x91611000 \SystemRoot\system32\drivers\csc.sys
0x91675000 \SystemRoot\System32\Drivers\dfsc.sys
0x9168D000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9169B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x916BC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x97600000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x97FFB000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x916CE000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91785000 \SystemRoot\System32\drivers\dxgmms1.sys
0x917BE000 \SystemRoot\system32\drivers\HDAudBus.sys
0x90FA9000 \SystemRoot\system32\DRIVERS\e1e6032.sys
0x917DD000 \SystemRoot\system32\drivers\usbuhci.sys
0x93A2A000 \SystemRoot\system32\drivers\USBPORT.SYS
0x93A75000 \SystemRoot\system32\drivers\usbehci.sys
0x93A84000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x93B9C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x93BA6000 \SystemRoot\system32\drivers\1394ohci.sys
0x93BD3000 \SystemRoot\system32\DRIVERS\parport.sys
0x93BEB000 \SystemRoot\system32\DRIVERS\serenum.sys
0x98032000 \SystemRoot\System32\Drivers\a8x9a41h.SYS
0x9806F000 \SystemRoot\system32\drivers\CompositeBus.sys
0x9807C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9808E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x980A6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x980B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x980D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x980EB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x98102000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x98119000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x98123000 \SystemRoot\system32\drivers\kbdclass.sys
0x98130000 \SystemRoot\system32\drivers\mouclass.sys
0x9813D000 \SystemRoot\system32\drivers\swenum.sys
0x9813F000 \SystemRoot\system32\drivers\ks.sys
0x98173000 \SystemRoot\system32\drivers\umbus.sys
0x98181000 \SystemRoot\system32\drivers\usbhub.sys
0x981C5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x981D6000 \SystemRoot\system32\drivers\nvhda32v.sys
0x98000000 \SystemRoot\system32\drivers\portcls.sys
0x93A00000 \SystemRoot\system32\drivers\drmk.sys
0x98E3D000 \SystemRoot\system32\drivers\HdAudio.sys
0x9A370000 \SystemRoot\System32\win32k.sys
0x98E8D000 \SystemRoot\System32\drivers\Dxapi.sys
0x98E97000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98EA4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x98EAF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x98EB8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98EC9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A5D0000 \SystemRoot\System32\TSDDD.dll
0x98ED4000 \SystemRoot\system32\drivers\usbccgp.sys
0x98EEB000 \SystemRoot\system32\drivers\USBD.SYS
0x98EED000 \SystemRoot\system32\drivers\hidusb.sys
0x98EF8000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x98F0B000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x98F12000 \SystemRoot\system32\drivers\kbdhid.sys
0x9A200000 \SystemRoot\System32\cdd.dll
0x98F1E000 \SystemRoot\system32\drivers\luafv.sys
0x98F39000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x98FDF000 \SystemRoot\system32\drivers\usbaudio.sys
0x98E00000 \SystemRoot\system32\drivers\WudfPf.sys
0x98E1A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x98E25000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A627000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A66D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A67D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A690000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x9A699000 \SystemRoot\system32\drivers\HTTP.sys
0x9A71E000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A737000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A749000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A76C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A7A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A7C2000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9A7C9000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x9EA39000 \SystemRoot\system32\drivers\peauth.sys
0x9EAD0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EADA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EAFB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EB08000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EB57000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EBA8000 \??\C:\Windows\system32\drivers\mbam.sys
0x77810000 \Windows\System32\ntdll.dll
0x476E0000 \Windows\System32\smss.exe
0x77A50000 \Windows\System32\apisetschema.dll
0x00D40000 \Windows\System32\autochk.exe
0x77540000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77A20000 \Windows\System32\sechost.dll
0x77A10000 \Windows\System32\lpk.dll
0x779B0000 \Windows\System32\difxapi.dll
0x77960000 \Windows\System32\gdi32.dll
0x77760000 \Windows\System32\rpcrt4.dll
0x775C0000 \Windows\System32\setupapi.dll
0x76970000 \Windows\System32\shell32.dll
0x768E0000 \Windows\System32\clbcatq.dll
0x76850000 \Windows\System32\oleaut32.dll
0x767F0000 \Windows\System32\shlwapi.dll
0x767C0000 \Windows\System32\imagehlp.dll
0x767A0000 \Windows\System32\imm32.dll
0x76720000 \Windows\System32\comdlg32.dll
0x765C0000 \Windows\System32\ole32.dll
0x763C0000 \Windows\System32\iertutil.dll
0x76320000 \Windows\System32\usp10.dll
0x76250000 \Windows\System32\user32.dll
0x76200000 \Windows\System32\Wldap32.dll
0x77950000 \Windows\System32\nsi.dll
0x761F0000 \Windows\System32\psapi.dll
0x76140000 \Windows\System32\msvcrt.dll
0x760A0000 \Windows\System32\advapi32.dll
0x75F60000 \Windows\System32\urlmon.dll
0x75F50000 \Windows\System32\normaliz.dll
0x75E80000 \Windows\System32\msctf.dll
0x75D80000 \Windows\System32\wininet.dll
0x75CA0000 \Windows\System32\kernel32.dll
0x75C60000 \Windows\System32\ws2_32.dll
0x75C10000 \Windows\System32\KernelBase.dll
0x75B80000 \Windows\System32\comctl32.dll
0x75A60000 \Windows\System32\crypt32.dll
0x75A40000 \Windows\System32\devobj.dll
0x75A10000 \Windows\System32\cfgmgr32.dll
0x759E0000 \Windows\System32\wintrust.dll
0x759D0000 \Windows\System32\msasn1.dll

Processes (total 51):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
396 csrss.exe
456 C:\Windows\System32\wininit.exe
468 csrss.exe
504 C:\Windows\System32\services.exe
520 C:\Windows\System32\lsass.exe
528 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\winlogon.exe
696 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\nvvsvc.exe
796 C:\Windows\System32\svchost.exe
852 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1380 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1392 C:\Windows\System32\nvvsvc.exe
1576 C:\Windows\System32\spoolsv.exe
1616 C:\Windows\System32\svchost.exe
1720 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
1756 C:\Windows\System32\svchost.exe
1788 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1824 C:\Windows\System32\svchost.exe
1896 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
1924 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
312 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2364 C:\Windows\System32\svchost.exe
2488 C:\Windows\System32\taskhost.exe
2536 C:\Windows\System32\dwm.exe
2564 C:\Windows\explorer.exe
2740 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
2792 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2800 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2808 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
3108 C:\Windows\System32\SearchIndexer.exe
3228 C:\Program Files\Windows Media Player\wmpnetwk.exe
3632 C:\Windows\System32\svchost.exe
2776 C:\Program Files\mIRC\mirc.exe
3056 dllhost.exe
3460 C:\Program Files\Mozilla Firefox\firefox.exe
780 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2240 C:\Windows\System32\svchost.exe
3804 C:\Windows\System32\SearchProtocolHost.exe
2648 C:\Windows\System32\SearchFilterHost.exe
1440 C:\Users\Wafflemonger\Desktop\MBRCheck.exe
2224 C:\Windows\System32\conhost.exe
320 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 4.AAB
PhysicalDrive1 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
  • 0

#6
Wafflemonger
Posted 17 March 2011 - 05:11 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-17 19:09:18
-----------------------------
19:09:18.968 OS Version: Windows 6.1.7601 Service Pack 1
19:09:18.968 Number of processors: 2 586 0x604
19:09:18.970 ComputerName: PC-CSD21260 UserName:
19:09:34.336 Initialize success
19:09:59.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:09:59.543 Disk 0 Vendor: ST380815AS 4.AAB Size: 76319MB BusType: 3
19:09:59.547 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-3
19:09:59.552 Disk 1 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476940MB BusType: 3
19:10:01.576 Disk 0 MBR read successfully
19:10:01.581 Disk 0 MBR scan
19:10:03.593 Disk 0 scanning sectors +156299264
19:10:03.625 Disk 0 scanning C:\Windows\system32\drivers
19:10:10.065 Service scanning
19:10:11.286 Disk 0 trace - called modules:
19:10:11.305 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85f731e8]<<
19:10:11.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d7c920]
19:10:11.320 3 CLASSPNP.SYS[8c18959e] -> nt!IofCallDriver -> [0x86c95348]
19:10:11.326 5 ACPI.sys[83bbd3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86c96908]
19:10:11.347 \Driver\atapi[0x86c93af8] -> IRP_MJ_CREATE -> 0x85f731e8
19:10:11.354 Scan finished successfully
  • 0

#7
Wafflemonger
Posted 17 March 2011 - 05:18 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
OTL logfile created on: 17/03/2011 7:13:10 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Wafflemonger\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 18.99 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 406.13 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: PC-CSD21260 | User Name: Wafflemonger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/12 16:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
PRC - [2011/03/06 14:28:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/03 20:40:30 | 000,619,288 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2011/02/23 02:39:10 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/02/23 02:17:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/01/12 17:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/17 08:17:00 | 001,087,070 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/03/12 16:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
MOD - [2011/03/03 20:40:30 | 000,814,360 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseSVN.dll
MOD - [2011/03/03 20:40:28 | 000,048,920 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/04 21:58:01 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
MOD - [2010/11/04 21:53:44 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcr90.dll
MOD - [2010/11/04 21:53:43 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_50916076bcb9a742\msvcp90.dll
MOD - [2010/09/11 23:45:07 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
MOD - [2010/07/16 17:32:20 | 000,186,136 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libaprutil_tsvn.dll
MOD - [2010/07/16 17:32:20 | 000,128,280 | ---- | M] (Apache Software Foundation) -- C:\Program Files\TortoiseSVN\bin\libapr_tsvn.dll
MOD - [2010/07/16 17:32:18 | 000,062,744 | ---- | M] (Free Software Foundation) -- C:\Program Files\TortoiseSVN\bin\intl3_tsvn.dll
MOD - [2010/03/21 08:55:16 | 000,087,304 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
MOD - [2009/07/13 21:16:14 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (VMUSBArbService)
SRV - [2011/02/23 02:17:26 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/01/12 17:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 17:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010/12/20 19:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/07 06:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/09/11 02:10:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/12/15 16:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\@dragon age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 04:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/01/06 17:35:01 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/12/21 16:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 16:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 14:47:38 | 000,095,384 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2010/12/20 19:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 06:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/11 19:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/08/05 14:08:04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/05 14:08:02 | 000,031,824 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B F3 82 C5 73 51 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://ca.search.yah...type=382950&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 14:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 14:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/03/12 18:39:20 | 000,000,000 | ---D | M]

[2010/09/11 01:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wafflemonger\AppData\Roaming\Mozilla\Extensions
[2010/12/15 15:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wafflemonger\AppData\Roaming\Mozilla\Firefox\Profiles\ilri6d8q.default\extensions
[2011/03/17 19:05:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 22:38:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/16 22:38:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/09/02 04:23:28 | 000,614,098 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 16421 more lines...
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - Startup: C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2b274784-0162-11e0-b1b1-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{2b274784-0162-11e0-b1b1-001cc03a48fe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{380d562a-e9b3-11df-8740-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{380d562a-e9b3-11df-8740-001cc03a48fe}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ba96b5d2-be12-11df-8803-001cc03a48fe}\Shell - "" = AutoRun
O33 - MountPoints2\{ba96b5d2-be12-11df-8803-001cc03a48fe}\Shell\AutoRun\command - "" = G:\FalloutLauncher.exe
O33 - MountPoints2\{f16bfac0-19dc-11e0-8803-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f16bfac0-19dc-11e0-8803-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

========== Files/Folders - Created Within 30 Days ==========

[2011/03/17 19:09:09 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Wafflemonger\Desktop\aswMBR.exe
[2011/03/12 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/03/12 18:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/03/12 16:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/12 16:15:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
[2011/03/11 00:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/03/10 01:45:15 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/10 01:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/10 00:27:09 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/03/10 00:27:09 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/03/10 00:27:09 | 010,468,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/03/10 00:27:09 | 010,079,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/03/10 00:27:09 | 004,942,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/03/10 00:27:09 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/03/10 00:27:09 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/03/10 00:27:09 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/03/10 00:27:09 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011/03/10 00:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
[2011/03/09 23:47:18 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Dragon.Age.21-RELOADED
[2011/03/09 08:45:16 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/09 08:45:16 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/09 08:45:13 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 08:45:13 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 08:45:12 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 08:45:12 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/03 21:01:05 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\S.A.D
[2011/03/03 20:50:56 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2011/02/26 17:57:56 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Fallout FULL
[2011/02/26 01:42:38 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Doom 95
[2011/02/25 04:45:38 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/25 04:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/02/25 04:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/24 19:23:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/02/24 19:22:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/02/24 19:20:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LSCSHostPolicy.dll
[2011/02/24 19:20:02 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011/02/24 19:20:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2011/02/24 19:19:59 | 001,171,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/24 19:19:59 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/24 19:19:59 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/24 19:19:59 | 000,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2011/02/24 19:19:59 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tssrvlic.dll
[2011/02/24 19:19:57 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/02/24 19:19:56 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/24 19:19:55 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/02/24 19:19:55 | 000,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/02/24 19:19:53 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2011/02/24 19:19:51 | 003,966,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/24 19:19:51 | 003,207,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/24 19:19:51 | 000,520,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011/02/24 19:19:50 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/02/24 19:19:50 | 001,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/02/24 19:19:49 | 003,911,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/24 19:19:49 | 001,698,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2011/02/24 19:19:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/02/24 19:19:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/02/24 19:19:48 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/02/24 19:19:47 | 005,066,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll
[2011/02/24 19:19:47 | 001,115,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2011/02/24 19:19:46 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2011/02/24 19:19:45 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/02/24 19:19:43 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/02/24 19:19:43 | 001,828,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2011/02/24 19:19:43 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/24 19:19:42 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2011/02/24 19:19:42 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2011/02/24 19:19:42 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PushPrinterConnections.exe
[2011/02/24 19:19:41 | 001,371,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmcore.dll
[2011/02/24 19:19:41 | 001,038,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/02/24 19:19:41 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2011/02/24 19:19:41 | 000,342,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2011/02/24 19:19:40 | 000,863,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2011/02/24 19:19:40 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/24 19:19:39 | 003,367,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2011/02/24 19:19:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/02/24 19:19:39 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/24 19:19:39 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2011/02/24 19:19:39 | 000,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsmf.dll
[2011/02/24 19:19:39 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2011/02/24 19:19:39 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3api.dll
[2011/02/24 19:19:38 | 000,768,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/02/24 19:19:38 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/24 19:19:38 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/24 19:19:37 | 002,522,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2011/02/24 19:19:37 | 000,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2011/02/24 19:19:37 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/02/24 19:19:37 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfgx.dll
[2011/02/24 19:19:37 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpshell.exe
[2011/02/24 19:19:36 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/02/24 19:19:36 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/02/24 19:19:35 | 002,151,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2011/02/24 19:19:35 | 001,363,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2011/02/24 19:19:35 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2011/02/24 19:19:35 | 000,252,928 | ---- | C] (Microsoft) -- C:\Windows\System32\DShowRdpFilter.dll
[2011/02/24 19:19:35 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/24 19:19:35 | 000,049,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/02/24 19:19:34 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2011/02/24 19:19:34 | 000,732,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2011/02/24 19:19:34 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/02/24 19:19:33 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2011/02/24 19:19:33 | 000,974,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppobjs.dll
[2011/02/24 19:19:33 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/02/24 19:19:33 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe
[2011/02/24 19:19:32 | 001,712,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/24 19:19:32 | 000,508,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/02/24 19:19:31 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppwinob.dll
[2011/02/24 19:19:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
[2011/02/24 19:19:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/02/24 19:19:30 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfds.dll
[2011/02/24 19:19:30 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll
[2011/02/24 19:19:30 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2011/02/24 19:19:29 | 002,414,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/02/24 19:19:29 | 001,063,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werconcpl.dll
[2011/02/24 19:19:29 | 000,762,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2011/02/24 19:19:29 | 000,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2011/02/24 19:19:29 | 000,442,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/02/24 19:19:29 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appmgr.dll
[2011/02/24 19:19:29 | 000,240,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/02/24 19:19:29 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2011/02/24 19:19:29 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2011/02/24 19:19:28 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2011/02/24 19:19:28 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2011/02/24 19:19:27 | 000,854,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
[2011/02/24 19:19:27 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/02/24 19:19:27 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/24 19:19:27 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2011/02/24 19:19:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/24 19:19:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/24 19:19:27 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpinit.exe
[2011/02/24 19:19:27 | 000,144,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2011/02/24 19:19:26 | 000,778,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2011/02/24 19:19:26 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2011/02/24 19:19:26 | 000,335,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll
[2011/02/24 19:19:25 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/02/24 19:19:25 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
[2011/02/24 19:19:25 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
[2011/02/24 19:19:25 | 000,271,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fveapi.dll
[2011/02/24 19:19:25 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnike.dll
[2011/02/24 19:19:25 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/24 19:19:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tspubwmi.dll
[2011/02/24 19:19:24 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgprint.dll
[2011/02/24 19:19:23 | 000,690,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/02/24 19:19:23 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/02/24 19:19:23 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/02/24 19:19:23 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2011/02/24 19:19:23 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe
[2011/02/24 19:19:23 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2011/02/24 19:19:23 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2011/02/24 19:19:23 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aitagent.exe
[2011/02/24 19:19:23 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prncache.dll
[2011/02/24 19:19:22 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/02/24 19:19:22 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2011/02/24 19:19:22 | 000,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2011/02/24 19:19:22 | 000,175,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmbus.sys
[2011/02/24 19:19:22 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/24 19:19:21 | 002,504,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/02/24 19:19:21 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2011/02/24 19:19:21 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2011/02/24 19:19:21 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/02/24 19:19:21 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL
[2011/02/24 19:19:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2011/02/24 19:19:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/24 19:19:21 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/24 19:19:20 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2011/02/24 19:19:20 | 000,782,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2011/02/24 19:19:20 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2011/02/24 19:19:20 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll
[2011/02/24 19:19:20 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2011/02/24 19:19:20 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll
[2011/02/24 19:19:19 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll
[2011/02/24 19:19:19 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2011/02/24 19:19:19 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/02/24 19:19:19 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicsvc.exe
[2011/02/24 19:19:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2011/02/24 19:19:19 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2011/02/24 19:19:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/24 19:19:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2011/02/24 19:19:18 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2011/02/24 19:19:18 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2011/02/24 19:19:18 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2011/02/24 19:19:18 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2011/02/24 19:19:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
[2011/02/24 19:19:18 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2011/02/24 19:19:17 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/02/24 19:19:17 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXPTaskRingtone.dll
[2011/02/24 19:19:17 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2011/02/24 19:19:17 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2011/02/24 19:19:17 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/24 19:19:17 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe
[2011/02/24 19:19:17 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/02/24 19:19:16 | 001,624,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2011/02/24 19:19:16 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/02/24 19:19:16 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2011/02/24 19:19:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
[2011/02/24 19:19:15 | 002,217,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootres.dll
[2011/02/24 19:19:15 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2011/02/24 19:19:15 | 000,658,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2011/02/24 19:19:15 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vaultsvc.dll
[2011/02/24 19:19:15 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halmacpi.dll
[2011/02/24 19:19:15 | 000,194,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hal.dll
[2011/02/24 19:19:15 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2011/02/24 19:19:15 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/02/24 19:19:15 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2011/02/24 19:19:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2011/02/24 19:19:15 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2011/02/24 19:19:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\proquota.exe
[2011/02/24 19:19:14 | 000,679,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2011/02/24 19:19:14 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2011/02/24 19:19:13 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2011/02/24 19:19:13 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2011/02/24 19:19:13 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2011/02/24 19:19:13 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/02/24 19:19:13 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2011/02/24 19:19:13 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2011/02/24 19:19:13 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/02/24 19:19:13 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2011/02/24 19:19:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/02/24 19:19:13 | 000,035,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winusb.sys
[2011/02/24 19:19:12 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll
[2011/02/24 19:19:11 | 001,466,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/24 19:19:11 | 000,665,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2011/02/24 19:19:11 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/02/24 19:19:11 | 000,399,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DXP.dll
[2011/02/24 19:19:11 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2011/02/24 19:19:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/02/24 19:19:11 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011/02/24 19:19:11 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
[2011/02/24 19:19:11 | 000,155,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/02/24 19:19:11 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll
[2011/02/24 19:19:10 | 001,227,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2011/02/24 19:19:10 | 000,372,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/02/24 19:19:10 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2011/02/24 19:19:10 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2011/02/24 19:19:09 | 001,326,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2011/02/24 19:19:09 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/02/24 19:19:09 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/02/24 19:19:09 | 000,933,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vault.dll
[2011/02/24 19:19:09 | 000,187,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/24 19:19:09 | 000,132,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2011/02/24 19:19:09 | 000,098,816 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe
[2011/02/24 19:19:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll
[2011/02/24 19:19:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/24 19:19:08 | 001,400,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DxpTaskSync.dll
[2011/02/24 19:19:08 | 001,040,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Display.dll
[2011/02/24 19:19:08 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2011/02/24 19:19:07 | 001,188,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DiagCpl.dll
[2011/02/24 19:19:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/02/24 19:19:07 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termmgr.dll
[2011/02/24 19:19:07 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll
[2011/02/24 19:19:07 | 000,316,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sharemediacpl.dll
[2011/02/24 19:19:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/02/24 19:19:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/24 19:19:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2011/02/24 19:19:06 | 000,140,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys
[2011/02/24 19:19:06 | 000,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\winhv.sys
[2011/02/24 19:19:05 | 002,202,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SensorsCpl.dll
[2011/02/24 19:19:05 | 001,066,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2011/02/24 19:19:05 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.dll
[2011/02/24 19:19:05 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\biocpl.dll
[2011/02/24 19:19:05 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll
[2011/02/24 19:19:05 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2011/02/24 19:19:05 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppcomapi.dll
[2011/02/24 19:19:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2011/02/24 19:19:05 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoncli.dll
[2011/02/24 19:19:05 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2011/02/24 19:19:05 | 000,040,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vmstorfl.sys
[2011/02/24 19:19:05 | 000,028,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storvsc.sys
[2011/02/24 19:19:04 | 002,157,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2011/02/24 19:19:04 | 000,766,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2011/02/24 19:19:04 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/02/24 19:19:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscmmc.dll
[2011/02/24 19:19:03 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2011/02/24 19:19:03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll
[2011/02/24 19:19:03 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2011/02/24 19:19:03 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hgcpl.dll
[2011/02/24 19:19:03 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll
[2011/02/24 19:19:03 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2011/02/24 19:19:03 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/02/24 19:19:03 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/02/24 19:19:02 | 001,644,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2011/02/24 19:19:02 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2011/02/24 19:19:02 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
[2011/02/24 19:19:02 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll
[2011/02/24 19:19:02 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2011/02/24 19:19:02 | 000,600,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2011/02/24 19:19:02 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2011/02/24 19:19:02 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2011/02/24 19:19:02 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/02/24 19:19:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2011/02/24 19:19:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll
[2011/02/24 19:19:02 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll
[2011/02/24 19:19:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2011/02/24 19:19:01 | 003,727,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2011/02/24 19:19:01 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2011/02/24 19:19:01 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll
[2011/02/24 19:19:01 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2011/02/24 19:19:01 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll
[2011/02/24 19:19:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2011/02/24 19:19:01 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/02/24 19:19:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe
[2011/02/24 19:19:01 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2011/02/24 19:19:00 | 000,516,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\main.cpl
[2011/02/24 19:19:00 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2011/02/24 19:19:00 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll
[2011/02/24 19:19:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netjoin.dll
[2011/02/24 19:18:59 | 002,130,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2011/02/24 19:18:59 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2011/02/24 19:18:59 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2011/02/24 19:18:59 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbda.dll
[2011/02/24 19:18:59 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnfldr.dll
[2011/02/24 19:18:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/02/24 19:18:59 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2011/02/24 19:18:59 | 000,312,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MCEWMDRMNDBootstrap.dll
[2011/02/24 19:18:59 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OnLineIDCpl.dll
[2011/02/24 19:18:58 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2011/02/24 19:18:58 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slui.exe
[2011/02/24 19:18:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll
[2011/02/24 19:18:58 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2011/02/24 19:18:58 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskbarcpl.dll
[2011/02/24 19:18:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\defaultlocationcpl.dll
[2011/02/24 19:18:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2011/02/24 19:18:58 | 000,137,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\halacpi.dll
[2011/02/24 19:18:58 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2011/02/24 19:18:58 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2011/02/24 19:18:58 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2011/02/24 19:18:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2011/02/24 19:18:57 | 000,750,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdcpl.dll
[2011/02/24 19:18:57 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2011/02/24 19:18:57 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl
[2011/02/24 19:18:57 | 000,577,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/02/24 19:18:57 | 000,537,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenterCPL.dll
[2011/02/24 19:18:57 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2011/02/24 19:18:57 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl
[2011/02/24 19:18:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2011/02/24 19:18:57 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efscore.dll
[2011/02/24 19:18:57 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll
[2011/02/24 19:18:57 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2011/02/24 19:18:57 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/24 19:18:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recovery.dll
[2011/02/24 19:18:57 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/24 19:18:57 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2011/02/24 19:18:57 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2011/02/24 19:18:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sisbkup.dll
[2011/02/24 19:18:56 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/24 19:18:56 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceCenter.dll
[2011/02/24 19:18:56 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe
[2011/02/24 19:18:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll
[2011/02/24 19:18:56 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
[2011/02/24 19:18:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax
[2011/02/24 19:18:56 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/02/24 19:18:55 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr.dll
[2011/02/24 19:18:55 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2011/02/24 19:18:55 | 000,656,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2011/02/24 19:18:55 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2011/02/24 19:18:55 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2011/02/24 19:18:55 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2011/02/24 19:18:55 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2011/02/24 19:18:55 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/02/24 19:18:55 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2011/02/24 19:18:55 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax
[2011/02/24 19:18:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fvecpl.dll
[2011/02/24 19:18:55 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2011/02/24 19:18:55 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2011/02/24 19:18:55 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdboot.exe
[2011/02/24 19:18:55 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL
[2011/02/24 19:18:55 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpsign.exe
[2011/02/24 19:18:54 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2011/02/24 19:18:54 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.dll
[2011/02/24 19:18:54 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll
[2011/02/24 19:18:54 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2011/02/24 19:18:54 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll
[2011/02/24 19:18:54 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/02/24 19:18:54 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/02/24 19:18:53 | 000,592,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2011/02/24 19:18:53 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2011/02/24 19:18:53 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/02/24 19:18:53 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll
[2011/02/24 19:18:53 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll
[2011/02/24 19:18:53 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
[2011/02/24 19:18:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgent.dll
[2011/02/24 19:18:53 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll
[2011/02/24 19:18:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/02/24 19:18:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\isoburn.exe
[2011/02/24 19:18:53 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/02/24 19:18:52 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll
[2011/02/24 19:18:52 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AdmTmpl.dll
[2011/02/24 19:18:52 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimgapi.dll
[2011/02/24 19:18:52 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2011/02/24 19:18:52 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2011/02/24 19:18:52 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2011/02/24 19:18:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzutil.exe
[2011/02/24 19:18:52 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
[2011/02/24 19:18:51 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr
[2011/02/24 19:18:51 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll
[2011/02/24 19:18:51 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll
[2011/02/24 19:18:51 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/02/24 19:18:51 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll
[2011/02/24 19:18:51 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2011/02/24 19:18:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxlib.dll
[2011/02/24 19:18:51 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe
[2011/02/24 19:18:51 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/24 19:18:51 | 000,051,200 | ---- | C] (Twain Working Group) -- C:\Windows\twain_32.dll
[2011/02/24 19:18:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/24 19:18:50 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2011/02/24 19:18:50 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clusapi.dll
[2011/02/24 19:18:50 | 000,211,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingFolder.dll
[2011/02/24 19:18:50 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanconn.dll
[2011/02/24 19:18:50 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/02/24 19:18:50 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2011/02/24 19:18:50 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/02/24 19:18:50 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/02/24 19:18:49 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2011/02/24 19:18:49 | 000,402,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2011/02/24 19:18:49 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wimserv.exe
[2011/02/24 19:18:49 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/02/24 19:18:49 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeResults.exe
[2011/02/24 19:18:49 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2011/02/24 19:18:49 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2011/02/24 19:18:49 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2011/02/24 19:18:49 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetapi.dll
[2011/02/24 19:18:49 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
[2011/02/24 19:18:49 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2011/02/24 19:18:49 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
[2011/02/24 19:18:49 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL
[2011/02/24 19:18:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acppage.dll
[2011/02/24 19:18:48 | 001,111,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onexui.dll
[2011/02/24 19:18:48 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nltest.exe
[2011/02/24 19:18:48 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iTVData.dll
[2011/02/24 19:18:48 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/02/24 19:18:48 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2011/02/24 19:18:48 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsbas.dll
[2011/02/24 19:18:48 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/02/24 19:18:48 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UserAccountControlSettings.dll
[2011/02/24 19:18:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe
[2011/02/24 19:18:48 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe
[2011/02/24 19:18:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpnikeapi.dll
[2011/02/24 19:18:47 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2011/02/24 19:18:47 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFPlay.dll
[2011/02/24 19:18:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/02/24 19:18:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/02/24 19:18:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2011/02/24 19:18:46 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2011/02/24 19:18:46 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/24 19:18:46 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe
[2011/02/24 19:18:46 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/02/24 19:18:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
[2011/02/24 19:18:46 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/02/24 19:18:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2011/02/24 19:18:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdmat.dll
[2011/02/24 19:18:46 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll
[2011/02/24 19:18:45 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/24 19:18:45 | 000,878,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr
[2011/02/24 19:18:45 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceStatus.dll
[2011/02/24 19:18:45 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/02/24 19:18:45 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll
[2011/02/24 19:18:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2011/02/24 19:18:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr
[2011/02/24 19:18:45 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceSyncProvider.dll
[2011/02/24 19:18:45 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2011/02/24 19:18:45 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/02/24 19:18:45 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2011/02/24 19:18:45 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2011/02/24 19:18:45 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax
[2011/02/24 19:18:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2011/02/24 19:18:45 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll
[2011/02/24 19:18:45 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe
[2011/02/24 19:18:45 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2011/02/24 19:18:45 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\djoin.exe
[2011/02/24 19:18:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpd3d.dll
[2011/02/24 19:18:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2011/02/24 19:18:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll
[2011/02/24 19:18:44 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2011/02/24 19:18:44 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/02/24 19:18:44 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr
[2011/02/24 19:18:44 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll
[2011/02/24 19:18:44 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax
[2011/02/24 19:18:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl
[2011/02/24 19:18:44 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2011/02/24 19:18:44 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiavideo.dll
[2011/02/24 19:18:44 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2011/02/24 19:18:44 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2011/02/24 19:18:44 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL
[2011/02/24 19:18:44 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll
[2011/02/24 19:18:44 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/02/24 19:18:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapistub.dll
[2011/02/24 19:18:44 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mapi32.dll
[2011/02/24 19:18:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/02/24 19:18:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe
[2011/02/24 19:18:44 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe
[2011/02/24 19:18:44 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2011/02/24 19:18:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\utildll.dll
[2011/02/24 19:18:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2011/02/24 19:18:43 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/02/24 19:18:43 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2011/02/24 19:18:43 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2011/02/24 19:18:43 | 000,283,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll
[2011/02/24 19:18:43 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2011/02/24 19:18:43 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unattend.dll
[2011/02/24 19:18:43 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll
[2011/02/24 19:18:43 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2011/02/24 19:18:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppinst.dll
[2011/02/24 19:18:43 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe
[2011/02/24 19:18:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/02/24 19:18:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL
[2011/02/24 19:18:43 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cca.dll
[2011/02/24 19:18:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2011/02/24 19:18:42 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/02/24 19:18:42 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelPost.exe
[2011/02/24 19:18:42 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll
[2011/02/24 19:18:42 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe
[2011/02/24 19:18:42 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vfwwdm32.dll
[2011/02/24 19:18:42 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2011/02/24 19:18:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umb.dll
[2011/02/24 19:18:42 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll
[2011/02/24 19:18:42 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2011/02/24 19:18:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll
[2011/02/24 19:18:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msg.exe
[2011/02/24 19:18:41 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll
[2011/02/24 19:18:41 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsicli.exe
[2011/02/24 19:18:41 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2011/02/24 19:18:41 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl
[2011/02/24 19:18:41 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BdeHdCfg.exe
[2011/02/24 19:18:41 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/02/24 19:18:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll
[2011/02/24 19:18:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll
[2011/02/24 19:18:41 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
[2011/02/24 19:18:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll
[2011/02/24 19:18:41 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\relog.exe
[2011/02/24 19:18:41 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationProxy.dll
[2011/02/24 19:18:41 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qwinsta.exe
[2011/02/24 19:18:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2011/02/24 19:18:41 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quser.exe
[2011/02/24 19:18:41 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2011/02/24 19:18:40 | 001,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2011/02/24 19:18:40 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSTIFF.dll
[2011/02/24 19:18:40 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\itircl.dll
[2011/02/24 19:18:40 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2011/02/24 19:18:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/02/24 19:18:40 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/02/24 19:18:40 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\resutils.dll
[2011/02/24 19:18:40 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2011/02/24 19:18:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertPolEng.dll
[2011/02/24 19:18:40 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MultiDigiMon.exe
[2011/02/24 19:18:40 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/02/24 19:18:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax
[2011/02/24 19:18:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/02/24 19:18:40 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe
[2011/02/24 19:18:40 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2011/02/24 19:18:40 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2011/02/24 19:18:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2011/02/24 19:18:40 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2011/02/24 19:18:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2011/02/24 19:18:40 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll
[2011/02/24 19:18:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nrpsrv.dll
[2011/02/24 19:18:39 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/02/24 19:18:39 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/02/24 19:18:39 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppc.dll
[2011/02/24 19:18:39 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2011/02/24 19:18:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/02/24 19:18:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
[2011/02/24 19:18:39 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tlscsp.dll
[2011/02/24 19:18:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2011/02/24 19:18:39 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/02/24 19:18:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciqtz32.dll
[2011/02/24 19:18:39 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll
[2011/02/24 19:18:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2011/02/24 19:18:39 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/02/24 19:18:39 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2011/02/24 19:18:39 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ReAgentc.exe
[2011/02/24 19:18:39 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2011/02/24 19:18:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2011/02/24 19:18:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2011/02/24 19:18:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\muifontsetup.dll
[2011/02/24 19:18:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\manage-bde.exe
[2011/02/24 19:18:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\repair-bde.exe
[2011/02/24 19:18:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmicres.dll
[2011/02/24 19:18:38 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll
[2011/02/24 19:18:38 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax
[2011/02/24 19:18:38 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll
[2011/02/24 19:18:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmstorfltres.dll
[2011/02/24 19:18:38 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unlodctr.exe
[2011/02/24 19:18:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax
[2011/02/24 19:18:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdiasqmmodule.dll
[2011/02/24 19:18:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2011/02/24 19:18:38 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
[2011/02/24 19:18:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbrpm.sys
[2011/02/24 19:18:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe
[2011/02/24 19:18:38 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
[2011/02/24 19:18:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys
[2011/02/24 19:18:38 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdprefdrvapi.dll
[2011/02/24 19:18:38 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll
[2011/02/24 19:18:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2011/02/24 19:18:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2011/02/24 19:18:37 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/02/24 19:18:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbusres.dll
[2011/02/24 19:18:37 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2011/02/24 19:18:37 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2011/02/24 19:18:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/02/24 19:18:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll
[2011/02/24 19:18:37 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/02/24 19:18:37 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll
[2011/02/24 19:18:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icaapi.dll
[2011/02/24 19:18:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2011/02/24 19:18:36 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll
[2011/02/24 19:18:36 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSMON.dll
[2011/02/24 19:18:36 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elsTrans.dll
[2011/02/24 19:18:36 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TRAPI.dll
[2011/02/24 19:18:36 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsperf.dll
[2011/02/24 19:18:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/24 19:18:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll
[2011/02/24 19:18:35 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll
[2011/02/24 19:18:35 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedcli.dll
[2011/02/24 19:18:34 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2011/02/24 19:18:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2011/02/24 19:18:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shgina.dll
[2011/02/24 19:18:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sscore.dll
[2011/02/24 19:18:34 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll
[2011/02/24 19:18:33 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/02/24 19:18:33 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMBusHID.sys
[2011/02/24 19:18:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll
[2011/02/24 19:18:32 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/24 19:18:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2011/02/24 19:18:31 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2011/02/24 19:18:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshirda.dll
[2011/02/24 19:18:30 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmbusCoinstaller.dll
[2011/02/24 19:18:30 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VmdCoinstall.dll
[2011/02/24 19:18:30 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IcCoinstall.dll
[2011/02/24 19:18:30 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmictimeprovider.dll
[2011/02/24 19:18:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmbuspipe.dll
[2011/02/24 19:18:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/02/24 19:18:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPREFDD.dll
[2011/02/24 19:18:29 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\C_ISCII.DLL
[2011/02/24 19:18:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shunimpl.dll
[2011/02/24 19:18:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/02/24 19:18:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/02/24 19:18:28 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUS.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDUGHR1.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTURME.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAJIK.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMON.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDMAORI.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDLT1.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTEL.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINORI.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINKAN.DLL
[2011/02/24 19:18:28 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBULG.DLL
[2011/02/24 19:18:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGEO.DLL
[2011/02/24 19:18:27 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll
[2011/02/24 19:18:27 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BlbEvents.dll
[2011/02/24 19:18:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pifmgr.dll
[2011/02/24 19:18:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll
[2011/02/24 19:18:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSG.DLL
[2011/02/24 19:18:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbdlk41a.dll
[2011/02/24 19:18:27 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDCZ1.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUQ.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTUF.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDSF.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDPO.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDNEPR.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINBEN.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGR1.DLL
[2011/02/24 19:18:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDGKL.DLL
[2011/02/24 19:18:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINTAM.DLL
[2011/02/24 19:18:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINMAR.DLL
[2011/02/24 19:18:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDINHIN.DLL
[2011/02/24 19:18:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBLR.DLL
[2011/02/24 19:18:27 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
[2011/02/24 19:18:27 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vms3cap.sys
[2011/02/24 19:18:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnaddr.dll
[2011/02/24 19:18:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/24 19:18:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll
[2011/02/24 19:18:08 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/24 19:17:58 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2011/02/24 19:17:53 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2011/02/24 19:17:53 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2011/02/24 19:17:31 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2011/02/24 19:17:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll
[2011/02/23 02:39:24 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll
[2011/02/23 02:39:18 | 003,597,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/02/23 02:39:10 | 002,620,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/02/23 02:39:04 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/02/23 02:32:40 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/23 02:32:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/23 02:32:39 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/23 02:32:39 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/20 03:37:08 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Age Of Empires 2
[2011/02/20 03:34:29 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\GameRanger
[2011/02/20 03:32:46 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Age Of Empires 2 & The Conquerors Expansion - Full Game
[2011/02/20 03:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Age Of Empires 2 & The Conquerors Expansion - Full Game
[2011/02/20 00:49:03 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Documents\Teamviewer Recordings
[2011/02/19 15:20:45 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Desktop\Rsbot
[2011/02/19 14:33:16 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Roaming\teamspeak2
[2011/02/19 14:33:04 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2011/02/16 22:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/16 22:38:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/16 22:38:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/16 22:38:36 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/16 15:38:45 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\Documents\ZScreen
[2011/02/16 15:38:27 | 000,000,000 | ---D | C] -- C:\Users\Wafflemonger\AppData\Local\ZScreen
[2011/02/16 15:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZScreen
[2011/02/16 15:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZScreen
[2010/12/29 23:30:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.sys
[2010/12/15 14:40:21 | 000,047,616 | ---- | C] (Stirling Technologies, Inc.) -- C:\Users\Wafflemonger\AppData\Roaming\RunProcess.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/17 19:10:34 | 000,000,512 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\MBR.dat
[2011/03/17 19:09:11 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Wafflemonger\Desktop\aswMBR.exe
[2011/03/17 19:06:49 | 000,080,384 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\MBRCheck.exe
[2011/03/17 19:01:09 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/17 19:01:09 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/17 18:58:17 | 000,733,668 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/17 18:58:17 | 000,145,580 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/17 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/17 18:53:46 | 2414,354,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/15 19:29:54 | 000,000,117 | ---- | M] () -- C:\Users\Wafflemonger\jagex_runescape_preferences2.dat
[2011/03/15 19:29:54 | 000,000,046 | ---- | M] () -- C:\Users\Wafflemonger\jagex_runescape_preferences.dat
[2011/03/12 16:15:46 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Wafflemonger\Desktop\OTL.exe
[2011/03/05 03:45:22 | 000,001,012 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\Play ZombieCraft.lnk
[2011/02/25 04:47:20 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/24 19:49:34 | 000,007,601 | ---- | M] () -- C:\Users\Wafflemonger\AppData\Local\Resmon.ResmonCfg
[2011/02/24 19:42:02 | 000,409,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/24 19:29:33 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2011/02/23 20:28:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/02/23 04:27:00 | 015,047,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011/02/23 04:27:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011/02/23 04:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011/02/23 04:27:00 | 010,079,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011/02/23 04:27:00 | 005,654,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011/02/23 04:27:00 | 004,942,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011/02/23 04:27:00 | 002,895,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011/02/23 04:27:00 | 002,251,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011/02/23 04:27:00 | 001,965,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011/02/23 04:27:00 | 000,941,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322090.dll
[2011/02/23 04:27:00 | 000,837,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322040.dll
[2011/02/23 04:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/02/23 04:27:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011/02/23 04:27:00 | 000,004,756 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/02/23 02:39:24 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyUpdatusAPIU.dll
[2011/02/23 02:39:18 | 003,597,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2011/02/23 02:39:10 | 002,620,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2011/02/23 02:39:04 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2011/02/20 03:34:31 | 000,001,080 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\GameRanger.lnk
[2011/02/20 03:32:47 | 000,001,044 | ---- | M] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk
[2011/02/19 14:33:04 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2011/02/19 02:30:51 | 001,076,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/19 02:30:50 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/16 22:38:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/16 22:38:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/16 22:38:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/16 22:38:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/16 20:28:53 | 001,003,113 | ---- | M] () -- C:\Users\Wafflemonger\Desktop\lmfao.png
[2011/02/16 15:38:20 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\ZScreen.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/17 19:10:34 | 000,000,512 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\MBR.dat
[2011/03/17 19:06:47 | 000,080,384 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\MBRCheck.exe
[2011/03/05 03:45:22 | 000,001,012 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\Play ZombieCraft.lnk
[2011/02/24 19:49:34 | 000,007,601 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\Resmon.ResmonCfg
[2011/02/24 19:19:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/24 19:19:46 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/02/24 19:18:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/24 19:18:36 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/02/24 19:18:26 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/02/20 03:34:31 | 000,001,080 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\GameRanger.lnk
[2011/02/20 03:34:31 | 000,001,066 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011/02/20 03:32:47 | 000,001,044 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk
[2011/02/16 20:28:52 | 001,003,113 | ---- | C] () -- C:\Users\Wafflemonger\Desktop\lmfao.png
[2011/02/16 15:38:20 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\ZScreen.lnk
[2011/01/13 00:19:22 | 000,005,120 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 03:35:00 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/30 00:12:42 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/12/30 00:12:42 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/12/30 00:12:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/12/30 00:12:42 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010/12/29 23:30:02 | 000,087,608 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\inst.exe
[2010/12/29 23:30:02 | 000,007,887 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.cat
[2010/12/29 23:30:02 | 000,001,144 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\pcouffin.inf
[2010/12/05 20:57:42 | 000,000,108 | ---- | C] () -- C:\Windows\VSWizard.ini
[2010/10/27 14:19:52 | 000,001,836 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\ImperatorProfile0.dat
[2010/10/27 14:19:52 | 000,001,826 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\ImperatorProfile1.dat
[2010/10/26 22:37:09 | 000,000,906 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Roaming\RSBot_Accounts.ini
[2010/09/27 23:59:57 | 000,000,600 | ---- | C] () -- C:\Users\Wafflemonger\AppData\Local\PUTTY.RND
[2010/09/11 20:25:42 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/11 11:52:03 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/11 01:48:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,733,668 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,145,580 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2004/02/29 23:53:00 | 000,000,796 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >


OTL Extras logfile created on: 17/03/2011 7:13:10 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Wafflemonger\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 18.99 Gb Free Space | 25.48% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 406.13 Gb Free Space | 87.20% Space Free | Partition Type: NTFS

Computer Name: PC-CSD21260 | User Name: Wafflemonger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160240}" = Java™ SE Development Kit 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49A3D943-9A41-44D7-9C28-E0EB6C1BB336}" = TortoiseSVN 1.6.13.20954 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A17B9E-3901-400B-BCD7-2ACD8FFE328B}" = System Requirements Lab for Intel
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A66242A1-9101-425D-9BE5-D19A50E1D0D8}" = ESET NOD32 Antivirus
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 267.24
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BB6694FB-30D9-42A8-A15E-019F127EE494}" = Wireless-G PCI Adapter
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Razer Imperator Firmware Updater
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam™
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age Of Empires 2 & The Conquerors Expansion - Full Game" = Age Of Empires 2 & The Conquerors Expansion - Full Game
"CCleaner" = CCleaner
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"jose-chess" = jose
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NTREGOPT_is1" = NTREGOPT 1.1j
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Project Blackout" = Project Blackout
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"ZScreen_is1" = ZScreen 3.27.3.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/03/2011 4:37:19 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/03/2011 8:47:36 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/03/2011 8:48:46 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/03/2011 8:48:53 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 15/03/2011 7:21:22 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/03/2011 7:22:34 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/03/2011 7:22:39 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 16/03/2011 8:49:04 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Razer\Imperator\Firmware
Updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/03/2011 8:50:19 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Razer\imperator\firmware
updater\bootloader\DPInst_amd64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 16/03/2011 8:50:24 AM | Computer Name = PC-CSD21260 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 09/02/2011 9:08:52 AM | Computer Name = PC-CSD21260 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:53:02 PM on ?08/?02/?2011 was unexpected.

Error - 09/02/2011 9:09:16 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 09/02/2011 10:53:20 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 10/02/2011 8:58:09 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 11/02/2011 2:49:26 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 12/02/2011 5:50:18 AM | Computer Name = PC-CSD21260 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 12/02/2011 4:01:27 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 13/02/2011 1:52:07 PM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2

Error - 13/02/2011 2:45:01 PM | Computer Name = PC-CSD21260 | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 14/02/2011 9:03:46 AM | Computer Name = PC-CSD21260 | Source = Service Control Manager | ID = 7000
Description = The VMware USB Arbitration Service service failed to start due to
the following error: %%2


< End of report >



Also...I love how you fulfilled my request of telling me what the scans did. However I did not fully understand your explanation you gave as it was so vague, almost as if it wasn't given at all. Would you please repeat it in greater detail?
  • 0

#8
Render
Posted 17 March 2011 - 05:21 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. MBR seem clean. Now provide me with fresh OTL and Extras logs.

Few questions. So you are mainly using Windows 7 as it seems multy-boot system? Are you using also Windows XP and are there some problems also?
If Seven is your main OS why you have it installed on slower HDD?
  • 0

#9
Render
Posted 17 March 2011 - 05:33 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

However I did not fully understand your explanation you gave as it was so vague, almost as if it wasn't given at all. Would you please repeat it in greater detail?

What exactly you want know? Why I checked MBR or something else?
  • 0

#10
Wafflemonger
Posted 17 March 2011 - 06:22 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts

OK. MBR seem clean. Now provide me with fresh OTL and Extras logs.

Few questions. So you are mainly using Windows 7 as it seems multy-boot system? Are you using also Windows XP and are there some problems also?
If Seven is your main OS why you have it installed on slower HDD?


I did post a fresh OTL and extra log. I posted that last right above your post. It is quite large and very difficult to miss. I even ran it after the Master Boot Record scans as instructed.

I am using only Windows 7. I had a look at my scan and noticed that it indeed did state that a Windows XP MBR was present on my 500GB drive. I am not using a "multi" boot system. I had the 500GB hdd AFTER I installed Windows 7 on my 80GB one. That hard drive was originally a main HDD for another computer, but I got rid of that computer and installed the 500GB drive as storage space. Of course first I completely formatted the drive properly, and when I inserted it into this computer, the MBR was persistent and it would not allow me to remove it, even after formatting the drive. If you have a fix for removing the Windows XP MBR then please, be my guest. I had the 80GB drive for a long time, updated to Windows 7 I think last year. I will be changing this HDD within the year, however all tests I have run on it show me that it is still running quite well, with all stats well within the norms.

However I did not fully understand your explanation you gave as it was so vague, almost as if it wasn't given at all. Would you please repeat it in greater detail?

What exactly you want know? Why I checked MBR or something else?


Well, what did the custom scan do as I can see it didn't find any of the files/entries, what exactly was it looking for [I looked in the .txt] but yes basically what you stated.
  • 0

Advertisements

#11
Render
Posted 18 March 2011 - 08:49 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Follow the steps below:

Step 1

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :OTL
    O4 - HKLM..\Run: [avast5] File not found
    O4 - Startup: C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk = File not found

    :Files
    ipconfig /flushdns /c

    :Reg

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
  • On the first tab select all elements down to Computer and then select start scan
  • Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
  • Select the Manual Disinfection tab
  • Press the Gather System Information button
  • Once done Open the last report saved folder then attach the zip file to your next post zip
  • The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • AVP report and attached avptool_sysinfo.zip

  • 0

#12
Wafflemonger
Posted 18 March 2011 - 09:02 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Running the scans...in the mean time tell me what it does please?

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully.
C:\Users\Wafflemonger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Age2 Config.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wafflemonger\Desktop\cmd.bat deleted successfully.
C:\Users\Wafflemonger\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Public

User: Wafflemonger
->Temp folder emptied: 220307514 bytes
->Temporary Internet Files folder emptied: 25818798 bytes
->Java cache emptied: 62514783 bytes
->FireFox cache emptied: 81476022 bytes
->Flash cache emptied: 65574 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 791471 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 373.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

User: Wafflemonger
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.22.3 log created on 03182011_230643

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by Wafflemonger, 18 March 2011 - 09:21 PM.

  • 0

#13
Wafflemonger
Posted 19 March 2011 - 03:08 AM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
Autoscan: completed 1 minute ago (events: 8, objects: 275276, time: 02:52:54)
18/03/2011 11:31:08 PM Task started
18/03/2011 11:31:19 PM Task stopped
18/03/2011 11:31:31 PM Task started
18/03/2011 11:41:21 PM Task stopped
19/03/2011 12:32:19 AM Task started
19/03/2011 12:51:22 AM Task stopped
19/03/2011 2:13:01 AM Task started
19/03/2011 5:05:55 AM Task completed

Attached Files


Edited by Wafflemonger, 19 March 2011 - 03:14 AM.

  • 0

#14
Render
Posted 19 March 2011 - 07:38 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

First we had checked for possible MBR infection. Many nowadays rootkits modifies a PC's master boot record, which is the first sector of a storage device and is used to help a PC locate an operating system to boot after it is turned on. This way the rootkit is running even before operating system loads. You can find more information about MBR here.

In your situation, both tools came out with clean logs and that means that your MBR is probably not infected.

Next we used OTL to list some important places of your operating system like running processes, modified files in last 30 days etc. We're looking here for non-legitimate entries as they could be malicious. You can find tutorial of that nice tool here.

With OTL fix we can delete or stop any of these entries (processes, files, folders, registry entries etc).

In your particular case I didn't find any malicious entry. So I removed orphaned autostart entry from your previous AV program Avast and shortcut to game configuration file. Then I flushed your DNS resolver cache as sometimes a bad DNS entry has been cached. For commands please read the OTL tutorial.

AVP tool is on-demand virus scanner/remover and diagnostic tool from Kaspersky.

As your logs looks malware free I have to ask you what problems with computer you currently have.
  • 0

#15
Wafflemonger
Posted 19 March 2011 - 12:42 PM

Wafflemonger

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 548 posts
I thank you for explaining what each tool did and why you did it. There really isn't anything wrong, I was just unsure if I had properly removed the virus or not. You stated something about my storage drive having a windows XP MBR, do you have any idea on how to remove that? I tried formatting it which clearly didn't work. Aside from that, all is good, and I thank you for your time and patience.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP