Answers to your tech questions
Computer forums for help with removing malicious software (malware) and improving computer security

grin Welcome to What the Tech! ( Log In | Register ) What tech support ought to be... Fast, friendly and free! Once registered - you'll have the ability to post your question in the appropriate forum below. Additionally, if you can assist another member by sharing your tech knowledge, please post a reply! Best of all - Registration and all assistance is FREE! Once you've completed registration, simply choose the appropriate forum below, click on the "new topic" button, and post your question! What are you waiting for? Register today! *Registered users see NO ADVERTISING.

   
2 Pages V   1 2 >  
 Closed TopicStart new topic
> [Resolved] Internet Explorer is not working
Warnite
post Jun 17 2009, 10:53 AM
Post #1


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Well let me start by saying this. Last night, i was playing a game... im sure you all know it, its called World of Warcraft, well i recieved a mail ingame from a person i know, and basicly it said that he made a video of our guild in game and to download it and check it out. Well as stupid as i am, i went ahead and downloaded it, now before i launched it, i looked at the file because it did not look like a video file. The file was called "org.exe". I was really hesitant about it, but i was stupid enough to open it. When i double click on it, the file had disappeared. Shortly after, my internet explorer has completely stopped working. When i try to open it, and error pops up saying "Internet Explorer has stopped working.... A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

Now i do have an Antivirus, Anti-malware, and registry cleaner.... My Antivirus i use is called "Vipre", my antimalware is called "Malwarebyte's Anti-Malware", and my registry cleaner is called "Ccleaner". Well i ran a full system scan on both Vipre and Malwarebyte's Anti-Malware. Vipre didnt find anything, but Malwarebyte's did find 9 infections including trojans and other stuff. When i ran Ccleaner, it found numerous problems in my registry. I went ahead and fixed all the problems ive found.

When i restarted my computer, IE was still not working, i have Vista 64bit, AOL and IE 64bit works, but the normal IE still gives me the error. I have IE version 8, so what i did was uninstalled the update rolled back to version 7, tried it and it still didnt work, so then i went back and redownloaded IE version 8 installed it, and it still gives me the error.

Some people that i talked to online in the game i played said it either could've been either a virus or even keyloggers that people are trying to hack my account. So i downloaded Hijackthis and did a log of my computer. Can you guys look at this and see if there is anything wrong or if im still infected with virus/spyware/keyloggers??

Before i i post my HJT Log, here is the log from Malwarebyte's Anti-Malware:

Malwarebytes' Anti-Malware 1.37
Database version: 2293
Windows 6.0.6001 Service Pack 1

6/17/2009 12:44:51 AM
mbam-log-2009-06-17 (00-44-51).txt

Scan type: Quick Scan
Objects scanned: 74002
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ieshowinfo.receiverbho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{89ec0b92-2c0c-42e0-98b9-c049ef027140} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{46f03432-be65-4333-b524-04713c4c81fe} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbaf53d4-11fe-482d-b516-b3103bc71f87} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ieshowinfo.receiverbho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\linksador\ShowInfo\IeShowInfo.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\freshplay\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.



Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:41 AM, on 6/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\aol\1230257227\ee\aolsoftware.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\AOL 9.5\waol.exe
C:\Program Files (x86)\AOL 9.5\shellmon.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1230257227\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\294479031754mxx.dll,DllMain
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.5\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9190 bytes

I tried to do use the "Analyze This" button but i dont think it work since it had to open up IE, and when it did, IE gave me the error once again..

This post has been edited by Warnite: Jun 17 2009, 11:08 AM
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 17 2009, 07:30 PM
Post #2


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
Hi Warnite, welcome.gif

My name is SpySentinel and I will be helping you with your malware problem.



DNS Changer Infection

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Also copy this link for router passwords - see below
http://www.phenoelit-us.org/dpl/dpl.html

Copy this link for video tutorial - see below
http://onguardonline.gov/tutorials/index.h...orials-wireless


Some things here to know.

DNS changer infects your router.

We need to clean your machine again, off line, so that the router can't re-infect your computer.

Before you use the router again we want to re-set it to it's default settings to remove the infection and stop it coming back.

Some routers you can re-set quite easily just by rebooting them others need a different approach. Some types of internet (i.e. DSL connections that use PPPoE in the router), you will need to know the data to re-setup the router itself.

What I am going to do now is give you some instructions that work in most cases.

If however it doesn't work for you, you will lose internet connection and will need to talk to your router provider to ascertain how to re-setup your router.


You have used Malwarebytes before.

If you no-longer have Malwarebytes please download from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
Go to the top of the page
 
+Quote Post
Warnite
post Jun 17 2009, 10:55 PM
Post #3


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Hi, SpySentinel

I unplugged my router from my computer, and unpluged the router from the modem, but leaving the power on in the router. I ran Malwarebyte's, and once it finished, i then resetted my router using a paperclip and putting it in the small hole like you said, i saw the lights blink for several seconds then it went to a steady light. I then reconnected my computer to the router and hooked it up to the modem.

Here is my log for Malwarebyte's.

Malwarebytes' Anti-Malware 1.37
Database version: 2293
Windows 6.0.6002 Service Pack 2

6/17/2009 11:49:57 PM
mbam-log-2009-06-17 (23-49-57).txt

Scan type: Quick Scan
Objects scanned: 73786
Time elapsed: 1 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SpySentinel, i forgot to tell you though, before i came and checked up on the forums to see if i had a reply, i went into safemode, and used SUPERAntiSpyware. It found another infection at the name of "Adware.Vundo/Varient-MMX". I found where the file was located on my computer and just deleted it. I then ran another scan in safemode on my computer and it found nothing. When i restarted my computer back to it normal and when the computer logged into windows, there was an error something about

"RunDLL
Error Loading:
C:\Users\ADMINI~1\AppData\Local\Temp\294479031754mxx.dll.
This specific module cannot be found"

i did noticed that Internet Explorer finally started working and did not give me the previous error "Internet Explorer has stopped working.... A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." like it did before. Just thought i let you know.

This post has been edited by Warnite: Jun 17 2009, 11:14 PM
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 18 2009, 02:50 PM
Post #4


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
Hi Warnite, Thanks for letting me know.

Along with a DNS Changer infection, you are also infected with Vundo which caused your internet explorer problems and since SUPERAntiSpyware removed it thats why you got that message regarding C:\Users\ADMINI~1\AppData\Local\Temp\294479031754mxx.dll.


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Step #1

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\294479031754mxx.dll,DllMain

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

After that, Reboot


Step #2

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Step #3

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Go to the top of the page
 
+Quote Post
Warnite
post Jun 18 2009, 07:10 PM
Post #5


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Hi SpySentinel

I did Steps 1 and 2 in safe mode, although i was NOT able to do Step 3. I downloaded Lop S&D, and i ran the program, i typed "E" for english as shown, and when i hit enter, the program just turned off. I redownloaded it again and tried it in safe mode and normal and it did the same thing. Anyways, here are my logs for both HJT and Vundofix.


VundoFix V7.0.6

Scan started at 7:25:30 PM 6/18/2009

Listing files found while scanning....

No infected files were found.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:06 PM, on 6/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1230257227\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8939 bytes
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 18 2009, 07:46 PM
Post #6


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
Hi Warnite,

Thanks for letting me know.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Go to the top of the page
 
+Quote Post
Warnite
post Jun 18 2009, 09:14 PM
Post #7


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Hi SpySentinel

I have a question. Do i have to run OTL in safe mode aswell? Or did you want me to run it in normal windows? Just want to make sure.

*Edit* Ok, im editing so i wont double post, but i went ahead and did the scan in normal windows. Here are the logs for OLT.txt, and Extras.txt


OTL logfile created on: 6/18/2009 11:43:03 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 401.93 Gb Free Space | 86.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNIE-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
PRC - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\SysWOW64\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM) [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LinksysUpdater [Auto | Running]) -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nmservice [Auto | Running]) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (SBAMSvc [Auto | Stopped]) -- C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AnyDVD [On_Demand | Running]) -- C:\Windows\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\Windows\sysnative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\Windows\sysnative\drivers\HdAudio.sys (Microsoft Corporation)
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\ASACPI.sys ()
DRV - (netr28ux [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\netr28ux.sys (Ralink Technology Corp.)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\Windows\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\Windows\sysnative\Drivers\pcouffin.sys (VSO Software)
DRV - (pnarp [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (sbapifs [Auto | Running]) -- C:\Windows\sysnative\DRIVERS\sbapifs.sys (Sunbelt Software)
DRV - (sbtis [System | Running]) -- C:\Windows\sysnative\drivers\sbtis.sys (Sunbelt Software)
DRV - (USB28xxBGA [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\emBDA64.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\emOEM64.sys (eMPIA Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\Windows\sysnative\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\wanatw64.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/16 20:02:12 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1230257227\ee\AOLSoftware.exe" (AOL LLC)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\Shell\AutoRun\command - "" = L:\StarterOfficeGuardian.exe -- File not found
O33 - MountPoints2\{b8c972f0-5b6a-11de-b1a8-00038a000015}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/18 23:39:23 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/06/18 23:39:18 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/06/18 20:05:56 | 00,000,268 | -H-- | C] () -- C:\sqmdata10.sqm
[2009/06/18 20:05:56 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2009/06/18 19:46:43 | 00,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2009/06/18 19:46:43 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2009/06/18 19:11:23 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/06/18 19:11:09 | 00,530,106 | ---- | C] () -- C:\Users\Administrator\Desktop\LopSD.exe
[2009/06/18 12:14:45 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/06/18 09:12:53 | 00,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2009/06/18 09:12:53 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2009/06/18 00:35:15 | 00,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2009/06/18 00:35:15 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2009/06/17 23:07:51 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/06/17 23:07:51 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/06/17 22:25:45 | 00,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2009/06/17 19:22:43 | 00,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2009/06/17 19:22:42 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2009/06/17 16:25:58 | 00,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2009/06/17 16:25:58 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2009/06/17 15:22:02 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/06/17 14:55:13 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\TomTom
[2009/06/17 14:55:10 | 00,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2009/06/17 14:54:56 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/06/17 14:54:56 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/06/17 14:54:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2009/06/17 14:54:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2009/06/17 14:53:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom DesktopSuite
[2009/06/17 14:51:51 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/06/17 14:51:38 | 00,000,944 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/17 14:51:36 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2009/06/17 14:51:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/06/17 14:46:33 | 00,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2009/06/17 14:46:33 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2009/06/17 13:21:27 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/17 13:12:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/06/17 13:12:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/06/17 13:12:19 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/06/17 12:52:26 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/06/17 12:52:22 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/06/17 12:52:21 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/06/17 12:52:19 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/06/17 12:52:17 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/06/17 12:52:15 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/06/17 12:52:15 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/06/17 12:52:12 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/06/17 12:52:11 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/06/17 12:52:10 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/06/17 12:52:09 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/06/17 12:52:08 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/06/17 12:52:06 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/06/17 12:52:05 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/06/17 12:52:02 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/06/17 12:52:02 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/06/17 12:52:02 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/06/17 12:52:00 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/06/17 12:52:00 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/06/17 12:51:59 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/06/17 12:51:59 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/06/17 12:51:58 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/06/17 12:51:57 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/06/17 12:51:57 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/06/17 12:51:56 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/06/17 12:51:56 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/06/17 12:51:56 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/17 12:51:56 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/06/17 12:51:55 | 00,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/06/17 12:51:55 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/06/17 12:51:55 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/06/17 12:51:54 | 01,165,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/06/17 12:51:54 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/06/17 12:51:54 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/06/17 12:51:54 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/06/17 12:51:54 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/06/17 12:51:53 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/06/17 12:51:52 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/06/17 12:51:52 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/06/17 12:51:52 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/06/17 12:51:51 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/06/17 12:51:51 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/06/17 12:51:51 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/06/17 12:51:50 | 10,625,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/06/17 12:51:50 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/06/17 12:51:50 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/06/17 12:51:50 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/06/17 12:51:50 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/06/17 12:51:50 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/06/17 12:51:50 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/06/17 12:51:49 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/06/17 12:51:49 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/06/17 12:51:48 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/06/17 12:51:48 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/06/17 12:51:48 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/06/17 12:51:47 | 00,648,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/06/17 12:51:47 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/06/17 12:51:47 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/06/17 12:51:46 | 03,079,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/06/17 12:51:46 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/06/17 12:51:46 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/06/17 12:51:46 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/06/17 12:51:46 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/06/17 12:51:45 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/17 12:51:45 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/06/17 12:51:45 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/17 12:51:44 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/06/17 12:51:44 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/06/17 12:51:44 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/06/17 12:51:43 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/06/17 12:51:43 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/06/17 12:51:43 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/06/17 12:51:43 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/06/17 12:51:42 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/06/17 12:51:42 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/06/17 12:51:42 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/06/17 12:51:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/06/17 12:51:42 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/06/17 12:51:41 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/06/17 12:51:41 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/06/17 12:51:37 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/06/17 12:51:36 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/06/17 12:51:36 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/06/17 12:51:36 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/06/17 12:51:36 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/06/17 12:51:35 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/06/17 12:51:35 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/06/17 12:51:35 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/06/17 12:51:34 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/06/17 12:51:34 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/06/17 12:51:34 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/06/17 12:51:34 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/06/17 12:51:33 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/06/17 12:51:33 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/06/17 12:51:33 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/06/17 12:51:33 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/06/17 12:51:32 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/06/17 12:51:32 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/06/17 12:51:31 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/06/17 12:51:31 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/06/17 12:51:31 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/06/17 12:51:31 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/06/17 12:51:31 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/06/17 12:51:30 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2009/06/17 12:51:30 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/06/17 12:51:30 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/06/17 12:51:30 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/06/17 12:51:30 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/06/17 12:51:30 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/06/17 12:51:29 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/06/17 12:51:29 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/06/17 12:51:28 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/06/17 12:51:28 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/06/17 12:51:27 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/06/17 12:51:27 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/06/17 12:51:27 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/06/17 12:51:27 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/06/17 12:51:27 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/17 12:51:26 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/06/17 12:51:26 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/06/17 12:51:26 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/06/17 12:51:24 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/06/17 12:51:23 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/06/17 12:51:23 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/06/17 12:51:23 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/06/17 12:51:23 | 00,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/06/17 12:51:23 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/06/17 12:51:23 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/06/17 12:51:22 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/06/17 12:51:22 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/06/17 12:51:22 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/06/17 12:51:22 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/06/17 12:51:22 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/06/17 12:51:21 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/06/17 12:51:21 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/06/17 12:51:21 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/06/17 12:51:21 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/06/17 12:51:20 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/06/17 12:51:20 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/06/17 12:51:20 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/06/17 12:51:20 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/06/17 12:51:19 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/06/17 12:51:19 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/06/17 12:51:19 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/06/17 12:51:18 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/06/17 12:51:18 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/06/17 12:51:18 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/06/17 12:51:18 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/06/17 12:51:18 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/06/17 12:51:17 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/06/17 12:51:15 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/06/17 12:51:14 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/06/17 12:51:14 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/06/17 12:51:14 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/06/17 12:51:14 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/06/17 12:51:14 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/06/17 12:51:14 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/06/17 12:51:14 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/06/17 12:51:13 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/06/17 12:51:13 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/06/17 12:51:13 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/06/17 12:51:13 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/06/17 12:51:13 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/06/17 12:51:12 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/06/17 12:51:11 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/06/17 12:51:11 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/06/17 12:51:11 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/06/17 12:51:11 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/06/17 12:51:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/06/17 12:51:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/06/17 12:51:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/06/17 12:51:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/06/17 12:51:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/06/17 12:51:11 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/06/17 12:51:10 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/06/17 12:51:10 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/06/17 12:51:10 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/06/17 12:51:10 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/06/17 12:51:10 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/06/17 12:51:10 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/06/17 12:51:09 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/06/17 12:51:09 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/06/17 12:51:09 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/06/17 12:51:09 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/06/17 12:51:09 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/06/17 12:51:09 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/06/17 12:51:09 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/06/17 12:51:09 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/06/17 12:51:08 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/06/17 12:51:08 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/06/17 12:51:08 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/06/17 12:51:07 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/06/17 12:51:07 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/06/17 12:51:07 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/06/17 12:51:06 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/06/17 12:51:06 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/06/17 12:51:06 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/06/17 12:51:05 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/06/17 12:51:05 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/06/17 12:51:05 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/06/17 12:51:05 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/06/17 12:51:05 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/06/17 12:51:05 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/06/17 12:51:05 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/06/17 12:51:04 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/06/17 12:51:04 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/06/17 12:51:03 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/06/17 12:51:03 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/06/17 12:51:03 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/06/17 12:51:03 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/06/17 12:51:03 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/06/17 12:51:02 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/06/17 12:51:02 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/06/17 12:51:02 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/06/17 12:51:02 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/06/17 12:51:01 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/06/17 12:51:01 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/06/17 12:51:01 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/06/17 12:51:01 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/06/17 12:51:00 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/06/17 12:51:00 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/06/17 12:51:00 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/06/17 12:51:00 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/06/17 12:50:59 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/06/17 12:50:59 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/06/17 12:50:59 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/06/17 12:50:59 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/06/17 12:50:59 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/06/17 12:50:58 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/06/17 12:50:58 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/06/17 12:50:58 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/06/17 12:50:57 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/06/17 12:50:57 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/06/17 12:50:57 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/06/17 12:50:57 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/06/17 12:50:57 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/06/17 12:50:57 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/06/17 12:50:56 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/06/17 12:50:56 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/06/17 12:50:56 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/06/17 12:50:56 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/06/17 12:50:56 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/06/17 12:50:55 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/06/17 12:50:54 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/06/17 12:50:53 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/06/17 12:50:53 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/06/17 12:50:52 | 01,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2009/06/17 12:50:52 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/06/17 12:50:52 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/06/17 12:50:52 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/06/17 12:50:52 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/06/17 12:50:51 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/06/17 12:50:51 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/06/17 12:50:51 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/06/17 12:50:49 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/06/17 12:50:49 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/06/17 12:50:48 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/06/17 12:50:48 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/06/17 12:50:48 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/06/17 12:50:48 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/06/17 12:50:48 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/06/17 12:50:48 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/06/17 12:50:48 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/06/17 12:50:48 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/06/17 12:50:48 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/06/17 12:50:48 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/06/17 12:50:48 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/06/17 12:50:48 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/06/17 12:50:48 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/06/17 12:50:47 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/06/17 12:50:47 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/06/17 12:50:47 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/06/17 12:50:47 | 00,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2009/06/17 12:50:47 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/06/17 12:50:47 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/06/17 12:50:47 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/06/17 12:50:47 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/06/17 12:50:47 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/06/17 12:50:47 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/06/17 12:50:47 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/06/17 12:50:47 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/06/17 12:50:47 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/06/17 12:50:46 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/06/17 12:50:46 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/06/17 12:50:46 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/06/17 12:50:46 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/06/17 12:50:46 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/06/17 12:50:46 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/06/17 12:50:46 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/06/17 12:50:45 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/06/17 12:50:45 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/06/17 12:50:45 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/06/17 12:50:44 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/06/17 12:50:44 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/06/17 12:50:44 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/06/17 12:50:44 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/06/17 12:50:43 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/06/17 12:50:43 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/06/17 12:50:43 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/06/17 12:50:43 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/06/17 12:50:43 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/06/17 12:50:42 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/06/17 12:50:42 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/06/17 12:50:42 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/06/17 12:50:42 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/06/17 12:50:40 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/06/17 12:50:40 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/06/17 12:50:40 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/06/17 12:50:40 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/06/17 12:50:40 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/06/17 12:50:40 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/06/17 12:50:40 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/06/17 12:50:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/06/17 12:50:40 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/06/17 12:50:39 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/06/17 12:50:39 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/06/17 12:50:39 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/06/17 12:50:39 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/06/17 12:50:39 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/06/17 12:50:39 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/06/17 12:50:39 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/06/17 12:50:39 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/06/17 12:50:38 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/06/17 12:50:38 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/06/17 12:50:38 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/06/17 12:50:38 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/06/17 12:50:38 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/06/17 12:50:38 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/06/17 12:50:38 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/06/17 12:50:38 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/06/17 12:50:38 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/06/17 12:50:38 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/06/17 12:50:37 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/06/17 12:50:37 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/06/17 12:50:37 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/06/17 12:50:37 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/06/17 12:50:37 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/06/17 12:50:37 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/06/17 12:50:37 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/06/17 12:50:37 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/06/17 12:50:36 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/06/17 12:50:36 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/06/17 12:50:36 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/06/17 12:50:36 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/06/17 12:50:36 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/06/17 12:50:35 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/06/17 12:50:35 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/06/17 12:50:35 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/06/17 12:50:35 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/06/17 12:50:35 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/06/17 12:50:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/06/17 12:50:35 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/06/17 12:50:34 | 01,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll
[2009/06/17 12:50:34 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/06/17 12:50:34 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/17 12:50:34 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/06/17 12:50:34 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/06/17 12:50:34 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/06/17 12:50:34 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/06/17 12:50:34 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/06/17 12:50:34 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/06/17 12:50:34 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/06/17 12:50:33 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/06/17 12:50:33 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/06/17 12:50:33 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/06/17 12:50:33 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/06/17 12:50:33 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/06/17 12:50:33 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/06/17 12:50:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/06/17 12:50:33 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/06/17 12:50:33 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/06/17 12:50:32 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/06/17 12:50:32 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/06/17 12:50:32 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/06/17 12:50:32 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/06/17 12:50:31 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/06/17 12:50:31 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/06/17 12:50:31 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/06/17 12:50:31 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/06/17 12:50:31 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/06/17 12:50:31 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/06/17 12:50:31 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/06/17 12:50:31 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/06/17 12:50:30 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/06/17 12:50:29 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/06/17 12:50:29 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/06/17 12:50:29 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/06/17 12:50:29 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/06/17 12:50:29 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/06/17 12:50:29 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/06/17 12:50:28 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/06/17 12:50:28 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/06/17 12:50:28 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/06/17 12:50:28 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/06/17 12:50:28 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/06/17 12:50:28 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/06/17 12:50:28 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/06/17 12:50:28 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/06/17 12:50:28 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/06/17 12:50:28 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/06/17 12:50:28 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/06/17 12:50:27 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/06/17 12:50:27 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/06/17 12:50:27 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/06/17 12:50:27 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/06/17 12:50:27 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/06/17 12:50:27 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/06/17 12:50:27 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/06/17 12:50:26 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/06/17 12:50:26 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/06/17 12:50:26 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/06/17 12:50:26 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2009/06/17 12:50:26 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/06/17 12:50:26 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/06/17 12:50:26 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/06/17 12:50:26 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/06/17 12:50:26 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/06/17 12:50:26 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/06/17 12:50:25 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/06/17 12:50:25 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/06/17 12:50:25 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/06/17 12:50:25 | 00,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll
[2009/06/17 12:50:25 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/06/17 12:50:25 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/06/17 12:50:25 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/06/17 12:50:25 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/06/17 12:50:25 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/06/17 12:50:25 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/06/17 12:50:25 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/06/17 12:50:24 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/06/17 12:50:24 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/06/17 12:50:24 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/06/17 12:50:23 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/06/17 12:50:23 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/17 12:50:23 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/06/17 12:50:23 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/06/17 12:50:22 | 00,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll
[2009/06/17 12:50:22 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/06/17 12:50:22 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/06/17 12:50:22 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/06/17 12:50:22 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/06/17 12:50:22 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/06/17 12:50:22 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/06/17 12:50:21 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL
[2009/06/17 12:50:21 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/06/17 12:50:21 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/06/17 12:50:21 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/17 12:50:21 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/06/17 12:50:21 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/06/17 12:50:21 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/06/17 12:50:21 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/06/17 12:50:21 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/06/17 12:50:20 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/06/17 12:50:20 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/06/17 12:50:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/06/17 12:50:20 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/06/17 12:50:20 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/06/17 12:50:20 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/06/17 12:50:19 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll
[2009/06/17 12:50:19 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/06/17 12:50:19 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2009/06/17 12:50:19 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/06/17 12:50:19 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/06/17 12:50:19 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/06/17 12:50:19 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/06/17 12:50:19 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/06/17 12:50:19 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/06/17 12:50:19 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/06/17 12:50:19 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/06/17 12:50:19 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/06/17 12:50:19 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/06/17 12:50:19 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/06/17 12:50:18 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL
[2009/06/17 12:50:18 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL
[2009/06/17 12:50:18 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/06/17 12:50:18 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/06/17 12:50:18 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/06/17 12:50:18 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/06/17 12:50:18 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/06/17 12:50:18 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/06/17 12:50:18 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/06/17 12:50:18 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/06/17 12:50:18 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/06/17 12:50:18 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/06/17 12:50:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/06/17 12:50:18 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/06/17 12:50:18 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/06/17 12:50:17 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2009/06/17 12:50:17 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/06/17 12:50:17 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/06/17 12:50:17 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/06/17 12:50:15 | 00,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpps.dll
[2009/06/17 12:50:15 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/06/17 12:50:15 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/06/17 12:50:15 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/06/17 12:50:14 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/06/17 12:50:14 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/06/17 12:50:14 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/06/17 12:50:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/06/17 12:50:10 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/06/17 12:50:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/06/17 12:50:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/06/17 12:50:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/06/17 12:50:09 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/06/17 12:50:09 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/06/17 12:50:06 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/06/17 12:49:59 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/06/17 12:49:54 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/06/17 11:36:26 | 00,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2009/06/17 11:36:26 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2009/06/17 11:19:59 | 00,001,928 | ---- | C] () -- C:\Users\Administrator\Desktop\HijackThis.lnk
[2009/06/17 11:19:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/06/17 11:13:00 | 00,000,268 | -H-- | C] () -- C:\sqmdata01.sqm
[2009/06/17 11:12:55 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2009/06/17 08:15:03 | 00,000,520 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20090617_081459.reg
[2009/06/17 08:04:06 | 00,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2009/06/17 08:04:06 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2009/06/17 01:19:53 | 00,000,520 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20090617_011951.reg
[2009/06/17 00:49:45 | 00,000,358 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20090617_004944.reg
[2009/06/17 00:49:33 | 00,005,890 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20090617_004929.reg
[2009/06/17 00:44:12 | 00,039,300 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20090617_004409.reg
[2009/06/17 00:40:44 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/06/17 00:40:43 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 00:40:40 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 00:40:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/17 00:40:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/06/17 00:38:16 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Yahoo!
[2009/06/17 00:38:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/06/17 00:38:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2009/06/17 00:38:14 | 00,001,724 | ---- | C] () -- C:\Users\Administrator\Desktop\CCleaner.lnk
[2009/06/17 00:38:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/06/16 16:19:14 | 00,032,631 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/16 16:18:42 | 00,032,631 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/16 16:11:19 | 00,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2009/06/12 20:13:26 | 00,001,910 | ---- | C] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2009/06/12 17:09:09 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/12 17:09:03 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/12 17:08:57 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/12 17:08:55 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/12 17:08:55 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/12 17:08:54 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/12 17:08:54 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/12 17:08:54 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/12 17:08:53 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/12 17:08:53 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/12 17:08:53 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/12 17:08:53 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/12 17:08:53 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/12 17:08:52 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/12 17:08:52 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/10 06:00:54 | 00,068,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2009/06/07 13:18:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009/05/21 17:51:48 | 00,041,808 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/03/14 12:47:15 | 00,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2009/02/12 20:08:50 | 00,000,026 | ---- | C] () -- C:\Windows\dvdSanta.INI
[2009/02/12 19:40:21 | 01,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/12 19:40:21 | 00,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/02/12 19:40:21 | 00,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/12 19:40:21 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/02/12 19:40:21 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/02/12 19:40:21 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2008/12/25 22:59:55 | 00,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 11:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006/11/02 07:34:27 | 00,000,336 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/06/18 23:39:28 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/06/18 20:05:56 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/06/18 20:05:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/06/18 20:05:44 | 00,032,631 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/06/18 20:05:41 | 00,032,631 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/06/18 20:05:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/18 20:05:27 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/18 19:48:51 | 00,530,106 | ---- | M] () -- C:\Users\Administrator\Desktop\LopSD.exe
[2009/06/18 19:46:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/06/18 19:46:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/06/18 09:12:53 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/06/18 09:12:53 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/06/18 00:35:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/06/18 00:35:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/06/17 23:07:51 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/06/17 23:07:51 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/06/17 22:25:58 | 00,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2009/06/17 19:23:41 | 00,000,336 | ---- | M] () -- C:\Windows\win.ini
[2009/06/17 19:22:43 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/06/17 19:22:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/06/17 16:25:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/06/17 16:25:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/06/17 14:51:38 | 00,000,944 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/06/17 14:46:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/06/17 14:46:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/06/17 11:36:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/17 11:36:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/17 11:19:59 | 00,001,928 | ---- | M] () -- C:\Users\Administrator\Desktop\HijackThis.lnk
[2009/06/17 11:13:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/06/17 11:12:55 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/17 08:15:04 | 00,000,520 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20090617_081459.reg
[2009/06/17 08:04:06 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/17 08:04:06 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/17 01:19:54 | 00,000,520 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20090617_011951.reg
[2009/06/17 00:49:47 | 00,000,358 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20090617_004944.reg
[2009/06/17 00:49:36 | 00,005,890 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20090617_004929.reg
[2009/06/17 00:44:26 | 00,039,300 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20090617_004409.reg
[2009/06/17 00:40:43 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/17 00:38:14 | 00,001,724 | ---- | M] () -- C:\Users\Administrator\Desktop\CCleaner.lnk
[2009/06/16 16:20:17 | 00,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2009/06/12 20:13:26 | 00,001,910 | ---- | M] () -- C:\Users\Public\Desktop\VIPRE.lnk
[2009/06/10 06:00:54 | 00,068,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\sbbd.exe
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/21 17:51:48 | 00,041,808 | ---- | M] () -- C:\Windows\System32\xfcodec.dll

========== LOP Check ==========

[2009/06/17 14:54:56 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming
[2008/12/29 21:10:13 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/03/14 13:18:58 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AOL
[2009/02/12 19:22:58 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2009/02/12 20:58:08 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DJ ToneXpress
[2008/12/25 19:37:07 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2008/12/25 21:34:12 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2008/12/25 19:48:12 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/06/17 00:40:44 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2006/11/02 10:07:25 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2009/04/09 00:05:34 | 00,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2009/03/25 09:54:28 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Move Networks
[2009/06/17 14:54:56 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/01/16 10:56:27 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OfficeGuardian
[2008/12/25 20:30:22 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sunbelt
[2009/06/17 14:51:36 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2009/06/17 14:54:56 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2009/06/14 01:42:29 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ventrilo
[2009/01/20 18:21:43 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2008/12/25 20:57:48 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2009/06/02 20:06:11 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire
[2009/06/17 00:38:16 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Yahoo!
[2009/06/18 20:05:29 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/06/18 20:00:51 | 00,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:02408B7D422B4B15
< End of report >




This post has been edited by Warnite: Jun 18 2009, 10:47 PM
Go to the top of the page
 
+Quote Post
Warnite
post Jun 18 2009, 10:48 PM
Post #8


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Sorry to double post but the last log was rather long. Here is the Extras.txt log.

OTL Extras logfile created on: 6/18/2009 11:43:03 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 401.93 Gb Free Space | 86.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNIE-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{00869A2C-4DF4-4041-BB9D-91E423BAACB0} = RPORT=445 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{07FD615B-F19E-4D86-BF1D-D99B736E0A6F} = LPORT=3724 | PROTOCOL=6 | DIR=IN | NAME=BLIZZARD DOWNLOADER: 3724 |
{1A4FB273-52D0-40EA-BD16-4C2150F09DA6} = RPORT=137 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{28A607B5-598B-48DA-A948-17F2733DA9F9} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{2A66D14B-633D-4EBB-A8E7-D030E7DFE08D} = RPORT=5355 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{2F084F8E-DAEA-4EB0-BFA8-DB567EC417C9} = RPORT=139 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{324B345D-830F-4673-BD08-88B0DC7E05DB} = LPORT=137 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |
{3421A5FE-77FF-4DDB-A070-EFF368110C95} = LPORT=RPC | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{3B9D2146-47A6-4828-951A-AD7988335F17} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{3F417B3F-FFBC-470C-B73F-BC9E7AD299B4} = LPORT=3702 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{471292D3-2B8D-4370-A190-C97DC63E53BD} = LPORT=3702 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{4E4180A8-4D91-4655-947A-4D0C7CFCAD40} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{4E6BCBA9-7279-45CF-BD6B-E2CF3DDE6811} = LPORT=138 | PROTOCOL=17 | DIR=IN | APP=SYSTEM |
{70A70A95-DE89-4172-904F-7628465F6E1D} = LPORT=67 | PROTOCOL=17 | DIR=IN | NAME=DHCP DISCOVERY SERVICE |
{72139886-829B-4AB0-899B-6166EE1CDD7A} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{765F4D44-BA1A-4E6A-9C58-40874B4E7E2D} = RPORT=3702 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{8A8447CE-EF1A-4108-BCE3-70AA79C52F98} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{9308EDF0-E970-476F-A0A3-AFBF0D888864} = LPORT=5355 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{9B58D0F6-F552-4E09-B240-5D73724520E7} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{A2C57675-2007-4DA9-BE7D-A4AEA05FC9AE} = RPORT=138 | PROTOCOL=17 | DIR=OUT | APP=SYSTEM |
{D1DE9A95-CE8A-48D5-B9EA-679C101E50BF} = LPORT=445 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{D819629E-8F97-4ED4-BE62-3EF497A9B3EF} = RPORT=3702 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{DAD2C12B-349A-4B63-84C5-F84CFDEAA8C7} = LPORT=6004 | PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{F13E9447-F9C2-4102-9C8D-E01E65881BEC} = LPORT=139 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{FAC6B4E4-CF3F-41F5-92D2-F7587D8A10AC} = LPORT=RPC-EPMAP | PROTOCOL=6 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28539 | SVC=RPCSS |

========== Vista Active Application Exception List ==========

{0AAED940-89F4-4317-8D44-4178CCF4A32F} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AOL 9.0\WAOL.EXE |
{13C607DE-1062-48B1-8C2B-596B654491CC} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WAOL.EXE |
{1614F928-7F22-49E9-9ECE-5C5506DE53F4} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{297AA0E2-5AF8-43AA-ACBA-02901C80B725} = PROTOCOL=17 | DIR=IN | APP=C:\UT2004\SYSTEM\UT2004.EXE |
{2AEF3DBB-C8AB-4EC5-B6A2-73C8E47D1D35} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{3BF2C89F-74D0-4918-89C1-183C6A9B4FCE} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{3FE89F2B-3718-4686-9973-81FFB08C526A} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{4967B43D-196D-44EC-AD04-9CE8F86AF0F5} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AOL 9.5\WAOL.EXE |
{5B6DB345-F645-47AD-8808-3329944F93C1} = PROTOCOL=58 | DIR=OUT | NAME=@FIREWALLAPI.DLL,-28546 |
{5BC9797B-8CEF-4A4D-9543-1AF2D46FCC82} = PROTOCOL=1 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28543 |
{5EBA40DB-5B54-478C-9BA3-9E112A60FD64} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{6BE78014-1209-4F77-802C-8A3D1BBA1279} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{6C743ACB-35B1-4727-8EDA-267D87AEB71C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{7320E20F-E516-454C-B574-60CD5B3BA57F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1230257227\EE\AOLSOFTWARE.EXE |
{7857A08E-EAC8-4944-9042-F91B367E5F40} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{84FA437C-92D4-45AB-A7DC-F14D7EB42043} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AOL 9.0\WAOL.EXE |
{8982DCE6-917B-481F-8103-38ED83CE1029} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\UNREAL TOURNAMENT 3\BINARIES\UT3.EXE |
{89968D7F-A2F2-4695-930D-1DD97A069495} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{8B743DE4-AA13-41C4-AED0-7F127BBC2005} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\UNREAL TOURNAMENT 3\BINARIES\UT3.EXE |
{8B93078C-A308-42B1-A687-FB0E7F5DDFEB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLACSD.EXE |
{A09BEDA0-5E2B-489B-B3B5-0B3B314D778D} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{A4155D6B-BD88-4477-830D-FF1802B57AF4} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{A5BDA89E-D56E-4F18-8DC5-6D561339432D} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{A7658729-DC2B-446D-9ACB-E6965BAB49E5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\ACS\AOLDIAL.EXE |
{AECCE52F-DC8B-48D7-8337-9628B359CE91} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\NMSRVC.EXE |
{B72F9ED3-A413-4DC3-B8D9-A15446B673A6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\TOPSPEED\3.0\AOLTPSD3.EXE |
{B8E2A768-B70D-469E-BA04-EE09CD7D4090} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\SYSTEM INFORMATION\SINF.EXE |
{C9CD88B4-353C-4C6A-A6E3-E2CFDD2E07E4} = PROTOCOL=6 | DIR=IN | APP=C:\UT2004\SYSTEM\UT2004.EXE |
{DE9D3486-F4D0-47B4-8438-5F709080B799} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\1230257227\EE\AOLSOFTWARE.EXE |
{DEDA2EDF-8457-45B7-9CF3-FA70B4AA3265} = PROTOCOL=58 | DIR=IN | NAME=@FIREWALLAPI.DLL,-28545 |
{EEAEAC49-3F62-4B80-B479-013E6973DDC1} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\WORLD OF WARCRAFT\BACKGROUNDDOWNLOADER.EXE |
{EF11D798-7371-4255-866A-5C84F27DB22B} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{F1490C00-825D-46C2-8827-7A1EA5265490} = PROTOCOL=1 | DIR=OUT | NAME=@FIREWALLAPI.DLL,-28544 |
{F91FE10A-596E-441D-BEE8-E9299E6F4292} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{F9D3E7BC-951B-4298-804A-3C15B809B442} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\WORLD OF WARCRAFT\BACKGROUNDDOWNLOADER.EXE |
{FA11514C-BCE1-461E-9D7E-0BFEAC64825A} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{FFE01AD4-68FB-4FE1-8227-F30F9EAD899F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\PURE NETWORKS SHARED\PLATFORM\NMSRVC.EXE |
TCP Query User{251D1AD5-5457-4AFB-A8AD-1E985DA2899D}C:\program files (x86)\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{28E81B3F-8560-4317-AD13-8B3A96467D76}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 0a80df90\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 0A80DF90\LAUNCHER.EXE |
TCP Query User{30EE667F-BCF5-4C9B-9842-91D2D6850460}C:\program files (x86)\world of warcraft\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\WORLD OF WARCRAFT\LAUNCHER.EXE |
TCP Query User{427AB054-6E91-4541-B603-A484222F40CE}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 211eaef8\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 211EAEF8\LAUNCHER.EXE |
TCP Query User{573F765E-0C02-4C9B-AE1B-45C05148530E}C:\program files (x86)\xfire\xfire.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\XFIRE\XFIRE.EXE |
TCP Query User{A68D41BB-2455-4C40-A947-E4B4C34830A0}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT™ II\RA2\GAME.EXE |
TCP Query User{C6EF7545-E27B-41EF-BCC0-DE2469EE3EFF}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 110ece58\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 110ECE58\LAUNCHER.EXE |
TCP Query User{E9A65DD3-0716-428F-A641-900084D74447}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 0ed5e5b8\launcher.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 0ED5E5B8\LAUNCHER.EXE |
TCP Query User{FBE6BA80-7E53-48EA-9667-9B442013289B}C:\program files (x86)\steam\steamapps\drico2006\team fortress 2\hl2.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DRICO2006\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{0213E211-0D2A-480D-B5A7-477986107C3A}C:\program files (x86)\steam\steamapps\drico2006\team fortress 2\hl2.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\STEAM\STEAMAPPS\DRICO2006\TEAM FORTRESS 2\HL2.EXE |
UDP Query User{1898D2A0-9871-457E-9390-C6A9A7904E18}C:\program files (x86)\xfire\xfire.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\XFIRE\XFIRE.EXE |
UDP Query User{5BE7D6A9-F18C-4887-9DC7-75A43A1C89E1}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 0ed5e5b8\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 0ED5E5B8\LAUNCHER.EXE |
UDP Query User{6F37ABB7-BF60-4A37-B67D-04CFE6EF51DC}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 0a80df90\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 0A80DF90\LAUNCHER.EXE |
UDP Query User{9733ED62-C970-4F81-AEA6-7EF64FEF0C50}C:\program files (x86)\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE |
UDP Query User{B0A651CF-B12A-4953-B791-82A75515621F}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 211eaef8\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 211EAEF8\LAUNCHER.EXE |
UDP Query User{C9FDB1E0-2E5B-4850-83C8-C5AF483182EB}C:\users\administrator\appdata\local\temp\blizzard launcher temporary - 110ece58\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\BLIZZARD LAUNCHER TEMPORARY - 110ECE58\LAUNCHER.EXE |
UDP Query User{FB76F006-862B-49B1-9F15-6558F749D2A3}C:\program files (x86)\world of warcraft\launcher.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\WORLD OF WARCRAFT\LAUNCHER.EXE |
UDP Query User{FE669DBF-A73B-4199-A5ED-EC8C62E91078}C:\program files (x86)\ea games\command & conquer the first decade\command & conquer red alert™ ii\ra2\game.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\EA GAMES\COMMAND & CONQUER THE FIRST DECADE\COMMAND & CONQUER RED ALERT™ II\RA2\GAME.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03261EAA-89BD-4BCB-9DC9-B34E41B9E0CC}" = VIPRE Antivirus + Antispyware
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB2.0 VIDBOX NW03
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{635E5FD4-5AF3-4EFD-8060-FE5113A1ECC1}" = ShowInfo
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB19A235-66D4-47F7-9904-BAF84ED25BB6}" = ImageMixer 3
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D1CB9533-B129-40B7-9B11-BB444BF52403}" = Pure Networks Platform
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E47080E6-502C-4DC3-9ABD-0277DA4A6A28}" = honestech VHS to DVD 3.0 Deluxe
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AnyDVD" = AnyDVD
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DJ ToneXpress" = DJ ToneXpress 4.5.3
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HijackThis" = HijackThis 2.0.2
"InstallShield_{30DC3C30-719B-46A9-A4FA-BBEEEE528B65}" = Linksys EasyLink Advisor
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}" = Linksys Dual-Band Wireless-N USB Network Adapter
"Magelo Sync" = Magelo Sync (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TomTom HOME" = TomTom HOME 2.6.2.1586
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GamezEventosMU" = GamezEventosMU

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2009 10:12:48 AM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 8:18:27 PM | Computer Name = Johnnie-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2009 8:19:22 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 8:22:30 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 8:24:29 PM | Computer Name = Johnnie-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2009 8:25:25 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 8:46:46 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 9:02:24 PM | Computer Name = Johnnie-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/18/2009 9:03:22 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/18/2009 9:05:55 PM | Computer Name = Johnnie-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/14/2009 11:38:49 AM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/15/2009 12:30:36 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/16/2009 8:23:56 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/17/2009 1:11:37 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/17/2009 10:02:10 PM | Computer Name = Johnnie-PC | Source = BROWSER | ID = 8032
Description =

Error - 5/18/2009 8:24:06 AM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/18/2009 12:28:51 PM | Computer Name = Johnnie-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.104 for the Network Card with network
address 0022150EF730 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/18/2009 12:51:19 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/19/2009 3:00:41 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =

Error - 5/20/2009 1:05:43 PM | Computer Name = Johnnie-PC | Source = HTTP | ID = 15016
Description =


< End of report >
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 19 2009, 04:01 PM
Post #9


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
Hi Warnite,


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O33 - MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\Shell\AutoRun\command - "" = L:\StarterOfficeGuardian.exe -- File not found
    O33 - MountPoints2\{b8c972f0-5b6a-11de-b1a8-00038a000015}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
Go to the top of the page
 
+Quote Post
Warnite
post Jun 19 2009, 04:23 PM
Post #10


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Ok ive pasted the code that you told me at the bottom, although the "Run Fix" button is at the top. It asked for a reboot so i rebooted the computer. When i rebooted the computer is came up with this log.

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75123ca9-e3e5-11dd-923c-00038a000015}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{75123ca9-e3e5-11dd-923c-00038a000015}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75123ca9-e3e5-11dd-923c-00038a000015}\ not found.
File L:\StarterOfficeGuardian.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8c972f0-5b6a-11de-b1a8-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8c972f0-5b6a-11de-b1a8-00038a000015}\ not found.
File K:\InstallTomTomHOME.exe not found.
========== COMMANDS ==========
File delete failed. C:\Users\Administrator\AppData\Local\Temp\CMLS--2009-06-19--11-37-11.log scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3C08.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3C15.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3C81.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3C8E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3CD0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DF3CDD.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Administrator\AppData\Local\Temp\~DFBE2D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTL by OldTimer - Version 2.1.1.0 log created on 06192009_171811

Files moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\CMLS--2009-06-19--11-37-11.log moved successfully.
File C:\Users\Administrator\AppData\Local\Temp\~DF3C08.tmp not found!
File C:\Users\Administrator\AppData\Local\Temp\~DF3C15.tmp not found!
File C:\Users\Administrator\AppData\Local\Temp\~DF3C81.tmp not found!
File C:\Users\Administrator\AppData\Local\Temp\~DF3C8E.tmp not found!
File C:\Users\Administrator\AppData\Local\Temp\~DF3CD0.tmp not found!
File C:\Users\Administrator\AppData\Local\Temp\~DF3CDD.tmp not found!
C:\Users\Administrator\AppData\Local\Temp\~DFBE2D.tmp moved successfully.

Registry entries deleted on Reboot...

I also noticed once the computer rebooted, there were 2 files on my desktop at the name of "desktop.ini". Just wondering if this is common after the reboot

This post has been edited by Warnite: Jun 19 2009, 04:25 PM
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 19 2009, 07:10 PM
Post #11


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
I have not heard of "desktop.ini" being added to the desktop. See if it is still there after a reboot.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.




Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Go to the top of the page
 
+Quote Post
Warnite
post Jun 22 2009, 09:39 PM
Post #12


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
Hi SpySentinel

Sorry for the long reply, was busy during the weekend for Farther's Day ect... Anyways i did as you asked. Here is my report i saved for Kapersky. As for the report for DrWeb.csv, not sure how to report that one, it opens with microsoft excel... Anyways here's the kapersky report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, June 22, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, June 22, 2009 22:57:55
Records in database: 2378674
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 128330
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:19:36

No malware has been detected. The scan area is clean.

The selected area was scanned.

I manged to open DrWeb.csv with notepad and the report was this...

htdvdauthor.dll;C:\Program Files (x86)\honestech VHS to DVD 3.0 Deluxe;Adware.Cinmus.origin;Incurable.Deleted.;

This post has been edited by Warnite: Jun 22 2009, 09:41 PM
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 24 2009, 05:31 PM
Post #13


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
No worries, hope you had a great fathers day.


How is your computer running?


Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
Warnite
post Jun 27 2009, 02:30 PM
Post #14


New Member
*

Group: Authentic Member
Posts: 17
Joined: 15-January 08
Member No.: 75,988
Operating System: Windows XP
My computer is doing so much better thanks to your help... seems like everything is back to normal. By the way.. here are the 2 logs from RSIT.

info.txt logfile of random's system information tool 1.06 2009-06-27 15:28:44

======Uninstall list======

-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
AOL Toolbar -->"C:\Program Files (x86)\AOL Toolbar\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files (x86)\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files (x86)\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files (x86)\Elaborate Bytes\CloneDVD2"
Comcast High-Speed Internet Install Wizard-->C:\Program Files (x86)\support.com\uninstall\chsi_uninstaller.exe
Command & Conquer The First Decade-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DJ ToneXpress 4.5.3-->C:\Program Files (x86)\DJ ToneXpress 4\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
dvdSanta 4.50-->"C:\Program Files (x86)\dvdSanta\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
honestech VHS to DVD 3.0 Deluxe-->C:\Program Files (x86)\InstallShield Installation Information\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}\setup.exe -runfromtemp -l0x0009 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
ImageMixer 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AB19A235-66D4-47F7-9904-BAF84ED25BB6}\SETUP.EXE" -l0x9 UNINSTALL -removeonly
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Linksys Dual-Band Wireless-N USB Network Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{90EC11E4-854E-4C0F-9B4C-76D6C7CF7C68}\setup.exe -runfromtemp -l0x0409
Linksys EasyLink Advisor-->"C:\Program Files (x86)\InstallShield Installation Information\{30DC3C30-719B-46A9-A4FA-BBEEEE528B65}\setup.exe" -runfromtemp -l0x0409 -removeonly
Magelo Sync (uninstall only)-->"C:\Program Files (x86)\Magelo\Magelo Sync\UnInstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Move Networks Media Player for Internet Explorer-->C:\Users\Administrator\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0.11)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA ForceWare Network Access Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
ShowInfo-->MsiExec.exe /X{635E5FD4-5AF3-4EFD-8060-FE5113A1ECC1}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
TomTom HOME 2.6.2.1586-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
USB2.0 VIDBOX NW03 -->C:\Program Files (x86)\InstallShield Installation Information\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}\setup.exe -runfromtemp -l0x0009 -removeonly
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files (x86)\Xfire\uninst.exe"
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\Users\ADMINI~1\AppData\Local\Temp\294479031754mxx.dll,DllMain [2009-06-18]

======Security center information======

AV: Sunbelt VIPRE
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: Sunbelt VIPRE

======System event log======

Computer Name: Johnnie-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 12931
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090110030442.263733-000
Event Type: Error
User:

Computer Name: Johnnie-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 12917
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090110023941.104400-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Johnnie-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001EE5DCE677. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 12907
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090110014223.000000-000
Event Type: Warning
User:

Computer Name: Johnnie-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001EE5DCE677. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 12904
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090110014150.000000-000
Event Type: Warning
User:

Computer Name: Johnnie-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001EE5DCE677. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 12903
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090110014150.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Johnnie-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2181739780-1661913245-1849498853-500:
Process 504 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2181739780-1661913245-1849498853-500
Process 380 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2181739780-1661913245-1849498853-500

Record Number: 126
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20081226012616.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Johnnie-PC
Event Code: 1000
Message: Faulting application setup.exe_Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter, version 12.0.0.49974, time stamp 0x4475d140, faulting module ISSetup.dll, version 12.0.0.49974, time stamp 0x4471f0ea, exception code 0xc0000005, fault offset 0x00093267, process id 0x494, application start time 0x01c966f2a5bc8946.
Record Number: 55
Source Name: Application Error
Time Written: 20081226004157.000000-000
Event Type: Error
User:

Computer Name: Johnnie-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 29
Source Name: Microsoft-Windows-WMI
Time Written: 20081226003505.000000-000
Event Type: Error
User:

Computer Name: Johnnie-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 23
Source Name: Microsoft-Windows-Search
Time Written: 20081226023453.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B3-02
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20081226023139.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B3-02
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B3-02$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x220
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081226022903.403040-000
Event Type: Audit Success
User:

Computer Name: 26L2233B3-02
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x8cd1f
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081226022858.067806-000
Event Type: Audit Success
User:

Computer Name: 26L2233B3-02
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081226022855.119387-000
Event Type: Audit Success
User:

Computer Name: 26L2233B3-02
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081226022855.119387-000
Event Type: Audit Success
User:

Computer Name: 26L2233B3-02
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x21410

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121034608.538800-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


and

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-06-27 15:28:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 377 GB (79%) free of 477 GB
Total RAM: 8190 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:42 PM, on 6/27/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\aol toolbar\AolTbServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Administrator\Desktop\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9822 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Loader - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2008-11-05 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files (x86)\AOL Toolbar\aoltb.dll [2008-11-05 1275176]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nmctxth"=C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SBAMTray"=C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe [2009-06-10 959784]
"AppleSyncNotifier"=C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SBAMSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-27 15:28:41 ----D---- C:\rsit
2009-06-24 20:25:19 ----SHD---- C:\Config.Msi
2009-06-24 20:21:42 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2009-06-24 20:19:28 ----D---- C:\ProgramData\NOS
2009-06-24 20:19:28 ----D---- C:\Program Files (x86)\NOS
2009-06-21 00:17:32 ----A---- C:\Windows\system32\javaws.exe
2009-06-21 00:17:32 ----A---- C:\Windows\system32\javaw.exe
2009-06-21 00:17:32 ----A---- C:\Windows\system32\java.exe
2009-06-20 18:56:24 ----D---- C:\Users\Administrator\AppData\Roaming\Apple Computer
2009-06-20 18:56:10 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-20 18:55:54 ----D---- C:\Program Files (x86)\iPod
2009-06-20 18:55:52 ----D---- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
2009-06-20 18:55:52 ----D---- C:\Program Files (x86)\iTunes
2009-06-20 18:55:33 ----D---- C:\Program Files (x86)\Bonjour
2009-06-20 18:55:10 ----D---- C:\ProgramData\Apple Computer
2009-06-20 18:55:10 ----D---- C:\Program Files (x86)\QuickTime
2009-06-20 18:54:51 ----D---- C:\Program Files (x86)\Apple Software Update
2009-06-20 18:53:28 ----D---- C:\ProgramData\Apple
2009-06-20 18:53:28 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-06-20 18:43:27 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-19 17:18:11 ----D---- C:\_OTL
2009-06-18 12:14:45 ----D---- C:\Downloads
2009-06-17 22:28:08 ----A---- C:\Windows\ntbtlog.txt
2009-06-17 15:22:02 ----D---- C:\VundoFix Backups
2009-06-17 15:22:02 ----A---- C:\VundoFix.txt
2009-06-17 14:55:10 ----D---- C:\ProgramData\TomTom
2009-06-17 14:54:56 ----D---- C:\Users\Administrator\AppData\Roaming\TomTom
2009-06-17 14:54:56 ----D---- C:\Users\Administrator\AppData\Roaming\Mozilla
2009-06-17 14:54:52 ----D---- C:\Program Files (x86)\TomTom International B.V
2009-06-17 14:54:34 ----D---- C:\Program Files (x86)\TomTom HOME 2
2009-06-17 14:53:54 ----D---- C:\Program Files (x86)\TomTom DesktopSuite
2009-06-17 14:51:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-06-17 14:51:36 ----D---- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2009-06-17 14:51:36 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-06-17 13:12:19 ----D---- C:\Windows\system32\vi-VN
2009-06-17 13:12:19 ----D---- C:\Windows\system32\eu-ES
2009-06-17 13:12:19 ----D---- C:\Windows\system32\ca-ES
2009-06-17 12:52:26 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-06-17 12:52:22 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-06-17 12:52:21 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-06-17 12:52:19 ----A---- C:\Windows\system32\SLCExt.dll
2009-06-17 12:52:17 ----A---- C:\Windows\system32\mssrch.dll
2009-06-17 12:52:15 ----A---- C:\Windows\system32\WscEapPr.dll
2009-06-17 12:52:15 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-06-17 12:52:12 ----A---- C:\Windows\system32\tquery.dll
2009-06-17 12:52:11 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-17 12:52:10 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-06-17 12:52:09 ----A---- C:\Windows\system32\RMActivate.exe
2009-06-17 12:52:08 ----A---- C:\Windows\system32\msi.dll
2009-06-17 12:52:06 ----A---- C:\Windows\system32\imapi2fs.dll
2009-06-17 12:52:05 ----A---- C:\Windows\system32\secproc_isv.dll
2009-06-17 12:52:02 ----A---- C:\Windows\system32\mf.dll
2009-06-17 12:52:02 ----A---- C:\Windows\system32\icardagt.exe
2009-06-17 12:52:00 ----A---- C:\Windows\system32\spwizui.dll
2009-06-17 12:52:00 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-06-17 12:51:59 ----A---- C:\Windows\system32\spreview.exe
2009-06-17 12:51:59 ----A---- C:\Windows\system32\spinstall.exe
2009-06-17 12:51:58 ----A---- C:\Windows\system32\drmv2clt.dll
2009-06-17 12:51:57 ----A---- C:\Windows\system32\shell32.dll
2009-06-17 12:51:57 ----A---- C:\Windows\system32\secproc.dll
2009-06-17 12:51:56 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-06-17 12:51:56 ----A---- C:\Windows\system32\p2psvc.dll
2009-06-17 12:51:56 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-06-17 12:51:56 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-06-17 12:51:55 ----A---- C:\Windows\system32\mssvp.dll
2009-06-17 12:51:55 ----A---- C:\Windows\system32\mscoree.dll
2009-06-17 12:51:55 ----A---- C:\Windows\system32\kernel32.dll
2009-06-17 12:51:54 ----A---- C:\Windows\system32\ntdll.dll
2009-06-17 12:51:54 ----A---- C:\Windows\system32\mssphtb.dll
2009-06-17 12:51:54 ----A---- C:\Windows\system32\mssph.dll
2009-06-17 12:51:54 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-06-17 12:51:54 ----A---- C:\Windows\system32\imapi2.dll
2009-06-17 12:51:53 ----A---- C:\Windows\system32\sdohlp.dll
2009-06-17 12:51:52 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-06-17 12:51:52 ----A---- C:\Windows\system32\esent.dll
2009-06-17 12:51:52 ----A---- C:\Windows\system32\DevicePairing.dll
2009-06-17 12:51:51 ----A---- C:\Windows\system32\sperror.dll
2009-06-17 12:51:51 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-06-17 12:51:51 ----A---- C:\Windows\system32\korwbrkr.dll
2009-06-17 12:51:50 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-06-17 12:51:50 ----A---- C:\Windows\system32\wmp.dll
2009-06-17 12:51:50 ----A---- C:\Windows\system32\SLC.dll
2009-06-17 12:51:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-06-17 12:51:50 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-17 12:51:50 ----A---- C:\Windows\system32\msshsq.dll
2009-06-17 12:51:50 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-06-17 12:51:49 ----A---- C:\Windows\system32\msxml6.dll
2009-06-17 12:51:49 ----A---- C:\Windows\system32\msjet40.dll
2009-06-17 12:51:48 ----A---- C:\Windows\system32\Query.dll
2009-06-17 12:51:48 ----A---- C:\Windows\system32\EhStorShell.dll
2009-06-17 12:51:47 ----A---- C:\Windows\system32\user32.dll
2009-06-17 12:51:47 ----A---- C:\Windows\system32\P2PGraph.dll
2009-06-17 12:51:47 ----A---- C:\Windows\system32\msexch40.dll
2009-06-17 12:51:46 ----A---- C:\Windows\system32\srchadmin.dll
2009-06-17 12:51:46 ----A---- C:\Windows\system32\ole32.dll
2009-06-17 12:51:46 ----A---- C:\Windows\system32\msxml3.dll
2009-06-17 12:51:46 ----A---- C:\Windows\system32\IasMigReader.exe
2009-06-17 12:51:46 ----A---- C:\Windows\explorer.exe
2009-06-17 12:51:45 ----A---- C:\Windows\system32\gdi32.dll
2009-06-17 12:51:45 ----A---- C:\Windows\system32\EncDec.dll
2009-06-17 12:51:44 ----A---- C:\Windows\system32\mmc.exe
2009-06-17 12:51:44 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-06-17 12:51:44 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-06-17 12:51:43 ----A---- C:\Windows\system32\riched20.dll
2009-06-17 12:51:43 ----A---- C:\Windows\system32\RacEngn.dll
2009-06-17 12:51:43 ----A---- C:\Windows\system32\Magnify.exe
2009-06-17 12:51:43 ----A---- C:\Windows\system32\fdBth.dll
2009-06-17 12:51:42 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-06-17 12:51:42 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-06-17 12:51:42 ----A---- C:\Windows\system32\milcore.dll
2009-06-17 12:51:42 ----A---- C:\Windows\system32\CertEnroll.dll
2009-06-17 12:51:42 ----A---- C:\Windows\system32\bcrypt.dll
2009-06-17 12:51:41 ----A---- C:\Windows\system32\spoolss.dll
2009-06-17 12:51:41 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-06-17 12:51:37 ----A---- C:\Windows\system32\msjtes40.dll
2009-06-17 12:51:36 ----A---- C:\Windows\system32\Storprop.dll
2009-06-17 12:51:36 ----A---- C:\Windows\system32\msvcp60.dll
2009-06-17 12:51:36 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-17 12:51:36 ----A---- C:\Windows\system32\gpedit.dll
2009-06-17 12:51:35 ----A---- C:\Windows\system32\mstext40.dll
2009-06-17 12:51:35 ----A---- C:\Windows\system32\es.dll
2009-06-17 12:51:35 ----A---- C:\Windows\system32\advapi32.dll
2009-06-17 12:51:34 ----A---- C:\Windows\system32\WMPhoto.dll
2009-06-17 12:51:34 ----A---- C:\Windows\system32\WebClnt.dll
2009-06-17 12:51:34 ----A---- C:\Windows\system32\slwmi.dll
2009-06-17 12:51:34 ----A---- C:\Windows\system32\msexcl40.dll
2009-06-17 12:51:33 ----A---- C:\Windows\system32\vssapi.dll
2009-06-17 12:51:33 ----A---- C:\Windows\system32\msxbde40.dll
2009-06-17 12:51:33 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-06-17 12:51:33 ----A---- C:\Windows\system32\comsvcs.dll
2009-06-17 12:51:32 ----A---- C:\Windows\system32\mstscax.dll
2009-06-17 12:51:32 ----A---- C:\Windows\system32\authui.dll
2009-06-17 12:51:31 ----A---- C:\Windows\system32\propsys.dll
2009-06-17 12:51:31 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-17 12:51:31 ----A---- C:\Windows\system32\newdev.dll
2009-06-17 12:51:31 ----A---- C:\Windows\system32\msrepl40.dll
2009-06-17 12:51:30 ----A---- C:\Windows\system32\setupapi.dll
2009-06-17 12:51:30 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-17 12:51:30 ----A---- C:\Windows\system32\iasrecst.dll
2009-06-17 12:51:30 ----A---- C:\Windows\system32\explorer.exe
2009-06-17 12:51:30 ----A---- C:\Windows\system32\eudcedit.exe
2009-06-17 12:51:30 ----A---- C:\Windows\system32\crypt32.dll
2009-06-17 12:51:29 ----A---- C:\Windows\system32\mspbde40.dll
2009-06-17 12:51:29 ----A---- C:\Windows\system32\d3d9.dll
2009-06-17 12:51:28 ----A---- C:\Windows\system32\msltus40.dll
2009-06-17 12:51:28 ----A---- C:\Windows\system32\davclnt.dll
2009-06-17 12:51:27 ----A---- C:\Windows\system32\shlwapi.dll
2009-06-17 12:51:27 ----A---- C:\Windows\system32\msrd3x40.dll
2009-06-17 12:51:27 ----A---- C:\Windows\system32\mfc42.dll
2009-06-17 12:51:27 ----A---- C:\Windows\system32\browseui.dll
2009-06-17 12:51:26 ----A---- C:\Windows\system32\wevtapi.dll
2009-06-17 12:51:26 ----A---- C:\Windows\system32\photowiz.dll
2009-06-17 12:51:26 ----A---- C:\Windows\system32\nlhtml.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\win32spl.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\quartz.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\oleaut32.dll
2009-06-17 12:51:23 ----A---- C:\Windows\system32\kerberos.dll
2009-06-17 12:51:22 ----A---- C:\Windows\system32\winhttp.dll
2009-06-17 12:51:22 ----A---- C:\Windows\system32\netshell.dll
2009-06-17 12:51:22 ----A---- C:\Windows\system32\mswstr10.dll
2009-06-17 12:51:22 ----A---- C:\Windows\system32\msv1_0.dll
2009-06-17 12:51:22 ----A---- C:\Windows\system32\apds.dll
2009-06-17 12:51:21 ----A---- C:\Windows\system32\xmlfilter.dll
2009-06-17 12:51:21 ----A---- C:\Windows\system32\msvcrt.dll
2009-06-17 12:51:21 ----A---- C:\Windows\system32\msctf.dll
2009-06-17 12:51:21 ----A---- C:\Windows\system32\mfc42u.dll
2009-06-17 12:51:20 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-06-17 12:51:20 ----A---- C:\Windows\system32\secur32.dll
2009-06-17 12:51:20 ----A---- C:\Windows\system32\msrd2x40.dll
2009-06-17 12:51:20 ----A---- C:\Windows\system32\eapphost.dll
2009-06-17 12:51:19 ----A---- C:\Windows\system32\shdocvw.dll
2009-06-17 12:51:19 ----A---- C:\Windows\system32\propdefs.dll
2009-06-17 12:51:19 ----A---- C:\Windows\system32\odbc32.dll
2009-06-17 12:51:18 ----A---- C:\Windows\system32\WsmSvc.dll
2009-06-17 12:51:18 ----A---- C:\Windows\system32\wevtutil.exe
2009-06-17 12:51:18 ----A---- C:\Windows\system32\mssitlb.dll
2009-06-17 12:51:18 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-06-17 12:51:18 ----A---- C:\Windows\system32\dbgeng.dll
2009-06-17 12:51:17 ----A---- C:\Windows\system32\usp10.dll
2009-06-17 12:51:15 ----A---- C:\Windows\system32\drvinst.exe
2009-06-17 12:51:14 ----A---- C:\Windows\system32\schannel.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\netlogon.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\msscb.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\msctfp.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\devmgr.dll
2009-06-17 12:51:14 ----A---- C:\Windows\system32\adsldpc.dll
2009-06-17 12:51:13 ----A---- C:\Windows\system32\WSDApi.dll
2009-06-17 12:51:13 ----A---- C:\Windows\system32\Wldap32.dll
2009-06-17 12:51:13 ----A---- C:\Windows\system32\wcnwiz.dll
2009-06-17 12:51:13 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-06-17 12:51:13 ----A---- C:\Windows\system32\evr.dll
2009-06-17 12:51:12 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-06-17 12:51:11 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-06-17 12:51:11 ----A---- C:\Windows\system32\services.exe
2009-06-17 12:51:11 ----A---- C:\Windows\system32\mimefilt.dll
2009-06-17 12:51:11 ----A---- C:\Windows\system32\comdlg32.dll
2009-06-17 12:51:11 ----A---- C:\Windows\system32\adtschema.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\wcncsvc.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\msjter40.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\msdtcprx.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\msdrm.dll
2009-06-17 12:51:10 ----A---- C:\Windows\system32\certcli.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\taskeng.exe
2009-06-17 12:51:09 ----A---- C:\Windows\system32\rtffilt.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\reg.exe
2009-06-17 12:51:09 ----A---- C:\Windows\system32\mswdat10.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\dnsapi.dll
2009-06-17 12:51:09 ----A---- C:\Windows\system32\certutil.exe
2009-06-17 12:51:08 ----A---- C:\Windows\system32\msshooks.dll
2009-06-17 12:51:08 ----A---- C:\Windows\system32\msscntrs.dll
2009-06-17 12:51:07 ----A---- C:\Windows\system32\rsaenh.dll
2009-06-17 12:51:07 ----A---- C:\Windows\system32\msihnd.dll
2009-06-17 12:51:07 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-06-17 12:51:06 ----A---- C:\Windows\system32\msstrc.dll
2009-06-17 12:51:06 ----A---- C:\Windows\system32\inetcomm.dll
2009-06-17 12:51:06 ----A---- C:\Windows\system32\dfshim.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\netapi32.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\mtxclu.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\mscories.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\hidserv.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\fundisc.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-06-17 12:51:05 ----A---- C:\Windows\system32\cryptsvc.dll
2009-06-17 12:51:04 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-06-17 12:51:04 ----A---- C:\Windows\system32\gameux.dll
2009-06-17 12:51:03 ----A---- C:\Windows\system32\wdc.dll
2009-06-17 12:51:03 ----A---- C:\Windows\system32\shsvcs.dll
2009-06-17 12:51:03 ----A---- C:\Windows\system32\msiexec.exe
2009-06-17 12:51:03 ----A---- C:\Windows\system32\imapi.dll
2009-06-17 12:51:03 ----A---- C:\Windows\system32\chsbrkr.dll
2009-06-17 12:51:02 ----A---- C:\Windows\system32\pnidui.dll
2009-06-17 12:51:02 ----A---- C:\Windows\system32\imm32.dll
2009-06-17 12:51:02 ----A---- C:\Windows\system32\iassdo.dll
2009-06-17 12:51:01 ----A---- C:\Windows\system32\spcmsg.dll
2009-06-17 12:51:01 ----A---- C:\Windows\system32\slmgr.vbs
2009-06-17 12:51:01 ----A---- C:\Windows\system32\scrrun.dll
2009-06-17 12:51:01 ----A---- C:\Windows\system32\autofmt.exe
2009-06-17 12:51:00 ----A---- C:\Windows\system32\pdh.dll
2009-06-17 12:51:00 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-06-17 12:51:00 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-06-17 12:51:00 ----A---- C:\Windows\system32\azroles.dll
2009-06-17 12:50:59 ----A---- C:\Windows\system32\wmpmde.dll
2009-06-17 12:50:59 ----A---- C:\Windows\system32\pidgenx.dll
2009-06-17 12:50:58 ----A---- C:\Windows\system32\winlogon.exe
2009-06-17 12:50:58 ----A---- C:\Windows\system32\SyncCenter.dll
2009-06-17 12:50:58 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-06-17 12:50:58 ----A---- C:\Windows\system32\comuid.dll
2009-06-17 12:50:57 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-06-17 12:50:57 ----A---- C:\Windows\system32\spp.dll
2009-06-17 12:50:57 ----A---- C:\Windows\system32\sethc.exe
2009-06-17 12:50:57 ----A---- C:\Windows\system32\ncrypt.dll
2009-06-17 12:50:57 ----A---- C:\Windows\system32\iassam.dll
2009-06-17 12:50:57 ----A---- C:\Windows\system32\certmgr.dll
2009-06-17 12:50:56 ----A---- C:\Windows\system32\untfs.dll
2009-06-17 12:50:56 ----A---- C:\Windows\system32\taskcomp.dll
2009-06-17 12:50:56 ----A---- C:\Windows\system32\scrobj.dll
2009-06-17 12:50:56 ----A---- C:\Windows\system32\rtutils.dll
2009-06-17 12:50:55 ----A---- C:\Windows\system32\autochk.exe
2009-06-17 12:50:54 ----A---- C:\Windows\system32\iasnap.dll
2009-06-17 12:50:53 ----A---- C:\Windows\system32\printui.dll
2009-06-17 12:50:53 ----A---- C:\Windows\system32\autoconv.exe
2009-06-17 12:50:52 ----A---- C:\Windows\system32\WMVDECOD.DLL
2009-06-17 12:50:52 ----A---- C:\Windows\system32\onex.dll
2009-06-17 12:50:52 ----A---- C:\Windows\system32\cscript.exe
2009-06-17 12:50:52 ----A---- C:\Windows\system32\basecsp.dll
2009-06-17 12:50:52 ----A---- C:\Windows\system32\audiodg.exe
2009-06-17 12:50:51 ----A---- C:\Windows\system32\userenv.dll
2009-06-17 12:50:51 ----A---- C:\Windows\system32\osk.exe
2009-06-17 12:50:51 ----A---- C:\Windows\system32\mswsock.dll
2009-06-17 12:50:49 ----A---- C:\Windows\system32\winmm.dll
2009-06-17 12:50:49 ----A---- C:\Windows\system32\RelMon.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\WinSCard.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-06-17 12:50:48 ----A---- C:\Windows\system32\WerFault.exe
2009-06-17 12:50:48 ----A---- C:\Windows\system32\Utilman.exe
2009-06-17 12:50:48 ----A---- C:\Windows\system32\stobject.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\rdpencom.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\offfilt.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\msftedit.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\mfplat.dll
2009-06-17 12:50:48 ----A---- C:\Windows\system32\diskraid.exe
2009-06-17 12:50:48 ----A---- C:\Windows\system32\apphelp.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\wscript.exe
2009-06-17 12:50:47 ----A---- C:\Windows\system32\ulib.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\SndVol.exe
2009-06-17 12:50:47 ----A---- C:\Windows\system32\prnntfy.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\odbccp32.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\msnetobj.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\mscms.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-06-17 12:50:47 ----A---- C:\Windows\system32\iasdatastore.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\dsound.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\cryptui.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\AudioEng.dll
2009-06-17 12:50:47 ----A---- C:\Windows\system32\adsmsext.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\wscntfy.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\wlangpui.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\rastapi.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\pnpsetup.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\fdProxy.dll
2009-06-17 12:50:46 ----A---- C:\Windows\system32\diskpart.exe
2009-06-17 12:50:45 ----A---- C:\Windows\system32\rastls.dll
2009-06-17 12:50:45 ----A---- C:\Windows\system32\iashlpr.dll
2009-06-17 12:50:45 ----A---- C:\Windows\system32\gpapi.dll
2009-06-17 12:50:44 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-06-17 12:50:44 ----A---- C:\Windows\system32\vdsdyn.dll
2009-06-17 12:50:44 ----A---- C:\Windows\system32\netiohlp.dll
2009-06-17 12:50:44 ----A---- C:\Windows\system32\logman.exe
2009-06-17 12:50:43 ----A---- C:\Windows\system32\wusa.exe
2009-06-17 12:50:43 ----A---- C:\Windows\system32\rasapi32.dll
2009-06-17 12:50:43 ----A---- C:\Windows\system32\ntprint.dll
2009-06-17 12:50:43 ----A---- C:\Windows\system32\mscorier.dll
2009-06-17 12:50:43 ----A---- C:\Windows\system32\iasrad.dll
2009-06-17 12:50:42 ----A---- C:\Windows\system32\zipfldr.dll
2009-06-17 12:50:42 ----A---- C:\Windows\system32\wshext.dll
2009-06-17 12:50:42 ----A---- C:\Windows\system32\netcenter.dll
2009-06-17 12:50:42 ----A---- C:\Windows\system32\findstr.exe
2009-06-17 12:50:40 ----A---- C:\Windows\system32\wsnmp32.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\wer.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\tsbyuv.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\themecpl.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\rasdlg.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\mssprxy.dll
2009-06-17 12:50:40 ----A---- C:\Windows\system32\iassvcs.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\slcc.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\scansetting.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\powrprof.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\ntmarta.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\msutb.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\mstsc.exe
2009-06-17 12:50:39 ----A---- C:\Windows\system32\mstlsapi.dll
2009-06-17 12:50:39 ----A---- C:\Windows\system32\iasads.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\wlanhlp.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\powercpl.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\newdev.exe
2009-06-17 12:50:38 ----A---- C:\Windows\system32\networkmap.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\lpk.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\icardres.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\iasacct.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\connect.dll
2009-06-17 12:50:38 ----A---- C:\Windows\system32\authz.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\usercpl.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\themeui.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\systemcpl.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\sud.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\samlib.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\pcaui.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\mmci.dll
2009-06-17 12:50:37 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-06-17 12:50:36 ----A---- C:\Windows\system32\wlanpref.dll
2009-06-17 12:50:36 ----A---- C:\Windows\system32\rpchttp.dll
2009-06-17 12:50:36 ----A---- C:\Windows\system32\qdvd.dll
2009-06-17 12:50:36 ----A---- C:\Windows\system32\autoplay.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\wpcao.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\vdsutil.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\tapisrv.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\scksp.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\regapi.dll
2009-06-17 12:50:35 ----A---- C:\Windows\system32\msinfo32.exe
2009-06-17 12:50:35 ----A---- C:\Windows\system32\feclient.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\WMPEncEn.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\scesrv.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\rekeywiz.exe
2009-06-17 12:50:34 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\oleprn.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\mpr.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\Faultrep.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\dot3msm.dll
2009-06-17 12:50:34 ----A---- C:\Windows\system32\AudioSes.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\wscisvif.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\qedit.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\perfdisk.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\ncryptui.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\iaspolcy.dll
2009-06-17 12:50:33 ----A---- C:\Windows\system32\dpapimig.exe
2009-06-17 12:50:33 ----A---- C:\Windows\system32\certreq.exe
2009-06-17 12:50:32 ----A---- C:\Windows\system32\scecli.dll
2009-06-17 12:50:32 ----A---- C:\Windows\system32\rasgcw.dll
2009-06-17 12:50:32 ----A---- C:\Windows\system32\hdwwiz.exe
2009-06-17 12:50:32 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-06-17 12:50:31 ----A---- C:\Windows\system32\TSTheme.exe
2009-06-17 12:50:31 ----A---- C:\Windows\system32\tcpmon.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\spwinsat.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\rasplap.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\fdWSD.dll
2009-06-17 12:50:31 ----A---- C:\Windows\system32\cmmon32.exe
2009-06-17 12:50:30 ----A---- C:\Windows\system32\whealogr.dll
2009-06-17 12:50:29 ----A---- C:\Windows\system32\SCardSvr.dll
2009-06-17 12:50:29 ----A---- C:\Windows\system32\raschap.dll
2009-06-17 12:50:29 ----A---- C:\Windows\system32\fontext.dll
2009-06-17 12:50:29 ----A---- C:\Windows\system32\conime.exe
2009-06-17 12:50:29 ----A---- C:\Windows\system32\cmdial32.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-06-17 12:50:28 ----A---- C:\Windows\system32\wlanui.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\wlanmsm.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\wiaaut.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\shwebsvc.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\rasppp.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\oobefldr.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\dsprop.dll
2009-06-17 12:50:28 ----A---- C:\Windows\system32\dimsroam.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\shsetup.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\rasmontr.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\mscandui.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\modemui.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\dataclen.dll
2009-06-17 12:50:27 ----A---- C:\Windows\system32\chtbrkr.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\WSDMon.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\wpcsvc.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\wmpeffects.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\networkexplorer.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\netplwiz.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\ifmon.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\credui.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\blackbox.dll
2009-06-17 12:50:26 ----A---- C:\Windows\system32\AUDIOKSE.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\wscapi.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\wpdwcn.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\thawbrkr.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\softkbd.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\sendmail.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\msscp.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\msimtf.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\logagent.exe
2009-06-17 12:50:25 ----A---- C:\Windows\system32\InkEd.dll
2009-06-17 12:50:25 ----A---- C:\Windows\system32\gpresult.exe
2009-06-17 12:50:25 ----A---- C:\Windows\system32\cipher.exe
2009-06-17 12:50:24 ----A---- C:\Windows\system32\msctfui.dll
2009-06-17 12:50:24 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-06-17 12:50:24 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-06-17 12:50:23 ----A---- C:\Windows\system32\olepro32.dll
2009-06-17 12:50:23 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-06-17 12:50:23 ----A---- C:\Windows\system32\dmsynth.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\wshbth.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\wmdrmdev.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\version.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\puiapi.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\mprapi.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\input.dll
2009-06-17 12:50:22 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-06-17 12:50:21 ----A---- C:\Windows\system32\WMADMOD.DLL
2009-06-17 12:50:21 ----A---- C:\Windows\system32\msisip.dll
2009-06-17 12:50:21 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-06-17 12:50:21 ----A---- C:\Windows\system32\fdSSDP.dll
2009-06-17 12:50:21 ----A---- C:\Windows\system32\fc.exe
2009-06-17 12:50:21 ----A---- C:\Windows\system32\dmusic.dll
2009-06-17 12:50:21 ----A---- C:\Windows\system32\cscapi.dll
2009-06-17 12:50:20 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-06-17 12:50:20 ----A---- C:\Windows\system32\msjint40.dll
2009-06-17 12:50:20 ----A---- C:\Windows\system32\l2nacp.dll
2009-06-17 12:50:20 ----A---- C:\Windows\system32\ftp.exe
2009-06-17 12:50:20 ----A---- C:\Windows\system32\eapp3hst.dll
2009-06-17 12:50:20 ----A---- C:\Windows\system32\cscdll.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\wsdchngr.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\wmdrmnet.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\rrinstaller.exe
2009-06-17 12:50:19 ----A---- C:\Windows\system32\rasdial.exe
2009-06-17 12:50:19 ----A---- C:\Windows\system32\rasdiag.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\ipconfig.exe
2009-06-17 12:50:19 ----A---- C:\Windows\system32\fdWCN.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\eappcfg.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\dot3cfg.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-06-17 12:50:19 ----A---- C:\Windows\system32\bthudtask.exe
2009-06-17 12:50:19 ----A---- C:\Windows\system32\aaclient.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\tscupgrd.exe
2009-06-17 12:50:18 ----A---- C:\Windows\system32\slcinst.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\ocsetup.exe
2009-06-17 12:50:18 ----A---- C:\Windows\system32\nslookup.exe
2009-06-17 12:50:18 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-06-17 12:50:18 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-06-17 12:50:18 ----A---- C:\Windows\system32\mmcico.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\mfps.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\mfpmp.exe
2009-06-17 12:50:18 ----A---- C:\Windows\system32\hbaapi.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\fdeploy.dll
2009-06-17 12:50:18 ----A---- C:\Windows\system32\eappgnui.dll
2009-06-17 12:50:17 ----A---- C:\Windows\system32\tsgqec.dll
2009-06-17 12:50:17 ----A---- C:\Windows\system32\NcdProp.dll
2009-06-17 12:50:17 ----A---- C:\Windows\system32\gpupdate.exe
2009-06-17 12:50:17 ----A---- C:\Windows\system32\atmlib.dll
2009-06-17 12:50:15 ----A---- C:\Windows\system32\wmpps.dll
2009-06-17 12:50:15 ----A---- C:\Windows\system32\vdmdbg.dll
2009-06-17 12:50:15 ----A---- C:\Windows\system32\slwga.dll
2009-06-17 12:50:15 ----A---- C:\Windows\system32\odbcconf.dll
2009-06-17 12:50:14 ----A---- C:\Windows\system32\winrnr.dll
2009-06-17 12:50:14 ----A---- C:\Windows\system32\midimap.dll
2009-06-17 12:50:14 ----A---- C:\Windows\system32\atmfd.dll
2009-06-17 12:50:11 ----A---- C:\Windows\system32\spwmp.dll
2009-06-17 12:50:10 ----A---- C:\Windows\system32\wmploc.DLL
2009-06-17 12:50:10 ----A---- C:\Windows\system32\dxmasf.dll
2009-06-17 12:50:09 ----A---- C:\Windows\system32\msimsg.dll
2009-06-17 12:50:09 ----A---- C:\Windows\system32\mferror.dll
2009-06-17 12:50:09 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-06-17 12:49:59 ----A---- C:\Windows\system32\wdscore.dll
2009-06-17 12:49:54 ----A---- C:\Windows\system32\drvstore.dll
2009-06-17 11:19:59 ----D---- C:\Program Files (x86)\Trend Micro
2009-06-17 00:40:44 ----D---- C:\Users\Administrator\AppData\Roaming\Malwarebytes
2009-06-17 00:40:39 ----D---- C:\ProgramData\Malwarebytes
2009-06-17 00:40:39 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-06-17 00:38:16 ----D---- C:\Users\Administrator\AppData\Roaming\Yahoo!
2009-06-17 00:38:16 ----D---- C:\ProgramData\Yahoo! Companion
2009-06-17 00:38:15 ----D---- C:\Program Files (x86)\Yahoo!
2009-06-17 00:38:13 ----D---- C:\Program Files (x86)\CCleaner
2009-06-16 16:11:19 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2009-06-12 17:09:09 ----A---- C:\Windows\system32\localspl.dll
2009-06-12 17:09:03 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-12 17:08:57 ----A---- C:\Windows\system32\mshtml.dll
2009-06-12 17:08:55 ----A---- C:\Windows\system32\iertutil.dll
2009-06-12 17:08:55 ----A---- C:\Windows\system32\ieframe.dll
2009-06-12 17:08:54 ----A---- C:\Windows\system32\wininet.dll
2009-06-12 17:08:54 ----A---- C:\Windows\system32\urlmon.dll
2009-06-12 17:08:54 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-12 17:08:53 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-12 17:08:53 ----A---- C:\Windows\system32\ieui.dll
2009-06-12 17:08:53 ----A---- C:\Windows\system32\iesetup.dll
2009-06-12 17:08:53 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-12 17:08:52 ----A---- C:\Windows\system32\iernonce.dll
2009-06-10 06:00:54 ----A---- C:\Windows\system32\sbbd.exe
2009-06-07 13:18:14 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2009-06-27 15:28:42 ----D---- C:\Windows\Prefetch
2009-06-27 15:28:39 ----D---- C:\Windows\Temp
2009-06-27 14:43:41 ----D---- C:\Windows\System32
2009-06-27 14:43:40 ----D---- C:\Windows\inf
2009-06-27 00:00:05 ----SHD---- C:\System Volume Information
2009-06-25 01:07:50 ----A---- C:\Windows\dvdSanta.INI
2009-06-25 01:00:37 ----D---- C:\Program Files (x86)\dvdSanta
2009-06-25 01:00:37 ----D---- C:\dvdsanta
2009-06-24 20:58:33 ----SD---- C:\Windows\Downloaded Program Files
2009-06-24 20:26:06 ----SHD---- C:\Windows\Installer
2009-06-24 20:26:05 ----D---- C:\ProgramData\Adobe
2009-06-24 20:25:42 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-06-24 20:25:38 ----D---- C:\Program Files (x86)\Adobe
2009-06-24 20:24:32 ----D---- C:\Windows\SysWOW64
2009-06-24 20:21:43 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2009-06-24 20:21:42 ----D---- C:\Program Files (x86)\Common Files
2009-06-24 20:19:28 ----RD---- C:\Program Files (x86)
2009-06-24 20:19:28 ----HD---- C:\ProgramData
2009-06-24 19:34:33 ----D---- C:\Windows\winsxs
2009-06-24 19:34:32 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-23 20:19:43 ----D---- C:\TempDVD
2009-06-21 00:17:31 ----D---- C:\Program Files (x86)\Java
2009-06-20 21:23:06 ----AD---- C:\Windows
2009-06-20 18:55:52 ----RD---- C:\Program Files
2009-06-20 18:38:18 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2009-06-20 18:37:55 ----D---- C:\Program Files (x86)\honestech VHS to DVD 3.0 Deluxe
2009-06-17 19:23:41 ----A---- C:\Windows\win.ini
2009-06-17 14:51:15 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-06-17 13:33:16 ----D---- C:\Windows\rescache
2009-06-17 13:31:07 ----D---- C:\Windows\Microsoft.NET
2009-06-17 13:31:01 ----RSD---- C:\Windows\assembly
2009-06-17 13:20:34 ----D---- C:\ProgramData\NVIDIA
2009-06-17 13:18:47 ----SHD---- C:\Boot
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Windows Sidebar
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Windows Media Player
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Windows Mail
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Windows Calendar
2009-06-17 13:13:02 ----D---- C:\Program Files (x86)\Common Files\System
2009-06-17 13:13:01 ----D---- C:\Windows\servicing
2009-06-17 13:13:01 ----D---- C:\Windows\ehome
2009-06-17 13:12:51 ----D---- C:\Windows\system32\XPSViewer
2009-06-17 13:12:51 ----D---- C:\Windows\system32\sk-SK
2009-06-17 13:12:51 ----D---- C:\Windows\system32\lv-LV
2009-06-17 13:12:51 ----D---- C:\Windows\system32\ko-KR
2009-06-17 13:12:51 ----D---- C:\Windows\system32\hr-HR
2009-06-17 13:12:51 ----D---- C:\Windows\system32\et-EE
2009-06-17 13:12:51 ----D---- C:\Windows\system32\en-US
2009-06-17 13:12:51 ----D---- C:\Windows\system32\da-DK
2009-06-17 13:12:50 ----D---- C:\Windows\system32\zh-TW
2009-06-17 13:12:50 ----D---- C:\Windows\system32\zh-CN
2009-06-17 13:12:50 ----D---- C:\Windows\system32\wbem
2009-06-17 13:12:50 ----D---- C:\Windows\system32\uk-UA
2009-06-17 13:12:50 ----D---- C:\Windows\system32\tr-TR
2009-06-17 13:12:50 ----D---- C:\Windows\system32\th-TH
2009-06-17 13:12:50 ----D---- C:\Windows\system32\sv-SE
2009-06-17 13:12:50 ----D---- C:\Windows\system32\sr-Latn-CS
2009-06-17 13:12:50 ----D---- C:\Windows\system32\SLUI
2009-06-17 13:12:50 ----D---- C:\Windows\system32\sl-SI
2009-06-17 13:12:50 ----D---- C:\Windows\system32\setup
2009-06-17 13:12:50 ----D---- C:\Windows\system32\ru-RU
2009-06-17 13:12:50 ----D---- C:\Windows\system32\ro-RO
2009-06-17 13:12:50 ----D---- C:\Windows\system32\pt-PT
2009-06-17 13:12:50 ----D---- C:\Windows\system32\pl-PL
2009-06-17 13:12:50 ----D---- C:\Windows\system32\oobe
2009-06-17 13:12:50 ----D---- C:\Windows\system32\migration
2009-06-17 13:12:50 ----D---- C:\Windows\system32\manifeststore
2009-06-17 13:12:50 ----D---- C:\Windows\system32\ja-JP
2009-06-17 13:12:50 ----D---- C:\Windows\system32\it-IT
2009-06-17 13:12:50 ----D---- C:\Windows\system32\hu-HU
2009-06-17 13:12:50 ----D---- C:\Windows\system32\he-IL
2009-06-17 13:12:50 ----D---- C:\Windows\system32\fr-FR
2009-06-17 13:12:50 ----D---- C:\Windows\system32\fi-FI
2009-06-17 13:12:50 ----D---- C:\Windows\system32\es-ES
2009-06-17 13:12:50 ----D---- C:\Windows\system32\en
2009-06-17 13:12:50 ----D---- C:\Windows\system32\el-GR
2009-06-17 13:12:50 ----D---- C:\Windows\system32\de-DE
2009-06-17 13:12:50 ----D---- C:\Windows\system32\cs-CZ
2009-06-17 13:12:50 ----D---- C:\Windows\system32\bg-BG
2009-06-17 13:12:50 ----D---- C:\Windows\system32\AdvancedInstallers
2009-06-17 13:12:49 ----D---- C:\Windows\system32\pt-BR
2009-06-17 13:12:49 ----D---- C:\Windows\system32\nl-NL
2009-06-17 13:12:49 ----D---- C:\Windows\system32\nb-NO
2009-06-17 13:12:49 ----D---- C:\Windows\system32\migwiz
2009-06-17 13:12:49 ----D---- C:\Windows\system32\lt-LT
2009-06-17 13:12:49 ----D---- C:\Windows\system32\ar-SA
2009-06-17 13:12:42 ----D---- C:\Windows\IME
2009-06-17 13:12:27 ----RSD---- C:\Windows\Fonts
2009-06-17 13:12:27 ----D---- C:\Windows\AppPatch
2009-06-17 11:24:21 ----D---- C:\Windows\PolicyDefinitions
2009-06-17 00:43:38 ----D---- C:\Windows\Debug
2009-06-17 00:40:40 ----D---- C:\Windows\system32\drivers
2009-06-16 18:33:34 ----D---- C:\Windows\Minidump
2009-06-14 01:42:29 ----D---- C:\Users\Administrator\AppData\Roaming\Ventrilo
2009-06-13 12:21:01 ----D---- C:\ProgramData\Xfire
2009-06-12 20:17:04 ----D---- C:\ProgramData\Microsoft Help
2009-06-03 21:30:00 ----D---- C:\Program Files (x86)\World of Warcraft
2009-06-02 20:06:11 ----D---- C:\Users\Administrator\AppData\Roaming\Xfire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 sbtis;sbtis; C:\Windows\system32\drivers\sbtis.sys []
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys []
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys []
R2 sbapifs;sbapifs; C:\Windows\system32\DRIVERS\sbapifs.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-03-18 120768]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\GamezEventos\GameGuard\dump_wmimmc.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28ux.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
S3 USB28xxBGA;USB2.0 VIDBOX NW03; C:\Windows\system32\DRIVERS\emBDA64.sys []
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM64.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2008-09-08 726016]
R2 LinksysUpdater;Linksys Updater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-05-08 204800]
R2 nmservice;Pure Networks Platform Service; C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2008-09-08 221696]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBAMSvc;VIPRE Antivirus + Antispyware; C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2009-06-10 980264]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-29 89920]
S3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-02-23 2790138]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-01-17 316664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
SpySentinel
post Jun 28 2009, 02:42 PM
Post #15


Trusted
Group Icon

Group: Malware Team
Posts: 554
Joined: 26-January 08
From: The United States
Member No.: 76,329
Operating System: Windows XP SP2
Your log looks clean, Great Job thumbup.gif

Now for some cleanup..
Please download OTC and save it to Desktop.
  • Please make sure you are connecting to the Internet
  • Double-click OTC.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

Disabling System Restore
WARNING: By disabling system restore you will delete all stored restore points and shadow copies of documents on your computer.
To disable System Restore you would follow these steps:
  • Click on the Start button to open Start Menu.
  • Click on Control Panel
  • Click on System and Maintenance
  • Click on System
  • Click on System Protection in the left-hand task list.
  • Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section. When you uncheck a disk you will be presented with the following screen.
  • You should click on the Turn System Protection Off button.
  • Press the Apply button and then the OK button.

System Restore is now disabled.

Enabling System Restore
By default System Restore is enabled on Windows Vista. To enable System Restore:
  • Click on the Start button
  • Click on the Control Panel menu option.
  • Click on System and Maintenance
  • Click on System
  • Click on System Protection in the left-hand task list.
  • Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
  • Press the Apply button and then the OK button.

System Restore is now enabled again.


  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

    • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

      No Firewall Onboard

      You don't seem to have a firewall program installed. Using a firewall will allow you to allow/deny access for applications that want to go online. Select one of these, or another of your choice:


    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    • Install SpywareGuard - SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

    • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    here are some additional utilities that will enhance your safety

    • McAfee Site Advisor <= McAfee Site Advisor protects your browser against malicious sites and warns you when you go to one.
    • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
    • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
      Using Winpatrol to protect your computer from malicious software
    Go to the top of the page
     
    +Quote Post
    « Next Oldest · Infections Removal · Next Newest »
     

    2 Pages V   1 2 >
    		Closed TopicStart new topic
    1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
    0 Members:

     
    RSS Time is now: 7th November 2009 - 10:22 AM
    Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
    Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
    Memory Forums | Auto Repair Forum
    © Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
    Powered By IP.Board © 2009  IPS, Inc.