Jump to content


Photo

Hacked By Xtreme Rat


  • This topic is locked This topic is locked
20 replies to this topic

#1 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 07 December 2011 - 02:45 PM

For a few days my comp (win7) has been behaving strangely, like a corrupted windows install, but I've also been trying to overclock and tweak settings. It was when I noticed multiple instances of explorer and other processes I ran Malwarebytes, and it detected XTREME RAT, a trojan, and a few other files. I immediately removed them and rebooted. I have read the post about what to do prior to posting here. So, per the rules, I've run Dr. Web, it found a trojan for my start page (but I'm using Lion OS skin pack, so not sure if false pos), quarantined. I've ran Bit defender (came up clean) and Fsecure found this:

TrackingCookie.2o7 (spyware)
  • System (Disinfected)
TrackingCookie.Liveperson (spyware)
  • System (Disinfected)
HijackThis finds A LOT, and I'm really worried that someone has had control of my system for a while now. My accounts (internet and phone) have been compromised. Someone please advise. Here is the log (dated two months back)



Logfile of random's system information tool 1.09 (written by random/random)
Run by mog at 2011-12-07 11:44:34
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 196 GB (54%) free of 360 GB
Total RAM: 3072 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:39 AM, on 12/7/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Pale Moon\palemoon.exe
C:\Program Files\Pale Moon\plugin-container.exe
C:\Program Files\Pale Moon\plugin-container.exe
C:\Program Files\Pale Moon\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\mog\Desktop\RSIT.exe
C:\Program Files\trend micro\mog.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?...o=102868&gct=hp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe" /LaunchType=Auto /LaunchApps=Common
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [Desktop Coral] "C:\Windows\Lion Skin Pack\DesktopCoral\DesktopCoral.exe" /autorun
O4 - HKCU\..\Run: [RemoteHelper] C:\Program Files\Remote HD\Remote Helper\RemoteHelper.exe
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Dropbox.lnk = mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\bin\Dropbox.exe
O4 - Global User Startup: Dropbox.lnk = mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Smart Suggestor - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra 'Tools' menuitem: Smart Suggestor options - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 8474 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.ask.com/?...?l=dis&o=14776"
prefs.js - "keyword.URL" - "http://www.bing.com/...te=20111022&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml.old
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\extensions\
{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}

C:\Users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\searchplugins\
askcom.xml
bing-zugo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}]
Fast Search - C:\Program Files\Surf Canyon\surfcanyon.dll [2011-09-21 160392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}]
Smart Suggestor - C:\Program Files\Smart Suggestor\SmartSuggestor.dll [2011-09-05 138032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-09-06 806456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"=C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [2011-11-18 897536]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-11-13 421736]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2010-12-13 135536]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2011-03-25 129648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]
"Trend Micro RUBotted V2.0 Beta"=C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [2010-12-17 1103184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Desktop Coral"=C:\Windows\Lion Skin Pack\DesktopCoral\DesktopCoral.exe [2011-01-16 2387456]
"RemoteHelper"=C:\Program Files\Remote HD\Remote Helper\RemoteHelper.exe [2011-02-14 586752]
"Copernic Desktop Search - Home"=C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2011-11-22 1648600]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-13 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
c:\program files\copernic desktop search - home\desktopsearchservice.exe [2011-11-22 1648600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeskDriveStartup]
C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe [2009-12-05 66048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Coral]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
c:\program files\easeus\todo backup\bin\traynotify.exe [2011-10-21 743560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
c:\program files\microsoft intellipoint\ipoint.exe [2011-08-01 1821576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
c:\program files\microsoft intellitype pro\itype.exe [2009-11-11 1505144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files\ManyCam\Bin\ManyCam.exe [2011-09-29 1756232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-07-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteHelper]
c:\program files\remote hd\remote helper\remotehelper.exe [2011-02-14 586752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
c:\windows\system32\stikynot.exe [2009-07-13 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xwidget]
C:\WINDOWS\LION SKIN PACK\XWIDGET\XWIDGET.EXE [2011-10-11 4752896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskDrive.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
C:\Windows\LIONSK~1\FINDER~1\FINDER~1.EXE [2011-08-15 663599]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
C:\Windows\LIONSK~1\ROCKET~1\ROCKET~1.EXE [2007-09-02 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk]
C:\Windows\LIONSK~1\tClock\Clock.exe [2011-03-13 243200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
[]

C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\bin\Dropbox.exe

C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=5
"EnableInstallerDetection"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000
"NoResolveSearch"=1
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"vidc.iv50"=ir50_32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"mixer7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 2 months======

2011-12-07 11:31:51 ----D---- C:\Users\mog\AppData\Roaming\f-secure
2011-12-07 11:31:39 ----D---- C:\ProgramData\F-Secure
2011-12-07 11:12:05 ----D---- C:\Program Files\ESET
2011-12-07 10:05:27 ----D---- C:\rsit
2011-12-07 07:59:42 ----D---- C:\ProgramData\Trend Micro
2011-12-07 07:49:23 ----D---- C:\Program Files\WinPcap
2011-12-07 07:44:24 ----D---- C:\Program Files\GridinSoft Trojan Killer
2011-12-07 06:01:11 ----HD---- C:\Windows\PIF
2011-12-07 04:14:02 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-12-07 04:08:11 ----D---- C:\Program Files\Trend Micro
2011-12-06 18:03:53 ----A---- C:\Windows\ntbtlog.txt
2011-12-06 11:45:39 ----D---- C:\Program Files\Recuva
2011-12-06 11:45:30 ----D---- C:\Windows\InstallDir
2011-12-06 11:45:22 ----D---- C:\Extracted
2011-12-06 05:31:37 ----D---- C:\Program Files\ReClock
2011-12-05 12:47:43 ----D---- C:\Windows\Java
2011-12-05 12:44:45 ----D---- C:\ProgramData\Yahoo!
2011-12-05 12:44:38 ----D---- C:\Program Files\Yahoo!
2011-12-04 23:07:25 ----D---- C:\Users\mog\AppData\Roaming\Winamp
2011-12-04 16:08:05 ----D---- C:\Users\mog\AppData\Roaming\VMware
2011-12-04 15:27:19 ----A---- C:\Windows\system32\vmnetdhcp.exe
2011-12-04 15:27:12 ----A---- C:\Windows\system32\vmnat.exe
2011-12-04 15:27:12 ----A---- C:\Windows\system32\drivers\vmnetuserif.sys
2011-12-04 15:26:49 ----A---- C:\Windows\system32\vnetlib.dll
2011-12-04 15:25:31 ----A---- C:\Windows\system32\drivers\VMkbd.sys
2011-12-04 15:23:46 ----D---- C:\Program Files\Common Files\VMware
2011-12-04 15:21:35 ----D---- C:\ProgramData\VMware
2011-12-04 15:21:34 ----D---- C:\Program Files\VMware
2011-12-04 14:44:09 ----D---- C:\Program Files\WinArchiver
2011-12-04 14:35:38 ----D---- C:\Users\mog\AppData\Roaming\Ashampoo
2011-12-04 14:34:31 ----D---- C:\ProgramData\ashampoo
2011-12-04 14:12:26 ----D---- C:\Program Files\Ashampoo
2011-12-04 13:57:51 ----A---- C:\Windows\system32\drivers\mcdbus.sys
2011-12-02 10:04:57 ----A---- C:\Windows\system32\drivers\entech.sys
2011-12-02 10:04:12 ----D---- C:\Program Files\AquaMark3
2011-12-02 03:58:01 ----D---- C:\Users\mog\AppData\Roaming\Lunascape
2011-12-02 03:57:12 ----D---- C:\Program Files\Lunascape
2011-12-01 23:47:43 ----D---- C:\Users\mog\AppData\Roaming\Echo FireWire Console
2011-12-01 23:41:39 ----D---- C:\Program Files\Echo FireWire
2011-12-01 12:57:57 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2011-12-01 08:38:50 ----D---- C:\Windows\Minidump
2011-12-01 07:29:53 ----D---- C:\Program Files\Microsoft LifeCam
2011-12-01 07:21:54 ----A---- C:\Windows\system32\OpenCL.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\nvoglv32.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\nvgenco322060.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\nvdispco3220140.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\nvcuvid.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-12-01 07:21:54 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-12-01 07:21:53 ----A---- C:\Windows\system32\nvcuda.dll
2011-12-01 07:21:52 ----A---- C:\Windows\system32\nvcompiler.dll
2011-12-01 07:09:26 ----D---- C:\Program Files\Driver-Soft
2011-12-01 04:27:43 ----D---- C:\Program Files\Defraggler
2011-12-01 01:31:13 ----A---- C:\Windows\system32\GEARAspi.dll
2011-12-01 01:31:13 ----A---- C:\Windows\system32\drivers\GEARAspiWDM.sys
2011-12-01 01:18:52 ----D---- C:\Users\mog\AppData\Roaming\Spotify
2011-11-30 10:55:08 ----A---- C:\Windows\system32\FNTCACHE.DAT
2011-11-30 04:25:52 ----D---- C:\Program Files\ManyCam
2011-11-29 23:53:23 ----A---- C:\Windows\system32\xpsrchvw.exe
2011-11-29 23:53:21 ----A---- C:\Windows\system32\StikyNot.exe
2011-11-29 23:53:21 ----A---- C:\Windows\system32\SoundRecorder.exe
2011-11-29 23:53:20 ----A---- C:\Windows\system32\SnippingTool.exe
2011-11-29 23:53:20 ----A---- C:\Windows\system32\rstrui.exe
2011-11-29 23:53:20 ----A---- C:\Windows\system32\recdisc.exe
2011-11-29 23:53:17 ----A---- C:\Windows\system32\osk.exe
2011-11-29 23:53:17 ----A---- C:\Windows\system32\notepad.exe
2011-11-29 23:53:16 ----A---- C:\Windows\system32\Narrator.exe
2011-11-29 23:53:16 ----A---- C:\Windows\system32\mstsc.exe
2011-11-29 23:53:15 ----A---- C:\Windows\system32\msra.exe
2011-11-29 23:53:14 ----A---- C:\Windows\system32\mspaint.exe
2011-11-29 23:53:14 ----A---- C:\Windows\system32\msinfo32.exe
2011-11-29 23:53:13 ----A---- C:\Windows\system32\msconfig.exe
2011-11-29 23:53:13 ----A---- C:\Windows\system32\mobsync.exe
2011-11-29 23:53:12 ----A---- C:\Windows\system32\MdSched.exe
2011-11-29 23:53:11 ----A---- C:\Windows\system32\mblctr.exe
2011-11-29 23:53:11 ----A---- C:\Windows\system32\Magnify.exe
2011-11-29 23:53:10 ----A---- C:\Windows\explorer.exe
2011-11-29 23:53:09 ----A---- C:\Windows\system32\eudcedit.exe
2011-11-29 23:53:08 ----A---- C:\Windows\system32\DisplaySwitch.exe
2011-11-29 23:53:08 ----A---- C:\Windows\system32\dfrgui.exe
2011-11-29 23:53:07 ----A---- C:\Windows\system32\control.exe
2011-11-29 23:53:07 ----A---- C:\Windows\system32\colorcpl.exe
2011-11-29 23:53:06 ----A---- C:\Windows\system32\cleanmgr.exe
2011-11-29 23:53:06 ----A---- C:\Windows\system32\charmap.exe
2011-11-29 23:53:05 ----A---- C:\Windows\system32\taskmgr.exe
2011-11-29 23:53:05 ----A---- C:\Windows\system32\calc.exe
2011-11-29 23:53:04 ----A---- C:\Windows\system32\SndVol.exe
2011-11-29 23:53:03 ----A---- C:\Windows\system32\wmploc.DLL
2011-11-29 23:53:02 ----A---- C:\Windows\system32\wucltux.dll
2011-11-29 23:53:01 ----A---- C:\Windows\system32\wsecedit.dll
2011-11-29 23:53:01 ----A---- C:\Windows\system32\wpccpl.dll
2011-11-29 23:53:00 ----A---- C:\Windows\system32\wdc.dll
2011-11-29 23:53:00 ----A---- C:\Windows\system32\Vault.dll
2011-11-29 23:52:59 ----A---- C:\Windows\system32\usercpl.dll
2011-11-29 23:52:58 ----A---- C:\Windows\system32\TSWorkspace.dll
2011-11-29 23:52:58 ----A---- C:\Windows\system32\themecpl.dll
2011-11-29 23:52:57 ----A---- C:\Windows\system32\taskbarcpl.dll
2011-11-29 23:52:56 ----A---- C:\Windows\system32\SyncCenter.dll
2011-11-29 23:52:56 ----A---- C:\Windows\system32\srchadmin.dll
2011-11-29 23:52:53 ----A---- C:\Windows\system32\shell32.dll
2011-11-29 23:52:52 ----A---- C:\Windows\system32\SensorsCpl.dll
2011-11-29 23:52:51 ----A---- C:\Windows\system32\sdcpl.dll
2011-11-29 23:52:51 ----A---- C:\Windows\system32\powercpl.dll
2011-11-29 23:52:50 ----A---- C:\Windows\system32\pmcsnap.dll
2011-11-29 23:52:50 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2011-11-29 23:52:49 ----A---- C:\Windows\system32\OobeFldr.dll
2011-11-29 23:52:49 ----A---- C:\Windows\system32\odbcint.dll
2011-11-29 23:52:48 ----A---- C:\Windows\system32\networkexplorer.dll
2011-11-29 23:52:48 ----A---- C:\Windows\system32\NetProjW.dll
2011-11-29 23:52:47 ----A---- C:\Windows\system32\netcenter.dll
2011-11-29 23:52:46 ----A---- C:\Windows\system32\mycomput.dll
2011-11-29 23:52:45 ----A---- C:\Windows\system32\miguiresource.dll
2011-11-29 23:52:45 ----A---- C:\Windows\system32\iscsicpl.dll
2011-11-29 23:52:39 ----A---- C:\Windows\system32\imageres.dll
2011-11-29 23:52:38 ----A---- C:\Windows\system32\ieframe.dll
2011-11-29 23:52:37 ----A---- C:\Windows\system32\gameux.dll
2011-11-29 23:52:37 ----A---- C:\Windows\system32\fvecpl.dll
2011-11-29 23:52:36 ----A---- C:\Windows\system32\fontext.dll
2011-11-29 23:52:35 ----A---- C:\Windows\system32\FirewallControlPanel.dll
2011-11-29 23:52:35 ----A---- C:\Windows\system32\filemgmt.dll
2011-11-29 23:52:34 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-11-29 23:52:34 ----A---- C:\Windows\system32\Display.dll
2011-11-29 23:52:33 ----A---- C:\Windows\system32\DiagCpl.dll
2011-11-29 23:52:32 ----A---- C:\Windows\system32\devmgr.dll
2011-11-29 23:52:31 ----A---- C:\Windows\system32\DeviceCenter.dll
2011-11-29 23:52:30 ----A---- C:\Windows\system32\DDORes.dll
2011-11-29 23:52:30 ----A---- C:\Windows\system32\comres.dll
2011-11-29 23:52:29 ----A---- C:\Windows\system32\autoplay.dll
2011-11-29 23:52:28 ----A---- C:\Windows\system32\AuthFWGP.dll
2011-11-29 23:52:28 ----A---- C:\Windows\system32\ActionCenterCPL.dll
2011-11-29 23:52:27 ----A---- C:\Windows\system32\accessibilitycpl.dll
2011-11-29 23:52:26 ----A---- C:\Windows\system32\stobject.dll
2011-11-29 23:52:26 ----A---- C:\Windows\system32\SndVolSSO.dll
2011-11-29 23:52:25 ----A---- C:\Windows\system32\pnidui.dll
2011-11-29 23:52:24 ----A---- C:\Windows\system32\mydocs.dll
2011-11-29 23:52:23 ----A---- C:\Windows\system32\batmeter.dll
2011-11-29 23:52:21 ----A---- C:\Windows\system32\pnpui.dll
2011-11-29 23:52:21 ----A---- C:\Windows\system32\authui.dll
2011-11-29 23:52:20 ----A---- C:\Windows\system32\netshell.dll
2011-11-29 23:52:19 ----A---- C:\Windows\system32\mmres.dll
2011-11-29 23:52:19 ----A---- C:\Windows\system32\imagesp1.dll
2011-11-29 23:52:18 ----A---- C:\Windows\system32\hotplug.dll
2011-11-29 23:52:17 ----A---- C:\Windows\system32\ActionCenter.dll
2011-11-29 20:38:38 ----D---- C:\Program Files\MiniTool Partition Wizard Home Edition 7.0
2011-11-29 20:33:47 ----D---- C:\Program Files\MagicDisc
2011-11-29 07:43:05 ----D---- C:\Program Files\iPod
2011-11-29 07:43:02 ----D---- C:\Program Files\iTunes
2011-11-25 15:05:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-11-25 12:52:36 ----SHD---- C:\BOOT
2011-11-25 09:58:03 ----HD---- C:\Windows\Lion Skin Pack
2011-11-25 06:05:49 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2011-11-25 06:05:48 ----A---- C:\Windows\system32\drivers\aswSP.sys
2011-11-25 06:05:46 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2011-11-25 06:05:45 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2011-11-25 06:05:43 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2011-11-25 06:05:42 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2011-11-25 06:05:31 ----A---- C:\Windows\avastSS.scr
2011-11-25 06:05:30 ----A---- C:\Windows\system32\aswBoot.exe
2011-11-25 06:05:22 ----D---- C:\ProgramData\AVAST Software
2011-11-25 06:05:22 ----D---- C:\Program Files\AVAST Software
2011-11-25 04:09:28 ----ASH---- C:\EUMONBMP.SYS
2011-11-25 04:09:08 ----A---- C:\Windows\system32\LogVss.txt
2011-11-25 04:09:08 ----A---- C:\Windows\system32\LogMsg.txt
2011-11-25 04:08:58 ----D---- C:\Program Files\Surf Canyon
2011-11-25 04:02:16 ----A---- C:\Windows\system32\drivers\EuFdDisk.sys
2011-11-25 04:02:16 ----A---- C:\Windows\system32\drivers\eudskacs.sys
2011-11-25 04:02:15 ----A---- C:\Windows\system32\drivers\eubakup.sys
2011-11-25 04:02:13 ----A---- C:\Windows\system32\drivers\EUBKMON.sys
2011-11-25 03:58:53 ----A---- C:\Windows\system32\fbnative.exe
2011-11-25 03:58:09 ----D---- C:\Program Files\EaseUS
2011-11-25 01:34:33 ----A---- C:\Hardware.txt
2011-11-25 01:16:54 ----A---- C:\Windows\system32\xmllite.dll
2011-11-25 01:16:36 ----A---- C:\Windows\system32\fsutil.exe
2011-11-25 01:16:36 ----A---- C:\Windows\system32\esent.dll
2011-11-25 01:16:36 ----A---- C:\Windows\system32\drivers\storport.sys
2011-11-25 01:16:36 ----A---- C:\Windows\system32\drivers\ntfs.sys
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\USBSTOR.SYS
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\nvstor.sys
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\nvraid.sys
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\iaStorV.sys
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\amdxata.sys
2011-11-25 01:16:35 ----A---- C:\Windows\system32\drivers\amdsata.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbport.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbohci.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbhub.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbehci.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbd.sys
2011-11-25 01:16:03 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2011-11-25 01:15:45 ----A---- C:\Windows\system32\tquery.dll
2011-11-25 01:15:45 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-11-25 01:15:45 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-11-25 01:15:45 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-11-25 01:15:45 ----A---- C:\Windows\system32\mssvp.dll
2011-11-25 01:15:45 ----A---- C:\Windows\system32\mssrch.dll
2011-11-25 01:15:45 ----A---- C:\Windows\system32\mssphtb.dll
2011-11-25 01:15:45 ----A---- C:\Windows\system32\mssph.dll
2011-11-25 01:15:45 ----A---- C:\Windows\system32\msscntrs.dll
2011-11-25 01:15:02 ----A---- C:\Windows\system32\d3d10_1.dll
2011-11-25 01:14:46 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-11-25 01:14:35 ----A---- C:\Windows\system32\XpsPrint.dll
2011-11-25 01:13:46 ----A---- C:\Windows\system32\prevhost.exe
2011-11-25 01:13:20 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-11-25 01:12:56 ----A---- C:\Windows\system32\DWrite.dll
2011-11-25 01:12:56 ----A---- C:\Windows\system32\d2d1.dll
2011-11-25 01:12:55 ----A---- C:\Windows\system32\FntCache.dll
2011-11-25 01:11:53 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-11-25 01:10:45 ----A---- C:\Windows\system32\RegistryDefragBootTime.exe
2011-11-24 13:20:29 ----D---- C:\Users\mog\AppData\Roaming\WinRAR
2011-11-24 13:19:00 ----D---- C:\Program Files\WinRAR
2011-11-24 13:14:56 ----D---- C:\ProgramData\IObit
2011-11-24 13:13:39 ----D---- C:\Users\mog\AppData\Roaming\IObit
2011-11-24 13:13:23 ----D---- C:\Program Files\IObit
2011-11-24 13:09:56 ----A---- C:\Program Files\Winrar_4.10_32bit.exe
2011-11-24 08:27:41 ----D---- C:\Users\mog\AppData\Roaming\XWindows Dock
2011-11-24 08:27:21 ----D---- C:\Program Files\XWindows Dock
2011-11-24 08:05:32 ----D---- C:\Program Files\Adobe
2011-11-23 23:15:55 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2011-11-23 23:15:54 ----A---- C:\Windows\system32\D3DX9_42.dll
2011-11-23 22:25:35 ----A---- C:\Windows\system32\tzres.dll
2011-11-23 21:45:48 ----D---- C:\Windows\system32\SPReview
2011-11-23 21:40:46 ----A---- C:\Windows\system32\dfshim.dll
2011-11-23 21:40:42 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-11-23 21:40:42 ----A---- C:\Windows\system32\LSCSHostPolicy.dll
2011-11-23 21:40:42 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2011-11-23 21:40:41 ----A---- C:\Windows\system32\mstscax.dll
2011-11-23 21:40:39 ----A---- C:\Windows\system32\d3d10warp.dll
2011-11-23 21:40:38 ----A---- C:\Windows\system32\tssrvlic.dll
2011-11-23 21:40:38 ----A---- C:\Windows\system32\RDVGHelper.exe
2011-11-23 21:40:38 ----A---- C:\Windows\system32\rdpcorets.dll
2011-11-23 21:40:38 ----A---- C:\Windows\system32\mfc40u.dll
2011-11-23 21:40:38 ----A---- C:\Windows\system32\mfc40.dll
2011-11-23 21:40:37 ----A---- C:\Windows\system32\sysmain.dll
2011-11-23 21:40:37 ----A---- C:\Windows\system32\secproc_isv.dll
2011-11-23 21:40:36 ----A---- C:\Windows\system32\secproc.dll
2011-11-23 21:40:36 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-11-23 21:40:35 ----A---- C:\Windows\system32\RMActivate.exe
2011-11-23 21:40:34 ----A---- C:\Windows\system32\spwizui.dll
2011-11-23 21:40:34 ----A---- C:\Windows\system32\mscoree.dll
2011-11-23 21:40:33 ----A---- C:\Windows\system32\mf.dll
2011-11-23 21:40:33 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2011-11-23 21:40:32 ----A---- C:\Windows\system32\wmp.dll
2011-11-23 21:40:32 ----A---- C:\Windows\system32\iertutil.dll
2011-11-23 21:40:32 ----A---- C:\Windows\system32\CertEnroll.dll
2011-11-23 21:40:31 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-11-23 21:40:31 ----A---- C:\Windows\system32\PresentationHost.exe
2011-11-23 21:40:31 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2011-11-23 21:40:30 ----A---- C:\Windows\system32\schedsvc.dll
2011-11-23 21:40:30 ----A---- C:\Windows\system32\drivers\hwpolicy.sys
2011-11-23 21:40:29 ----A---- C:\Windows\system32\RacEngn.dll
2011-11-23 21:40:28 ----A---- C:\Windows\system32\ntdll.dll
2011-11-23 21:40:28 ----A---- C:\Windows\system32\AuthFWSnapin.dll
2011-11-23 21:40:27 ----A---- C:\Windows\system32\wininet.dll
2011-11-23 21:40:27 ----A---- C:\Windows\system32\rdpudd.dll
2011-11-23 21:40:27 ----A---- C:\Windows\system32\rdpdd.dll
2011-11-23 21:40:27 ----A---- C:\Windows\system32\qmgr.dll
2011-11-23 21:40:26 ----A---- C:\Windows\system32\wevtsvc.dll
2011-11-23 21:40:26 ----A---- C:\Windows\system32\urlmon.dll
2011-11-23 21:40:26 ----A---- C:\Windows\system32\ole32.dll
2011-11-23 21:40:25 ----A---- C:\Windows\system32\vssapi.dll
2011-11-23 21:40:25 ----A---- C:\Windows\system32\SearchFolder.dll
2011-11-23 21:40:25 ----A---- C:\Windows\system32\d3d9.dll
2011-11-23 21:40:24 ----A---- C:\Windows\system32\taskschd.dll
2011-11-23 21:40:24 ----A---- C:\Windows\system32\IKEEXT.DLL
2011-11-23 21:40:24 ----A---- C:\Windows\system32\crypt32.dll
2011-11-23 21:40:22 ----A---- C:\Windows\system32\spreview.exe
2011-11-23 21:40:22 ----A---- C:\Windows\system32\PushPrinterConnections.exe
2011-11-23 21:40:21 ----A---- C:\Windows\system32\termsrv.dll
2011-11-23 21:40:21 ----A---- C:\Windows\system32\spinstall.exe
2011-11-23 21:40:20 ----A---- C:\Windows\system32\wer.dll
2011-11-23 21:40:20 ----A---- C:\Windows\system32\certcli.dll
2011-11-23 21:40:19 ----A---- C:\Windows\system32\rpcrt4.dll
2011-11-23 21:40:19 ----A---- C:\Windows\system32\msxml6.dll
2011-11-23 21:40:19 ----A---- C:\Windows\system32\lsasrv.dll
2011-11-23 21:40:19 ----A---- C:\Windows\system32\gpsvc.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\wbengine.exe
2011-11-23 21:40:18 ----A---- C:\Windows\system32\scavengeui.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\odbc32.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\mstime.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\MPSSVC.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\dwmcore.dll
2011-11-23 21:40:18 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-11-23 21:40:18 ----A---- C:\Windows\system32\diagperf.dll
2011-11-23 21:40:17 ----A---- C:\Windows\system32\WinSAT.exe
2011-11-23 21:40:17 ----A---- C:\Windows\system32\umrdp.dll
2011-11-23 21:40:17 ----A---- C:\Windows\system32\tsmf.dll
2011-11-23 21:40:17 ----A---- C:\Windows\system32\quartz.dll
2011-11-23 21:40:17 ----A---- C:\Windows\system32\localspl.dll
2011-11-23 21:40:17 ----A---- C:\Windows\system32\dot3api.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\winhttp.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\setupapi.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\MSVidCtl.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\msfeeds.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\iedkcs32.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\dbgeng.dll
2011-11-23 21:40:16 ----A---- C:\Windows\system32\apphelp.dll
2011-11-23 21:40:15 ----A---- C:\Windows\system32\WindowsCodecs.dll
2011-11-23 21:40:15 ----A---- C:\Windows\system32\VSSVC.exe
2011-11-23 21:40:15 ----A---- C:\Windows\system32\rdpshell.exe
2011-11-23 21:40:15 ----A---- C:\Windows\system32\netlogon.dll
2011-11-23 21:40:15 ----A---- C:\Windows\system32\netcfgx.dll
2011-11-23 21:40:15 ----A---- C:\Windows\system32\d3d11.dll
2011-11-23 21:40:14 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-11-23 21:40:14 ----A---- C:\Windows\system32\winlogon.exe
2011-11-23 21:40:14 ----A---- C:\Windows\system32\webio.dll
2011-11-23 21:40:14 ----A---- C:\Windows\system32\user32.dll
2011-11-23 21:40:14 ----A---- C:\Windows\system32\Query.dll
2011-11-23 21:40:14 ----A---- C:\Windows\system32\gpprefcl.dll
2011-11-23 21:40:14 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2011-11-23 21:40:13 ----A---- C:\Windows\system32\WsmSvc.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\upnp.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\schannel.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\netfxperf.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\msv1_0.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\mmcndmgr.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\lsm.exe
2011-11-23 21:40:13 ----A---- C:\Windows\system32\DShowRdpFilter.dll
2011-11-23 21:40:13 ----A---- C:\Windows\system32\drivers\csc.sys
2011-11-23 21:40:13 ----A---- C:\Windows\system32\advapi32.dll
2011-11-23 21:40:12 ----A---- C:\Windows\system32\sppobjs.dll
2011-11-23 21:40:12 ----A---- C:\Windows\system32\SessEnv.dll
2011-11-23 21:40:12 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2011-11-23 21:40:12 ----A---- C:\Windows\system32\msdrm.dll
2011-11-23 21:40:12 ----A---- C:\Windows\system32\imapi2fs.dll
2011-11-23 21:40:11 ----A---- C:\Windows\system32\usp10.dll
2011-11-23 21:40:11 ----A---- C:\Windows\system32\shlwapi.dll
2011-11-23 21:40:11 ----A---- C:\Windows\system32\mcbuilder.exe
2011-11-23 21:40:10 ----A---- C:\Windows\system32\xpsservices.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\winload~4.exe
2011-11-23 21:40:10 ----A---- C:\Windows\system32\winload.exe
2011-11-23 21:40:10 ----A---- C:\Windows\system32\WebClnt.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\userenv.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\drvstore.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\certmgr.dll
2011-11-23 21:40:10 ----A---- C:\Windows\system32\audiosrv.dll
2011-11-23 21:40:09 ----A---- C:\Windows\system32\sppwinob.dll
2011-11-23 21:40:09 ----A---- C:\Windows\system32\rpcss.dll
2011-11-23 21:40:09 ----A---- C:\Windows\system32\iphlpsvc.dll
2011-11-23 21:40:09 ----A---- C:\Windows\system32\comdlg32.dll
2011-11-23 21:40:09 ----A---- C:\Windows\system32\cmd.exe
2011-11-23 21:40:08 ----A---- C:\Windows\system32\wuaueng.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\Wldap32.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\win32spl.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\samsrv.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\rdpendp.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\propsys.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\nlasvc.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\mfds.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\framedynos.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\drivers\volsnap.sys
2011-11-23 21:40:08 ----A---- C:\Windows\system32\drivers\ndis.sys
2011-11-23 21:40:08 ----A---- C:\Windows\system32\cscsvc.dll
2011-11-23 21:40:08 ----A---- C:\Windows\system32\BFE.DLL
2011-11-23 21:40:07 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-11-23 21:40:07 ----A---- C:\Windows\system32\winresume~4.exe
2011-11-23 21:40:07 ----A---- C:\Windows\system32\winresume.exe
2011-11-23 21:40:07 ----A---- C:\Windows\system32\werconcpl.dll
2011-11-23 21:40:07 ----A---- C:\Windows\system32\rdpclip.exe
2011-11-23 21:40:07 ----A---- C:\Windows\system32\profsvc.dll
2011-11-23 21:40:07 ----A---- C:\Windows\system32\ncsi.dll
2011-11-23 21:40:07 ----A---- C:\Windows\system32\drivers\netio.sys
2011-11-23 21:40:07 ----A---- C:\Windows\system32\azroles.dll
2011-11-23 21:40:07 ----A---- C:\Windows\system32\appmgr.dll
2011-11-23 21:40:06 ----A---- C:\Windows\system32\themeui.dll
2011-11-23 21:40:06 ----A---- C:\Windows\system32\taskeng.exe
2011-11-23 21:40:06 ----A---- C:\Windows\system32\spp.dll
2011-11-23 21:40:06 ----A---- C:\Windows\system32\mswsock.dll
2011-11-23 21:40:06 ----A---- C:\Windows\system32\drivers\http.sys
2011-11-23 21:40:06 ----A---- C:\Windows\system32\dhcpcore.dll
2011-11-23 21:40:06 ----A---- C:\Windows\system32\credui.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\wintrust.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\taskcomp.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\msxml3.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\dxgi.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\dbghelp.dll
2011-11-23 21:40:05 ----A---- C:\Windows\system32\basecsp.dll
2011-11-23 21:40:04 ----A---- C:\Windows\system32\WinSATAPI.dll
2011-11-23 21:40:04 ----A---- C:\Windows\system32\spoolsv.exe
2011-11-23 21:40:04 ----A---- C:\Windows\system32\rdpinit.exe
2011-11-23 21:40:04 ----A---- C:\Windows\system32\QAGENTRT.DLL
2011-11-23 21:40:04 ----A---- C:\Windows\system32\gdi32.dll
2011-11-23 21:40:04 ----A---- C:\Windows\system32\evr.dll
2011-11-23 21:40:04 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2011-11-23 21:40:04 ----A---- C:\Windows\system32\drivers\1394ohci.sys
2011-11-23 21:40:03 ----A---- C:\Windows\system32\vpnike.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\UIRibbon.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\tspubwmi.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\sxs.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\srvsvc.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\sqlsrv32.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\lpksetup.exe
2011-11-23 21:40:03 ----A---- C:\Windows\system32\fveapi.dll
2011-11-23 21:40:03 ----A---- C:\Windows\system32\cryptsvc.dll
2011-11-23 21:40:02 ----A---- C:\Windows\system32\ws2_32.dll
2011-11-23 21:40:02 ----A---- C:\Windows\system32\prncache.dll
2011-11-23 21:40:02 ----A---- C:\Windows\system32\printui.dll
2011-11-23 21:40:02 ----A---- C:\Windows\system32\ie4uinit.exe
2011-11-23 21:40:02 ----A---- C:\Windows\system32\hgprint.dll
2011-11-23 21:40:02 ----A---- C:\Windows\system32\drivers\rdbss.sys
2011-11-23 21:40:02 ----A---- C:\Windows\system32\drivers\msdsm.sys
2011-11-23 21:40:02 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-11-23 21:40:02 ----A---- C:\Windows\system32\comctl32.dll
2011-11-23 21:40:01 ----A---- C:\Windows\system32\msi.dll
2011-11-23 21:40:01 ----A---- C:\Windows\system32\dps.dll
2011-11-23 21:40:00 ----A---- C:\Windows\system32\WSDApi.dll
2011-11-23 21:40:00 ----A---- C:\Windows\system32\wmpeffects.dll
2011-11-23 21:40:00 ----A---- C:\Windows\system32\rpchttp.dll
2011-11-23 21:40:00 ----A---- C:\Windows\system32\net1.exe
2011-11-23 21:40:00 ----A---- C:\Windows\system32\drivers\vmbus.sys
2011-11-23 21:40:00 ----A---- C:\Windows\system32\ci.dll
2011-11-23 21:40:00 ----A---- C:\Windows\system32\aitagent.exe
2011-11-23 21:40:00 ----A---- C:\Windows\system32\aepdu.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\WMVCORE.DLL
2011-11-23 21:39:59 ----A---- C:\Windows\system32\wlangpui.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\vds.exe
2011-11-23 21:39:59 ----A---- C:\Windows\system32\scansetting.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\QSHVHOST.DLL
2011-11-23 21:39:59 ----A---- C:\Windows\system32\MMDevAPI.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\drivers\pci.sys
2011-11-23 21:39:59 ----A---- C:\Windows\system32\davclnt.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\consent.exe
2011-11-23 21:39:59 ----A---- C:\Windows\system32\cdd.dll
2011-11-23 21:39:59 ----A---- C:\Windows\system32\aaclient.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\wpdshext.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\webservices.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\tscfgwmi.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\t2embed.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\scrptadm.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\netdiagfx.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\IPSECSVC.DLL
2011-11-23 21:39:58 ----A---- C:\Windows\system32\fde.dll
2011-11-23 21:39:58 ----A---- C:\Windows\system32\drivers\termdd.sys
2011-11-23 21:39:58 ----A---- C:\Windows\system32\drivers\sbp2port.sys
2011-11-23 21:39:58 ----A---- C:\Windows\system32\drivers\rdpdr.sys
2011-11-23 21:39:57 ----A---- C:\Windows\system32\wuapi.dll
2011-11-23 21:39:57 ----A---- C:\Windows\system32\wscapi.dll
2011-11-23 21:39:57 ----A---- C:\Windows\system32\vmicsvc.exe
2011-11-23 21:39:57 ----A---- C:\Windows\system32\sdengin2.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\wisptis.exe
2011-11-23 21:39:56 ----A---- C:\Windows\system32\winsta.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\WinSCard.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\rdpcore.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\pla.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2011-11-23 21:39:56 ----A---- C:\Windows\system32\msasn1.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\mcmde.dll
2011-11-23 21:39:56 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2011-11-23 21:39:56 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2011-11-23 21:39:56 ----A---- C:\Windows\system32\cscobj.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\WUDFSvc.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\wiaservc.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\setupcl.exe
2011-11-23 21:39:55 ----A---- C:\Windows\system32\ntshrui.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\imapi2.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\iepeers.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\DXPTaskRingtone.dll
2011-11-23 21:39:55 ----A---- C:\Windows\system32\drivers\msahci.sys
2011-11-23 21:39:55 ----A---- C:\Windows\system32\aeinv.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\WMPEncEn.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\shsvcs.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\rasmans.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\onex.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\dwmredir.dll
2011-11-23 21:39:54 ----A---- C:\Windows\system32\drivers\acpi.sys
2011-11-23 21:39:53 ----A---- C:\Windows\system32\winmm.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\vaultsvc.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\thumbcache.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\TabSvc.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\samcli.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\proquota.exe
2011-11-23 21:39:53 ----A---- C:\Windows\system32\netiohlp.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\msutb.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2011-11-23 21:39:53 ----A---- C:\Windows\system32\hbaapi.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\halmacpi.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\hal.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\drivers\udfs.sys
2011-11-23 21:39:53 ----A---- C:\Windows\system32\bootres~4.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\bootres.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\autofmt.exe
2011-11-23 21:39:53 ----A---- C:\Windows\system32\autoconv.exe
2011-11-23 21:39:53 ----A---- C:\Windows\system32\autochk.exe
2011-11-23 21:39:53 ----A---- C:\Windows\system32\AudioSes.dll
2011-11-23 21:39:53 ----A---- C:\Windows\system32\audiodg.exe
2011-11-23 21:39:52 ----A---- C:\Windows\system32\wcncsvc.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\tcpipcfg.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\sspicli.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\schtasks.exe
2011-11-23 21:39:52 ----A---- C:\Windows\system32\regapi.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\msihnd.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\mscorier.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\mimefilt.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\ipsmsnap.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\framedyn.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\eapphost.dll
2011-11-23 21:39:52 ----A---- C:\Windows\system32\drivers\winusb.sys
2011-11-23 21:39:52 ----A---- C:\Windows\system32\drivers\volmgr.sys
2011-11-23 21:39:51 ----A---- C:\Windows\system32\untfs.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\umpo.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\scesrv.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\rastls.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\QAGENT.DLL
2011-11-23 21:39:51 ----A---- C:\Windows\system32\netid.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\DXP.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\drivers\partmgr.sys
2011-11-23 21:39:51 ----A---- C:\Windows\system32\drivers\netbt.sys
2011-11-23 21:39:51 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2011-11-23 21:39:51 ----A---- C:\Windows\system32\actxprxy.dll
2011-11-23 21:39:50 ----A---- C:\Windows\system32\wlanpref.dll
2011-11-23 21:39:50 ----A---- C:\Windows\system32\sppsvc.exe
2011-11-23 21:39:50 ----A---- C:\Windows\system32\sdclt.exe
2011-11-23 21:39:50 ----A---- C:\Windows\system32\nci.dll
2011-11-23 21:39:50 ----A---- C:\Windows\system32\drivers\ataport.sys
2011-11-23 21:39:49 ----A---- C:\Windows\system32\RpcRtRemote.dll
2011-11-23 21:39:49 ----A---- C:\Windows\system32\ListSvc.dll
2011-11-23 21:39:48 ----A---- C:\Windows\system32\WMNetMgr.dll
2011-11-23 21:39:48 ----A---- C:\Windows\system32\Robocopy.exe
2011-11-23 21:39:48 ----A---- C:\Windows\system32\licmgr10.dll
2011-11-23 21:39:47 ----A---- C:\Windows\system32\mtxclu.dll
2011-11-23 21:39:47 ----A---- C:\Windows\system32\msdri.dll
2011-11-23 21:39:47 ----A---- C:\Windows\system32\DxpTaskSync.dll
2011-11-23 21:39:47 ----A---- C:\Windows\system32\drivers\mpio.sys
2011-11-23 21:39:46 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-11-23 21:39:46 ----A---- C:\Windows\system32\userinit.exe
2011-11-23 21:39:46 ----A---- C:\Windows\system32\termmgr.dll
2011-11-23 21:39:46 ----A---- C:\Windows\system32\sharemediacpl.dll
2011-11-23 21:39:46 ----A---- C:\Windows\system32\puiobj.dll
2011-11-23 21:39:46 ----A---- C:\Windows\system32\drivers\winhv.sys
2011-11-23 21:39:46 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2011-11-23 21:39:46 ----A---- C:\Windows\system32\drivers\scsiport.sys
2011-11-23 21:39:46 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2011-11-23 21:39:46 ----A---- C:\Windows\system32\cscui.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\wiadefui.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\sppcomapi.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\shsetup.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\rasppp.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\msdtctm.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\logoncli.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\drivers\vmstorfl.sys
2011-11-23 21:39:45 ----A---- C:\Windows\system32\drivers\storvsc.sys
2011-11-23 21:39:45 ----A---- C:\Windows\system32\cabview.dll
2011-11-23 21:39:45 ----A---- C:\Windows\system32\biocpl.dll
2011-11-23 21:39:44 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2011-11-23 21:39:44 ----A---- C:\Windows\system32\drivers\rdyboost.sys
2011-11-23 21:39:44 ----A---- C:\Windows\system32\dnscmmc.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\wlanui.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\wkssvc.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\tapisrv.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\srcore.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\scecli.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\PhotoScreensaver.scr
2011-11-23 21:39:43 ----A---- C:\Windows\system32\mscories.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\mscms.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\mprddm.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\localsec.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\KMSVC.DLL
2011-11-23 21:39:43 ----A---- C:\Windows\system32\iasacct.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\hgcpl.dll
2011-11-23 21:39:43 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2011-11-23 21:39:43 ----A---- C:\Windows\system32\bcdsrv.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\wpdbusenum.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\wksprt.exe
2011-11-23 21:39:42 ----A---- C:\Windows\system32\w32tm.exe
2011-11-23 21:39:42 ----A---- C:\Windows\system32\VAN.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\spwizeng.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\qedit.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\qdvd.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\prntvpt.dll
2011-11-23 21:39:42 ----A---- C:\Windows\system32\azroleui.dll
2011-11-23 21:39:41 ----A---- C:\Windows\system32\zipfldr.dll
2011-11-23 21:39:41 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2011-11-23 21:39:41 ----A---- C:\Windows\system32\fdeploy.dll
2011-11-23 21:39:41 ----A---- C:\Windows\system32\drivers\ks.sys
2011-11-23 21:39:41 ----A---- C:\Windows\system32\cryptui.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\wusa.exe
2011-11-23 21:39:40 ----A---- C:\Windows\system32\prnfldr.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\OnLineIDCpl.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\networkmap.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\netjoin.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\mspbda.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\MCEWMDRMNDBootstrap.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\Faultrep.dll
2011-11-23 21:39:40 ----A---- C:\Windows\system32\adsldp.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\taskhost.exe
2011-11-23 21:39:39 ----A---- C:\Windows\system32\sud.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\slui.exe
2011-11-23 21:39:39 ----A---- C:\Windows\system32\rdpcorekmts.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\photowiz.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\msieftp.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\iprtrmgr.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\iasrad.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\halacpi.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\drivers\hidclass.sys
2011-11-23 21:39:39 ----A---- C:\Windows\system32\dot3cfg.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\defaultlocationcpl.dll
2011-11-23 21:39:39 ----A---- C:\Windows\system32\credssp.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\wpd_ci.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\syncui.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\sisbkup.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\shwebsvc.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\recovery.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\ifsutil.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\ieUnatt.exe
2011-11-23 21:39:38 ----A---- C:\Windows\system32\iesysprep.dll
2011-11-23 21:39:38 ----A---- C:\Windows\system32\ftp.exe
2011-11-23 21:39:38 ----A---- C:\Windows\system32\efscore.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\wmpmde.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\sppnp.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\rtutils.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\rdpwsx.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\ntlanman.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\dskquoui.dll
2011-11-23 21:39:37 ----A---- C:\Windows\system32\bcdedit.exe
2011-11-23 21:39:36 ----A---- C:\Windows\system32\vdsutil.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\systemcpl.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\sethc.exe
2011-11-23 21:39:36 ----A---- C:\Windows\system32\riched20.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\rdpsign.exe
2011-11-23 21:39:36 ----A---- C:\Windows\system32\ntprint.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\nshwfp.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\drivers\tdx.sys
2011-11-23 21:39:36 ----A---- C:\Windows\system32\blackbox.dll
2011-11-23 21:39:36 ----A---- C:\Windows\system32\bcdboot.exe
2011-11-23 21:39:35 ----A---- C:\Windows\system32\wmpsrcwp.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\netplwiz.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\NAPHLPR.DLL
2011-11-23 21:39:35 ----A---- C:\Windows\system32\migisol.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\httpapi.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\fms.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2011-11-23 21:39:35 ----A---- C:\Windows\system32\dpx.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\dot3svc.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\cdosys.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\AxInstSv.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2011-11-23 21:39:35 ----A---- C:\Windows\system32\activeds.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\wuwebv.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\wsqmcons.exe
2011-11-23 21:39:34 ----A---- C:\Windows\system32\wlanmsm.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\wavemsp.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\ReAgent.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\provsvc.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\nshipsec.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\nlaapi.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\msftedit.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\isoburn.exe
2011-11-23 21:39:34 ----A---- C:\Windows\system32\dot3ui.dll
2011-11-23 21:39:34 ----A---- C:\Windows\system32\asycfilt.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\wvc.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\wtsapi32.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\wimgapi.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\webcheck.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\tzutil.exe
2011-11-23 21:39:33 ----A---- C:\Windows\system32\twext.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\sysclass.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\PkgMgr.exe
2011-11-23 21:39:33 ----A---- C:\Windows\system32\ocsetup.exe
2011-11-23 21:39:33 ----A---- C:\Windows\system32\mstask.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\dsuiext.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\drivers\ndproxy.sys
2011-11-23 21:39:33 ----A---- C:\Windows\system32\certprop.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\appinfo.dll
2011-11-23 21:39:33 ----A---- C:\Windows\system32\AdmTmpl.dll
2011-11-23 21:39:32 ----A---- C:\Windows\twain_32.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\uxlib.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\SmiEngine.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\slwga.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\shdocvw.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\setupugc.exe
2011-11-23 21:39:32 ----A---- C:\Windows\system32\qcap.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\qasf.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\PresentationSettings.exe
2011-11-23 21:39:32 ----A---- C:\Windows\system32\occache.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\msrating.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-11-23 21:39:32 ----A---- C:\Windows\system32\imm32.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\wwanconn.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\wmdrmsdk.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\ssText3d.scr
2011-11-23 21:39:31 ----A---- C:\Windows\system32\srrstr.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\nslookup.exe
2011-11-23 21:39:31 ----A---- C:\Windows\system32\msvfw32.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\msscp.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\mciavi32.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\imgutil.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\DevicePairingFolder.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\clusapi.dll
2011-11-23 21:39:31 ----A---- C:\Windows\system32\audiodev.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2011-11-23 21:39:30 ----A---- C:\Windows\system32\wimserv.exe
2011-11-23 21:39:30 ----A---- C:\Windows\system32\UserAccountControlSettings.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\TSpkg.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\sdrsvc.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\remotepg.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\rdpencom.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\raschap.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\QUTIL.DLL
2011-11-23 21:39:30 ----A---- C:\Windows\system32\perfmon.exe
2011-11-23 21:39:30 ----A---- C:\Windows\system32\ocsetapi.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\NAPCRYPT.DLL
2011-11-23 21:39:30 ----A---- C:\Windows\system32\input.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\drmmgrtn.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\diskraid.exe
2011-11-23 21:39:30 ----A---- C:\Windows\system32\browser.dll
2011-11-23 21:39:30 ----A---- C:\Windows\system32\acppage.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\wpdwcn.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\wmpdxm.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\vpnikeapi.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\vdsbas.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\runonce.exe
2011-11-23 21:39:29 ----A---- C:\Windows\system32\onexui.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\olepro32.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\nltest.exe
2011-11-23 21:39:29 ----A---- C:\Windows\system32\iTVData.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\inseng.dll
2011-11-23 21:39:29 ----A---- C:\Windows\system32\dxdiagn.dll
2011-11-23 21:39:29 ----A---- C:\Windows\bfsvc.exe
2011-11-23 21:39:28 ----A---- C:\Windows\system32\sspisrv.dll
2011-11-23 21:39:28 ----A---- C:\Windows\system32\msvidc32.dll
2011-11-23 21:39:28 ----A---- C:\Windows\system32\msiexec.exe
2011-11-23 21:39:28 ----A---- C:\Windows\system32\MFPlay.dll
2011-11-23 21:39:28 ----A---- C:\Windows\system32\Mcx2Svc.dll
2011-11-23 21:39:28 ----A---- C:\Windows\system32\logagent.exe
2011-11-23 21:39:28 ----A---- C:\Windows\system32\eapp3hst.dll
2011-11-23 21:39:28 ----A---- C:\Windows\system32\drivers\rmcast.sys
2011-11-23 21:39:28 ----A---- C:\Windows\system32\d3d10level9.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\wudriver.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\wmpshell.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\wmdrmdev.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\unimdmat.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\tabcal.exe
2011-11-23 21:39:27 ----A---- C:\Windows\system32\sqlcese30.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\shacct.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\rdpd3d.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\PnPUnattend.exe
2011-11-23 21:39:27 ----A---- C:\Windows\system32\pdh.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\OpcServices.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\mprapi.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\lsmproxy.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\iscsium.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\cscapi.dll
2011-11-23 21:39:27 ----A---- C:\Windows\system32\Bubbles.scr
2011-11-23 21:39:27 ----A---- C:\Windows\system32\bitsadmin.exe
2011-11-23 21:39:26 ----A---- C:\Windows\system32\wwanprotdim.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\WUDFPlatform.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\WPDSp.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\WMPhoto.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\WMADMOD.DLL
2011-11-23 21:39:26 ----A---- C:\Windows\system32\utildll.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\tsgqec.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\srvcli.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\Ribbons.scr
2011-11-23 21:39:26 ----A---- C:\Windows\system32\QSVRMGMT.DLL
2011-11-23 21:39:26 ----A---- C:\Windows\system32\PortableDeviceSyncProvider.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\PortableDeviceStatus.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\olethk32.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\ncryptui.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\Mystify.scr
2011-11-23 21:39:26 ----A---- C:\Windows\system32\mshtmled.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\mapistub.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\mapi32.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\lpremove.exe
2011-11-23 21:39:26 ----A---- C:\Windows\system32\logman.exe
2011-11-23 21:39:26 ----A---- C:\Windows\system32\djoin.exe
2011-11-23 21:39:26 ----A---- C:\Windows\system32\CscMig.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\avifil32.dll
2011-11-23 21:39:26 ----A---- C:\Windows\system32\ActionQueue.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\WMVSDECD.DLL
2011-11-23 21:39:25 ----A---- C:\Windows\system32\wmdrmnet.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\wiavideo.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\unattend.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2011-11-23 21:39:25 ----A---- C:\Windows\system32\takeown.exe
2011-11-23 21:39:25 ----A---- C:\Windows\system32\sqmapi.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\sppinst.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\qdv.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\QCLIPROV.DLL
2011-11-23 21:39:25 ----A---- C:\Windows\system32\msyuv.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\msrle32.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\msnetobj.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\iyuv_32.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\imagehlp.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\fphc.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\EhStorAPI.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2011-11-23 21:39:25 ----A---- C:\Windows\system32\dot3msm.dll
2011-11-23 21:39:25 ----A---- C:\Windows\system32\cca.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\WUDFx.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\WUDFHost.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\wuauclt.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\wsnmp32.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2011-11-23 21:39:24 ----A---- C:\Windows\system32\vfwwdm32.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\umb.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\tsbyuv.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\setupcln.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\RelPost.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\qwinsta.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\qprocess.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\PrintIsolationProxy.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\pdhui.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\MuiUnattend.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\msorcl32.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\msg.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\iasrecst.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\drivers\tcpipreg.sys
2011-11-23 21:39:24 ----A---- C:\Windows\system32\drivers\ndisuio.sys
2011-11-23 21:39:24 ----A---- C:\Windows\system32\cmstp.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\chglogon.exe
2011-11-23 21:39:24 ----A---- C:\Windows\system32\basesrv.dll
2011-11-23 21:39:24 ----A---- C:\Windows\system32\AzSqlExt.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\wkscli.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\WavDest.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\syssetup.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\sppuinotify.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\spbcd.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\setbcdlocale.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\resutils.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\relog.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\rastapi.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\quser.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\nrpsrv.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\netiougc.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\netbtugc.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\MultiDigiMon.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\itircl.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\iscsicli.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\diskpart.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\CertPolEng.dll
2011-11-23 21:39:23 ----A---- C:\Windows\system32\BdeHdCfg.exe
2011-11-23 21:39:23 ----A---- C:\Windows\system32\amstream.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\wuapp.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\wmpps.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\wiarpc.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\WerFaultSecure.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\tskill.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\tsdiscon.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\tscon.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\tlscsp.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\sppc.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\shadow.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\secur32.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\rwinsta.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\ReAgentc.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\qappsrv.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\PrintBrmUi.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\netutils.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\netapi32.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\muifontsetup.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\mciqtz32.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\logoff.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\iccvid.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\findstr.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\eappgnui.dll
2011-11-23 21:39:22 ----A---- C:\Windows\system32\dosx.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\chgusr.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\chgport.exe
2011-11-23 21:39:22 ----A---- C:\Windows\system32\cabinet.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\wdiasqmmodule.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\vmstorfltres.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\vmicres.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\unlodctr.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\spopk.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\shimgvw.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\reset.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\repair-bde.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\rdprefdrvapi.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\query.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\netcfg.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\msdmo.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\manage-bde.exe
2011-11-23 21:39:21 ----A---- C:\Windows\system32\luainstall.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\inetmib1.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\HotStartUserAgent.dll
2011-11-23 21:39:21 ----A---- C:\Windows\system32\drivers\usbrpm.sys
2011-11-23 21:39:21 ----A---- C:\Windows\system32\drivers\tdi.sys
2011-11-23 21:39:21 ----A---- C:\Windows\system32\drivers\CompositeBus.sys
2011-11-23 21:39:21 ----A---- C:\Windows\system32\change.exe
2011-11-23 21:39:20 ----A---- C:\Windows\system32\wups.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\vmbusres.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\UIRibbonRes.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\TRAPI.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\profprov.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\perfts.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\odbcconf.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\msfeedssync.exe
2011-11-23 21:39:20 ----A---- C:\Windows\system32\icaapi.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\elsTrans.dll
2011-11-23 21:39:20 ----A---- C:\Windows\system32\drivers\tunnel.sys
2011-11-23 21:39:20 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-11-23 21:39:20 ----A---- C:\Windows\system32\drivers\cdrom.sys
2011-11-23 21:39:20 ----A---- C:\Windows\system32\browcli.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\wshbth.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\schedcli.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\RDPENCDD.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\napdsnap.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\LogonUI.exe
2011-11-23 21:39:19 ----A---- C:\Windows\system32\dsauth.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\drivers\acpipmi.sys
2011-11-23 21:39:19 ----A---- C:\Windows\system32\cscdll.dll
2011-11-23 21:39:19 ----A---- C:\Windows\system32\bitsperf.dll
2011-11-23 21:39:18 ----A---- C:\Windows\system32\wsdchngr.dll
2011-11-23 21:39:18 ----A---- C:\Windows\system32\sscore.dll
2011-11-23 21:39:18 ----A---- C:\Windows\system32\shgina.dll
2011-11-23 21:39:18 ----A---- C:\Windows\system32\riched32.dll
2011-11-23 21:39:15 ----A---- C:\Windows\system32\wups2.dll
2011-11-23 21:39:15 ----A---- C:\Windows\system32\drivers\ndiswan.sys
2011-11-23 21:39:14 ----A---- C:\Windows\system32\rdpcfgex.dll
2011-11-23 21:39:14 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2011-11-23 21:39:14 ----A---- C:\Windows\system32\drivers\VMBusHID.sys
2011-11-23 21:39:14 ----A---- C:\Windows\system32\drivers\hidusb.sys
2011-11-23 21:39:14 ----A---- C:\Windows\system32\drivers\appid.sys
2011-11-23 21:39:13 ----A---- C:\Windows\system32\wshirda.dll
2011-11-23 21:39:13 ----A---- C:\Windows\system32\drivers\IPMIDrv.sys
2011-11-23 21:39:12 ----A---- C:\Windows\system32\vmictimeprovider.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\VmdCoinstall.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\vmbuspipe.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\VmbusCoinstaller.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\spwmp.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\IcCoinstall.dll
2011-11-23 21:39:12 ----A---- C:\Windows\system32\drivers\USBCAMD2.sys
2011-11-23 21:39:12 ----A---- C:\Windows\system32\drivers\USBCAMD.sys
2011-11-23 21:39:12 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2011-11-23 21:39:12 ----A---- C:\Windows\system32\drivers\kbdhid.sys
2011-11-23 21:39:12 ----A---- C:\Windows\system32\browseui.dll
2011-11-23 21:39:11 ----A---- C:\Windows\system32\shunimpl.dll
2011-11-23 21:39:11 ----A---- C:\Windows\system32\RDPREFDD.dll
2011-11-23 21:39:11 ----A---- C:\Windows\system32\dxmasf.dll
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\wanarp.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\umbus.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\tdpipe.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\sffp_sd.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\scfilter.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\RDPCDD.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\drivers\hdaudbus.sys
2011-11-23 21:39:11 ----A---- C:\Windows\system32\C_ISCII.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDUS.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDUGHR1.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDTURME.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDTAJIK.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDMON.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDMAORI.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDLT1.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDINTEL.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDINORI.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDINKAN.DLL
2011-11-23 21:39:09 ----A---- C:\Windows\system32\KBDGEO.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\spwizres.dll
2011-11-23 21:39:08 ----A---- C:\Windows\system32\pifmgr.dll
2011-11-23 21:39:08 ----A---- C:\Windows\system32\nlsbres.dll
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDTUQ.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDTUF.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDSG.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDSF.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDPO.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDNEPR.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\kbdlk41a.dll
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDINTAM.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDINMAR.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDINHIN.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDINBEN.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDGR1.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDGKL.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDCZ1.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDBULG.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDBLR.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\KBDBASH.DLL
2011-11-23 21:39:08 ----A---- C:\Windows\system32\drivers\vms3cap.sys
2011-11-23 21:39:08 ----A---- C:\Windows\system32\dpnaddr.dll
2011-11-23 21:39:08 ----A---- C:\Windows\system32\BlbEvents.dll
2011-11-23 21:39:02 ----A---- C:\Windows\system32\wdscore.dll
2011-11-23 21:38:49 ----A---- C:\Windows\system32\wbemcomn.dll
2011-11-23 20:35:07 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-11-23 20:35:07 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-11-23 20:35:07 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-11-23 20:35:06 ----A---- C:\Windows\system32\fontsub.dll
2011-11-23 20:35:06 ----A---- C:\Windows\system32\atmlib.dll
2011-11-23 20:35:06 ----A---- C:\Windows\system32\atmfd.dll
2011-11-23 20:35:05 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-11-23 20:35:05 ----A---- C:\Windows\system32\drivers\srv.sys
2011-11-23 20:35:04 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-11-23 20:35:03 ----A---- C:\Windows\system32\drivers\afd.sys
2011-11-23 20:34:28 ----A---- C:\Windows\system32\mfc42u.dll
2011-11-23 20:34:28 ----A---- C:\Windows\system32\mfc42.dll
2011-11-23 20:15:13 ----A---- C:\Windows\system32\MRT.exe
2011-11-23 20:07:45 ----A---- C:\Windows\system32\mshtml.dll
2011-11-23 20:07:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-11-23 20:07:12 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-11-23 20:06:50 ----A---- C:\Windows\system32\KernelBase.dll
2011-11-23 20:06:50 ----A---- C:\Windows\system32\kernel32.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-11-23 20:06:49 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-11-23 20:06:49 ----A---- C:\Windows\system32\winsrv.dll
2011-11-23 20:06:49 ----A---- C:\Windows\system32\conhost.exe
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-11-23 20:06:48 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-11-23 20:06:47 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-11-23 20:06:47 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-11-23 20:06:27 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-23 20:06:27 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2011-11-23 20:06:21 ----A---- C:\Windows\system32\sbe.dll
2011-11-23 20:06:21 ----A---- C:\Windows\system32\EncDec.dll
2011-11-23 20:06:21 ----A---- C:\Windows\system32\CPFilters.dll
2011-11-23 20:06:19 ----A---- C:\Windows\system32\win32k.sys
2011-11-23 20:06:14 ----A---- C:\Windows\system32\oleaut32.dll
2011-11-23 20:06:14 ----A---- C:\Windows\system32\oleacc.dll
2011-11-23 20:06:12 ----A---- C:\Windows\system32\jscript.dll
2011-11-23 20:06:11 ----A---- C:\Windows\system32\vbscript.dll
2011-11-23 20:05:58 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-11-23 20:05:58 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-11-23 20:05:58 ----A---- C:\Windows\system32\dnsapi.dll
2011-11-23 20:05:56 ----A---- C:\Windows\system32\kerberos.dll
2011-11-23 20:05:53 ----A---- C:\Windows\system32\inetcomm.dll
2011-11-23 20:05:28 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-11-23 20:05:28 ----A---- C:\Windows\system32\cfgmgr32.dll
2011-11-23 20:05:25 ----A---- C:\Windows\system32\psisdecd.dll
2011-11-23 20:05:12 ----A---- C:\Windows\system32\odbcjt32.dll
2011-11-23 20:05:12 ----A---- C:\Windows\system32\odbccr32.dll
2011-11-23 20:05:12 ----A---- C:\Windows\system32\odbccp32.dll
2011-11-23 20:05:11 ----A---- C:\Windows\system32\odbctrac.dll
2011-11-23 20:05:11 ----A---- C:\Windows\system32\odbccu32.dll
2011-11-23 19:57:42 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-11-23 19:57:19 ----A---- C:\Windows\system32\poqexec.exe
2011-11-23 18:54:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-23 18:09:23 ----SD---- C:\Users\mog\AppData\Roaming\Microsoft
2011-11-23 18:09:23 ----D---- C:\Users\mog\AppData\Roaming\Media Center Programs
2011-11-23 18:06:28 ----SHD---- C:\Windows\Installer
2011-11-23 18:06:21 ----D---- C:\ProgramData\NVIDIA Corporation
2011-11-23 18:06:19 ----D---- C:\Program Files\NVIDIA Corporation
2011-11-23 18:04:13 ----D---- C:\Windows\Prefetch
2011-11-23 18:02:59 ----D---- C:\Windows\Panther
2011-11-23 06:43:00 ----D---- C:\NST
2011-11-22 18:55:35 ----A---- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2011-11-22 18:50:19 ----D---- C:\Program Files\Microsoft IntelliType Pro
2011-11-22 18:41:52 ----D---- C:\Program Files\Microsoft IntelliPoint
2011-11-22 16:14:02 ----D---- C:\Program Files\r2 Studios
2011-11-22 01:10:22 ----D---- C:\Users\mog\AppData\Roaming\DonationCoder
2011-11-22 01:10:22 ----D---- C:\ProgramData\DonationCoder
2011-11-21 12:10:02 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-11-21 09:32:54 ----D---- C:\Windows\CheckSur
2011-11-21 08:54:57 ----D---- C:\f15c3b79f9bb618335e5
2011-11-21 06:30:06 ----D---- C:\Users\mog\AppData\Roaming\Skype
2011-11-21 06:29:41 ----D---- C:\Program Files\Common Files\Skype
2011-11-21 06:29:38 ----RD---- C:\Program Files\Skype
2011-11-21 06:29:29 ----D---- C:\ProgramData\Skype
2011-11-21 06:24:35 ----D---- C:\Users\mog\AppData\Roaming\ManyCam
2011-11-21 06:24:08 ----D---- C:\ProgramData\Ask
2011-11-21 01:59:09 ----A---- C:\Windows\system32\emptyregdb.dat
2011-11-20 22:44:11 ----A---- C:\Windows\CompatibilityIssues.txt
2011-11-19 15:15:48 ----D---- C:\Program Files\Resource Hacker
2011-11-19 12:45:26 ----D---- C:\Users\mog\AppData\Roaming\Bao_Nguyen
2011-11-19 08:10:11 ----D---- C:\Program Files\Skin Pack
2011-11-19 08:10:07 ----D---- C:\Users\mog\AppData\Roaming\myBoard
2011-11-19 00:49:13 ----D---- C:\Program Files\IconViewer
2011-11-18 23:35:09 ----D---- C:\Program Files\Yzshadow
2011-11-18 23:35:06 ----D---- C:\Program Files\UberIcon
2011-11-18 23:34:57 ----D---- C:\Program Files\RocketDock
2011-11-18 20:17:08 ----D---- C:\Program Files\Copernic Desktop Search - Home
2011-11-18 20:16:56 ----D---- C:\Users\mog\AppData\Roaming\Copernic
2011-11-18 12:23:05 ----D---- C:\SnowFiles
2011-11-18 12:23:04 ----A---- C:\Windows\system32\Uharc.exe
2011-11-18 12:23:04 ----A---- C:\Windows\system32\modifype.exe
2011-11-17 15:27:45 ----D---- C:\Program Files\My Company Name
2011-11-17 02:11:07 ----D---- C:\Sites
2011-11-16 17:51:32 ----D---- C:\Users\mog\AppData\Roaming\OnLive App
2011-11-16 17:51:15 ----D---- C:\Program Files\OnLive
2011-11-16 05:36:50 ----D---- C:\Users\mog\AppData\Roaming\SecondLife
2011-11-16 05:36:04 ----D---- C:\Program Files\SecondLifeViewer2
2011-11-14 23:36:28 ----HD---- C:\Windows\Icons
2011-11-14 22:52:19 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-11-14 22:43:00 ----D---- C:\Program Files\Common Files\Adobe
2011-11-14 22:09:09 ----D---- C:\Program Files\Common Files\DESIGNER
2011-11-14 22:08:02 ----D---- C:\Program Files\Microsoft Synchronization Services
2011-11-14 22:07:09 ----D---- C:\Program Files\Microsoft Sync Framework
2011-11-14 22:06:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-11-14 22:05:30 ----D---- C:\Program Files\Microsoft Analysis Services
2011-11-14 22:05:19 ----D---- C:\Windows\SHELLNEW
2011-11-14 22:04:41 ----D---- C:\Program Files\Microsoft Office
2011-11-14 22:04:40 ----D---- C:\ProgramData\Microsoft Help
2011-11-14 22:04:23 ----RHD---- C:\MSOCache
2011-11-14 21:01:35 ----D---- C:\Users\mog\AppData\Roaming\TuneUp Software
2011-11-14 21:00:42 ----D---- C:\ProgramData\TuneUp Software
2011-11-14 20:59:56 ----SHD---- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-11-14 20:49:30 ----A---- C:\Windows\system32\libmysql_d.dll
2011-11-14 20:49:20 ----D---- C:\Program Files\PremiumSoft
2011-11-14 13:02:23 ----D---- C:\Program Files\PlotSoft
2011-11-14 11:36:31 ----A---- C:\Windows\system32\zlib1.dll
2011-11-14 11:36:30 ----A---- C:\Windows\system32\QtGui4.dll
2011-11-14 11:36:30 ----A---- C:\Windows\system32\QtCore4.dll
2011-11-14 11:36:30 ----A---- C:\Windows\system32\freetype6.dll
2011-11-14 10:52:32 ----D---- C:\Users\mog\AppData\Roaming\ooVoo Details
2011-11-14 10:52:20 ----D---- C:\Program Files\ooVoo
2011-11-14 04:33:05 ----D---- C:\Users\mog\AppData\Roaming\WinFF
2011-11-14 04:33:02 ----D---- C:\Program Files\WinFF
2011-11-14 04:07:50 ----D---- C:\Windows\en
2011-11-14 04:05:31 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2011-11-14 04:01:56 ----D---- C:\Program Files\Windows Live
2011-11-14 04:00:46 ----A---- C:\Windows\system32\XAudio2_5.dll
2011-11-14 04:00:46 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2011-11-14 04:00:45 ----A---- C:\Windows\system32\d3dx10_42.dll
2011-11-14 04:00:21 ----A---- C:\Windows\system32\d3dx9_32.dll
2011-11-14 03:58:42 ----D---- C:\Program Files\Common Files\Windows Live
2011-11-12 10:10:42 ----D---- C:\Program Files\ConvertHelper
2011-11-09 18:25:15 ----D---- C:\Program Files\Microsoft Silverlight
2011-11-08 06:36:50 ----D---- C:\Program Files\Sylpheed
2011-11-08 04:57:34 ----D---- C:\Program Files\Tracker Software
2011-11-08 04:29:27 ----D---- C:\Program Files\profilemanager
2011-11-08 03:21:57 ----D---- C:\Program Files\SeaMonkey
2011-11-07 23:30:13 ----D---- C:\Program Files\JExifViewer
2011-11-06 22:04:56 ----D---- C:\ProgramData\firebird
2011-11-06 22:03:54 ----D---- C:\Program Files\deepinvent
2011-11-05 17:26:57 ----D---- C:\Users\mog\AppData\Roaming\EAC
2011-11-05 17:26:44 ----D---- C:\Users\mog\AppData\Roaming\AccurateRip
2011-11-05 17:26:32 ----D---- C:\Program Files\Exact Audio Copy
2011-11-02 00:34:15 ----D---- C:\Program Files\MozBackup
2011-11-01 00:17:49 ----A---- C:\Windows\system32\javaws.exe
2011-11-01 00:17:49 ----A---- C:\Windows\system32\javaw.exe
2011-11-01 00:17:49 ----A---- C:\Windows\system32\java.exe
2011-10-29 09:38:25 ----D---- C:\Users\mog\AppData\Roaming\EPSON
2011-10-29 09:33:14 ----D---- C:\Program Files\epson
2011-10-27 00:23:45 ----D---- C:\Program Files\Lame For Audacity
2011-10-26 09:29:40 ----D---- C:\Users\mog\AppData\Roaming\pdfforge
2011-10-26 09:29:31 ----D---- C:\Program Files\PDFCreator
2011-10-26 09:29:31 ----A---- C:\Windows\system32\MSMPIDE.DLL
2011-10-26 08:40:48 ----A---- C:\Windows\system32\pdfcmnnt.dll
2011-10-23 06:19:18 ----D---- C:\Users\mog\AppData\Roaming\FileZilla
2011-10-23 06:18:54 ----D---- C:\Program Files\FileZilla FTP Client
2011-10-23 05:22:39 ----D---- C:\Users\mog\AppData\Roaming\Nvu
2011-10-22 20:20:10 ----D---- C:\Users\mog\AppData\Roaming\Thunderbird
2011-10-22 20:14:54 ----D---- C:\Program Files\Mozilla Thunderbird
2011-10-22 03:45:59 ----D---- C:\Program Files\Smart Suggestor
2011-10-22 03:45:58 ----D---- C:\ProgramData\APSuggestor
2011-10-22 03:18:51 ----D---- C:\Users\mog\AppData\Roaming\VDownloader
2011-10-22 03:18:43 ----D---- C:\Program Files\Real
2011-10-22 03:18:42 ----D---- C:\ProgramData\Real
2011-10-22 03:18:38 ----D---- C:\Users\mog\AppData\Roaming\Real
2011-10-22 03:17:53 ----A---- C:\Program Files\Common Files\WinPcapNmap.exe
2011-10-22 03:17:51 ----A---- C:\Program Files\Common Files\ApnToolbarInstaller.exe
2011-10-22 03:17:51 ----A---- C:\Program Files\Common Files\ApnStub.exe
2011-10-22 03:17:44 ----D---- C:\Users\mog\AppData\Roaming\OpenCandy
2011-10-22 03:17:43 ----D---- C:\Program Files\VDownloader
2011-10-22 03:03:49 ----D---- C:\Program Files\freecordertoolbar
2011-10-22 03:03:15 ----D---- C:\Program Files\Freecorder
2011-10-22 02:38:44 ----D---- C:\Users\mog\AppData\Roaming\Moyea
2011-10-22 01:59:19 ----D---- C:\Program Files\TubEmAll Pro
2011-10-20 19:41:44 ----D---- C:\Users\mog\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-10-20 19:41:28 ----D---- C:\Program Files\TweetDeck
2011-10-13 16:01:51 ----D---- C:\Users\mog\AppData\Roaming\Digital Confidence
2011-10-13 16:01:51 ----D---- C:\Program Files\Digital Confidence
2011-10-12 07:48:32 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 2 months======

2011-12-07 11:31:39 ----HD---- C:\ProgramData
2011-12-07 11:26:54 ----D---- C:\Users\mog\AppData\Roaming\QuickScan
2011-12-07 11:12:06 ----D---- C:\Windows\Downloaded Program Files
2011-12-07 11:12:05 ----RD---- C:\Program Files
2011-12-07 10:24:04 ----D---- C:\Windows\System32
2011-12-07 10:12:45 ----D---- C:\Windows\system32\drivers
2011-12-07 09:49:13 ----D---- C:\Windows\inf
2011-12-07 09:42:24 ----D---- C:\Windows\Temp
2011-12-07 09:40:29 ----D---- C:\Windows\system32\config
2011-12-07 09:36:14 ----D---- C:\Users\mog\AppData\Roaming\Dropbox
2011-12-07 09:32:05 ----D---- C:\Users\mog\AppData\Roaming\VideoStream
2011-12-07 09:29:32 ----D---- C:\Windows
2011-12-07 09:13:06 ----D---- C:\Program Files\SUPERAntiSpyware
2011-12-07 08:39:56 ----D---- C:\Users\mog\AppData\Roaming\uTorrent
2011-12-07 06:15:51 ----SHD---- C:\System Volume Information
2011-12-07 04:08:12 ----SHD---- C:\Config.Msi
2011-12-07 03:59:22 ----D---- C:\Users\mog\AppData\Roaming\RemoteHelper
2011-12-06 04:50:57 ----D---- C:\Windows\system32\catroot
2011-12-06 04:50:56 ----D---- C:\Windows\system32\DriverStore
2011-12-06 02:01:06 ----D---- C:\Users\mog\AppData\Roaming\TeraCopy
2011-12-05 12:47:42 ----D---- C:\Program Files\CPUID
2011-12-05 12:45:19 ----D---- C:\Program Files\Mozilla Firefox
2011-12-05 12:44:41 ----D---- C:\Program Files\Core Temp
2011-12-04 23:39:41 ----D---- C:\Users\mog\AppData\Roaming\vlc
2011-12-04 23:07:41 ----D---- C:\Program Files\Winamp
2011-12-04 21:05:05 ----D---- C:\Windows\system32\catroot2
2011-12-04 15:28:39 ----D---- C:\Windows\winsxs
2011-12-04 15:23:46 ----D---- C:\Program Files\Common Files
2011-12-04 13:56:39 ----D---- C:\Program Files\MagicISO
2011-12-04 10:13:27 ----D---- C:\Program Files\SiSoftware
2011-12-04 07:29:20 ----D---- C:\ProgramData\NVIDIA
2011-12-01 23:41:02 ----D---- C:\Users\mog\AppData\Roaming\Echo AudioFire Console
2011-12-01 13:56:01 ----SHD---- C:\$RECYCLE.BIN
2011-12-01 12:46:07 ----D---- C:\NVIDIA
2011-12-01 08:37:21 ----D---- C:\Windows\Tasks
2011-12-01 08:37:21 ----D---- C:\Windows\system32\wfp
2011-12-01 08:37:21 ----D---- C:\Windows\system32\wbem
2011-12-01 08:37:21 ----D---- C:\Windows\system32\Tasks
2011-12-01 08:37:20 ----D---- C:\Windows\system32\CodeIntegrity
2011-12-01 08:37:17 ----D---- C:\Program Files\Auslogics
2011-12-01 08:37:13 ----D---- C:\Windows\registration
2011-12-01 07:29:31 ----D---- C:\Windows\Logs
2011-12-01 07:25:23 ----RD---- C:\Users
2011-12-01 07:25:04 ----HD---- C:\Program Files\InstallShield Installation Information
2011-12-01 05:11:16 ----D---- C:\Users\mog\AppData\Roaming\Identities
2011-12-01 01:31:13 ----DC---- C:\Windows\system32\DRVSTORE
2011-12-01 00:21:32 ----D---- C:\Program Files\Pale Moon
2011-11-30 02:05:20 ----D---- C:\Windows\system32\drivers\UMDF
2011-11-30 01:44:39 ----D---- C:\Windows\rescache
2011-11-29 23:57:41 ----D---- C:\Program Files\Windows Media Player
2011-11-29 23:57:40 ----D---- C:\Windows\system32\migwiz
2011-11-29 23:57:40 ----D---- C:\Program Files\Windows Defender
2011-11-29 23:57:40 ----D---- C:\Program Files\DVD Maker
2011-11-29 23:54:31 ----D---- C:\Windows\system32\en-US
2011-11-29 23:53:29 ----D---- C:\Windows\Cursors
2011-11-29 23:52:16 ----A---- C:\Windows\system32\themeservice.dll
2011-11-29 23:52:15 ----A---- C:\Windows\system32\uxtheme.dll
2011-11-29 23:35:31 ----D---- C:\Windows\system32\xlive
2011-11-29 23:35:29 ----D---- C:\Windows\system32\OEM
2011-11-29 23:35:29 ----D---- C:\Windows\system32\NDF
2011-11-29 23:35:29 ----D---- C:\Windows\system32\Macromed
2011-11-29 23:35:29 ----D---- C:\Windows\system32\EventProviders
2011-11-29 23:35:20 ----D---- C:\Windows\Branding
2011-11-29 23:35:20 ----D---- C:\Windows\AppCompat
2011-11-29 23:35:18 ----D---- C:\Program Files\Windows Sidebar
2011-11-29 23:35:18 ----D---- C:\Program Files\TeraCopy
2011-11-29 23:34:40 ----D---- C:\Windows\system32\WindowsPowerShell
2011-11-29 23:34:36 ----D---- C:\Windows\system32\spp
2011-11-29 23:34:36 ----D---- C:\Windows\system32\spool
2011-11-29 23:34:36 ----D---- C:\Windows\system32\Speech
2011-11-29 23:34:28 ----SD---- C:\Windows\system32\Microsoft
2011-11-29 23:33:47 ----D---- C:\Program Files\Oracle
2011-11-29 23:29:49 ----D---- C:\Windows\system32\LogFiles
2011-11-25 05:43:23 ----D---- C:\Program Files\CACE Technologies
2011-11-25 01:19:20 ----RSD---- C:\Windows\Fonts
2011-11-25 01:19:20 ----D---- C:\Windows\AppPatch
2011-11-24 09:20:52 ----D---- C:\Windows\system32\wdi
2011-11-24 08:24:13 ----D---- C:\Windows\debug
2011-11-24 08:04:30 ----D---- C:\Users\mog\AppData\Roaming\Sylpheed
2011-11-23 23:42:56 ----D---- C:\Windows\Microsoft.NET
2011-11-23 23:40:26 ----RSD---- C:\Windows\assembly
2011-11-23 22:08:34 ----D---- C:\Program Files\Windows Mail
2011-11-23 22:08:33 ----D---- C:\Program Files\Internet Explorer
2011-11-23 22:08:32 ----D---- C:\Program Files\Windows Portable Devices
2011-11-23 22:08:31 ----D---- C:\Program Files\Windows Photo Viewer
2011-11-23 22:08:30 ----D---- C:\Program Files\Common Files\System
2011-11-23 22:08:26 ----D---- C:\Windows\servicing
2011-11-23 22:08:26 ----D---- C:\Windows\ehome
2011-11-23 22:08:19 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2011-11-23 22:08:18 ----D---- C:\Windows\system32\da-DK
2011-11-23 22:08:18 ----D---- C:\Windows\PolicyDefinitions
2011-11-23 22:08:16 ----D---- C:\Windows\system32\oobe
2011-11-23 22:08:15 ----D---- C:\Windows\system32\sysprep
2011-11-23 22:08:15 ----D---- C:\Windows\system32\migration
2011-11-23 22:08:14 ----D---- C:\Windows\system32\sppui
2011-11-23 22:08:14 ----D---- C:\Windows\system32\Setup
2011-11-23 22:08:14 ----D---- C:\Windows\system32\manifeststore
2011-11-23 22:08:14 ----D---- C:\Windows\system32\es-ES
2011-11-23 22:08:14 ----D---- C:\Windows\system32\en
2011-11-23 22:08:14 ----D---- C:\Windows\system32\cs-CZ
2011-11-23 22:08:14 ----D---- C:\Windows\system32\AdvancedInstallers
2011-11-23 22:08:13 ----D---- C:\Windows\system32\drivers\en-US
2011-11-23 22:08:10 ----D---- C:\Windows\system32\Dism
2011-11-23 22:07:23 ----D---- C:\Windows\system32\Boot
2011-11-23 22:03:01 ----A---- C:\Windows\system32\msclmd.dll
2011-11-23 18:54:33 ----D---- C:\Windows\system32\restore
2011-11-23 18:54:23 ----D---- C:\Windows\SoftwareDistribution
2011-11-23 18:52:28 ----SD---- C:\ProgramData\Microsoft
2011-11-23 18:49:46 ----D---- C:\Windows\Setup
2011-11-23 18:48:12 ----SHD---- C:\Recovery
2011-11-23 18:48:12 ----D---- C:\Windows\system32\Recovery
2011-11-23 18:37:37 ----RSD---- C:\Windows\Media
2011-11-23 18:37:26 ----HD---- C:\Windows\system32\GroupPolicy
2011-11-23 18:29:31 ----D---- C:\Users\mog\AppData\Roaming\Wireshark
2011-11-23 18:29:30 ----D---- C:\Users\mog\AppData\Roaming\TrueCrypt
2011-11-23 18:29:14 ----D---- C:\Users\mog\AppData\Roaming\SUPERAntiSpyware.com
2011-11-23 18:29:13 ----D---- C:\Users\mog\AppData\Roaming\SBG-SVG
2011-11-23 18:29:11 ----D---- C:\Users\mog\AppData\Roaming\OpenOffice.org
2011-11-23 18:29:09 ----D---- C:\Users\mog\AppData\Roaming\Mozilla
2011-11-23 18:28:36 ----D---- C:\Users\mog\AppData\Roaming\Moonchild Productions
2011-11-23 18:28:31 ----D---- C:\Users\mog\AppData\Roaming\Malwarebytes
2011-11-23 18:28:31 ----D---- C:\Users\mog\AppData\Roaming\Macromedia
2011-11-23 18:28:31 ----D---- C:\Users\mog\AppData\Roaming\gtk-2.0
2011-11-23 18:28:31 ----D---- C:\Users\mog\AppData\Roaming\Foxit Software
2011-11-23 18:28:31 ----D---- C:\Users\mog\AppData\Roaming\FastCopy
2011-11-23 18:28:30 ----D---- C:\Users\mog\AppData\Roaming\Auslogics
2011-11-23 18:28:30 ----D---- C:\Users\mog\AppData\Roaming\Audacity
2011-11-23 18:28:30 ----D---- C:\Users\mog\AppData\Roaming\Apple Computer
2011-11-23 18:27:10 ----D---- C:\Users\mog\AppData\Roaming\Adobe
2011-11-23 18:18:06 ----D---- C:\Windows\twain_32
2011-11-23 18:17:58 ----D---- C:\Windows\system32\drivers\etc
2011-11-23 18:17:57 ----D---- C:\Windows\system32\appmgmt
2011-11-23 18:17:51 ----D---- C:\Windows\Sun
2011-11-23 18:17:49 ----D---- C:\Windows\pss
2011-11-23 18:17:37 ----D---- C:\Windows\LiveKernelReports
2011-11-23 18:17:25 ----D---- C:\Windows\GFIBckBUnwise
2011-11-23 18:17:00 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-11-23 18:17:00 ----D---- C:\ProgramData\Sun
2011-11-23 18:16:59 ----D---- C:\ProgramData\r2 Studios
2011-11-23 18:16:59 ----D---- C:\ProgramData\PMS
2011-11-23 18:16:45 ----D---- C:\ProgramData\Malwarebytes
2011-11-23 18:16:44 ----D---- C:\ProgramData\Apple Computer
2011-11-23 18:16:44 ----D---- C:\ProgramData\Apple
2011-11-23 18:16:43 ----D---- C:\ProgramData\Adobe
2011-11-23 18:16:37 ----D---- C:\Program Files\Wise Registry Cleaner
2011-11-23 18:16:37 ----D---- C:\Program Files\Wireshark
2011-11-23 18:16:17 ----D---- C:\Program Files\VS Revo Group
2011-11-23 18:16:17 ----D---- C:\Program Files\VideoStream
2011-11-23 18:16:11 ----D---- C:\Program Files\VideoLAN
2011-11-23 18:16:10 ----D---- C:\Program Files\uTorrent
2011-11-23 18:16:10 ----D---- C:\Program Files\TrueCrypt
2011-11-23 18:16:08 ----D---- C:\Program Files\Tensons
2011-11-23 18:16:08 ----D---- C:\Program Files\SysTool
2011-11-23 18:16:03 ----D---- C:\Program Files\SpeedFan
2011-11-23 18:16:03 ----D---- C:\Program Files\SoulseekNS
2011-11-23 18:15:59 ----D---- C:\Program Files\Sheep Friends
2011-11-23 18:15:12 ----D---- C:\Program Files\Seagate
2011-11-23 18:15:11 ----D---- C:\Program Files\Remote HD
2011-11-23 18:15:11 ----D---- C:\Program Files\QuickTime
2011-11-23 18:14:58 ----D---- C:\Program Files\PS3 Media Server
2011-11-23 18:14:44 ----D---- C:\Program Files\PeerBlock
2011-11-23 18:14:36 ----D---- C:\Program Files\OpenOffice.org 3
2011-11-23 18:14:08 ----D---- C:\Program Files\NVIDIA nTune Performance Application
2011-11-23 18:14:06 ----D---- C:\Program Files\NeoSmart Technologies
2011-11-23 18:14:06 ----D---- C:\Program Files\MSBuild
2011-11-23 18:14:04 ----D---- C:\Program Files\MixMeister
2011-11-23 18:14:04 ----D---- C:\Program Files\Microsoft.NET
2011-11-23 18:13:22 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2011-11-23 18:13:21 ----D---- C:\Program Files\MetaGeek
2011-11-23 18:13:15 ----D---- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2011-11-23 18:13:10 ----D---- C:\Program Files\Java
2011-11-23 18:13:05 ----D---- C:\Program Files\IZArc
2011-11-23 18:13:03 ----D---- C:\Program Files\HD Tune
2011-11-23 18:12:51 ----D---- C:\Program Files\GIMP-2.0
2011-11-23 18:12:23 ----D---- C:\Program Files\GFI
2011-11-23 18:12:22 ----D---- C:\Program Files\FreeDNS Update
2011-11-23 18:12:13 ----D---- C:\Program Files\FastCopy
2011-11-23 18:12:13 ----D---- C:\Program Files\Eraser
2011-11-23 18:12:12 ----D---- C:\Program Files\Echo Digital Audio
2011-11-23 18:12:12 ----D---- C:\Program Files\Digiarty
2011-11-23 18:12:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-11-23 18:12:08 ----D---- C:\Program Files\Common Files\PX Storage Engine
2011-11-23 18:12:08 ----D---- C:\Program Files\Common Files\microsoft shared
2011-11-23 18:12:03 ----D---- C:\Program Files\Common Files\Java
2011-11-23 18:12:03 ----D---- C:\Program Files\Common Files\InstallShield
2011-11-23 18:11:55 ----D---- C:\Program Files\Common Files\Apple
2011-11-23 18:11:49 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-11-23 18:11:29 ----D---- C:\Program Files\CCleaner
2011-11-23 18:11:28 ----D---- C:\Program Files\Bonjour Print Services
2011-11-23 18:11:25 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2011-11-23 18:11:14 ----D---- C:\Program Files\ATITool
2011-11-23 18:11:14 ----D---- C:\Program Files\Apple Software Update
2011-11-23 18:11:14 ----D---- C:\Program Files\Air Mouse
2011-11-23 18:06:37 ----D---- C:\Windows\Help
2011-11-23 18:04:48 ----D---- C:\Windows\CSC
2011-11-16 12:55:57 ----D---- C:\Users\mog\AppData\Roaming\SoMud
2011-11-14 22:05:42 ----A---- C:\Windows\win.ini
2011-11-02 12:45:45 ----A---- C:\Windows\WORDPAD.INI
2011-10-22 03:18:48 ----A---- C:\Windows\system32\msvcr71.dll
2011-10-22 03:18:48 ----A---- C:\Windows\system32\msvcp71.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2011-10-21 39560]
R0 EUBKMON;EUBKMON; C:\Windows\system32\drivers\EUBKMON.sys [2011-10-21 43656]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2011-03-18 25240]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R3 dc3d;MS Hardware Device Detection Driver; C:\Windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 21784]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2009-07-13 429056]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32.sys [2011-08-01 40936]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2011-03-25 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2011-03-25 16560]
S1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-09-06 442200]
S1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-09-06 320856]
S1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-09-06 52568]
S1 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2011-10-21 17032]
S1 EUFDDISK;EUFDDISK; \??\C:\Windows\system32\drivers\EuFdDisk.sys [2011-10-21 185480]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2011-09-06 231376]
S1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-07-19 158000]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]
S2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
S2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-03-25 32368]
S2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2011-03-25 70768]
S2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2011-03-25 36400]
S2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2011-03-25 26352]
S2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2011-03-25 23792]
S2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2011-03-25 854256]
S2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2010-08-19 22448]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-13 46976]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\mog\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2009-07-13 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cg;cg; \??\C:\Users\mog\Desktop\tempp\cg.sys [2004-12-06 6528]
S3 cpuz126;cpuz126; \??\C:\Users\mog\AppData\Local\Temp\cpuz.sys []
S3 cpuz134;cpuz134; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
S3 echo1394;AudioFire service; C:\Windows\system32\DRIVERS\echo1394.sys [2009-12-14 81600]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver; C:\Windows\System32\Drivers\nx6000.sys [2010-12-13 30576]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 nvax;Service for NVIDIA® nForce™ Audio Enumerator; C:\Windows\system32\drivers\nvax.sys [2005-04-13 53376]
S3 nvnforce;Service for NVIDIA® nForce™ Audio; C:\Windows\system32\drivers\nvapu.sys [2005-04-13 414464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\Windows\system32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver; C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x86\Sandra.sys [2009-08-07 23112]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;tsusbhub; C:\Windows\system32\drivers\tsusbhub.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-05-10 42496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-07-19 104752]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EaseUS Agent;EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
S2 Guard Agent;Guard Agent; C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2010-12-13 135536]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-04-07 612456]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-07 2218600]
S2 RUBotSrv;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2011-03-25 113264]
S2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-03-25 334448]
S2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-03-25 404080]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-11-13 821608]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2009-10-20 117264]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-18 93848]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;Remote Desktop Services UserMode Port Redirector; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S4 gfi_backup_mcs;GFI Backup Management Console Service; C:\Program Files\GFI\GFI Backup Administration Console\backupmcs.exe [2010-04-27 99840]
S4 GFIBackupAdministrationConsole;GFI Backup Administration Console; C:\Program Files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe [2010-07-22 24645]
S4 GFIBckBAtt;GFI Backup Attendant Service; C:\Program Files\GFI\GFI Backup\GFIBInst.exe [2011-05-24 945520]
S4 GFIBckBSched;GFI Backup Scheduler Service; C:\Program Files\GFI\GFI Backup\GFIBSched.exe [2011-05-24 2613616]
S4 GFIBckDiskImage;GFI Backup DiskImage; C:\Program Files\GFI\GFI Backup\DiskImage\Win32\oodiag.exe [2011-05-18 2699264]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
  • 0

Common Fact Banner

#2 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 07 December 2011 - 02:56 PM

I forgot, Trojan Killer found and moved these:


GridinSoft Trojan Killer v.2.1.1.2
Report file date: 12/7/2011 8:39:04 AM

Scanning for 469694 virus strains and unwanted programs.

Licensed for: zoo@mail.ro
Serial number: 7RRR2-34J89-468ZZ-34645-M38QV
Windows version: Windows 7 Ultimate (version 6.1)
Username: mog
Computer name: MOG-PEECEE

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- C:\Windows\system32\wbem\performance\wmiaprpl_new.ini ---- General
Rogue.PTools
MD5: 2667367F9339639AF825E7122CE3B2A3:924
EP: 00
SEC:


----- HKCR\*\shellex\ContextMenuHandlers\SimpleShlExt ---- Registry
Rogue.UserProtection


----- C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AquaMark3\AquaMark3.lnk ---- General
Packed.SVKP
MD5: D5BCAB98BD5DCF0BD69F475AFFDFAE01:985
EP: 00
SEC:


----- C:\Users\mog\Downloads\Adobe.Dreamweaver.CS5.5.v11.5.Incl.Keymaker-CORE\CORE10k.EXE ---- General
not-a-virus.Keygen.Corel.VideoStudioPro
MD5: D581068E84510083DDEA45E821EBDE36:137728
RIC: 0600371F88A037636FF00097CC5A68F6:2216
EP: 60 BE 00 50 0F 01 8D BE 00 C0 30 FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:C31BA29B616772254CAE663772EDF9F7:132096
.rsrc:C0000040:4588C97B932EE7CFF9DA173E1D2373C1:4608


----- C:\Users\mog\Downloads\WinArchiver v2.3 Full via CORE\keygen.exe ---- General
W32/Heuristic-210!Eldorado!L
MD5: F54E7B672F93D0EDFEA5FEED870C8653:100352
RIC: 0600371F88A037636FF00097CC5A68F6:2216
EP: B8 00 69 49 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 08 E0 58 CF 18 11 E7 FA 74 FA 86 D4 9F 2F B0 86 0B C4 8C 34 D1 5E AA 52 B4 EC 4E 4F 68 8C
SEC:
.text:E0000020:F6C3CAD2133D72C9008A99C34275012B:92672
.rsrc:E0000020:B89EE6C974524484DD63AFCC6BF69502:6656


----- C:\Users\mog\Downloads\Windows_Loader_v2_0_9\Windows Loader\Windows Loader.exe ---- General
Generic.27.12191!L
ProdVer:
FileVer: 2.0.9.0
MD5: AB6675956F434085E7A387C7C76E8CEB:3687708
RIC: 205F779A84123720A1A57AF4222ED116:22384
EP: 60 BE 00 B0 58 00 8D BE 00 60 E7 FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 77 80 21 00 57 83 C3 04 53 68 95 F9 08 00 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90 55
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:6EE191226219D5E397EC711BC05B2577:591360
.rsrc:C0000040:3777B3C9D05828185B4A7003403830D0:27136


----- C:\Users\mog\utils\md5.exe ---- General
trojan.win32x.Generic.Virut
MD5: E5A1A4A431C25A1D8B2428066487FC45:101716
RIC: BB953344F1C28A2CA9948B2B30033984:744
EP: 9B DB E3 9B DB E2 D9 2D 00 A0 41 00 55 89 E5 E8 51 56 00 00 68 00 00 00 00 FF 15 BC 1D 40 00 A3 07 30 42 00 60 89 25 0B 30 42 00 E9 30 00 00 00 8B 25 0B 30 42 00 61 E8 79 13 01 00 E8 C9 56 00 00
SEC:
.idata:40000040:355BF15B319BC4AE54CCA305B45B07CA:4096
.rsrc:50000040:420F2B146ED94A79BA64E6DCC081B4D5:1024
.text:60000020:40981D51AF913C869BC11762F181199D:93696
.data:C0000040:C6BC3B69CC2E61B2CD55FA0A93221F31:1024
.bss:C0000080:00000000000000000000000000000000:0
IMPORTS:60000060:1AEE8776E30A5A224AC5193F1813853E:852


----- C:\Program Files\AquaMark3\aquamark.exe ---- General
Packed.SVKP
ProdVer: 3.00
FileVer: 3.00
Name : AquaMark
Company: Massive Development GmbH
NAC: 215C78624D266FACF6A538B65266D541:32
MD5: 9E5F46D20823CB05C60E0720ED75EAC8:4125696
RIC: 25D28099FF518EF88BA243867BFD266B:3600
EP: 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 9D 42 43 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E
SEC:
:C0000040:93C5ADD9375DE02E6A2BAF8914C6FE6D:3457024
:C0000040:C069B093B75614974C811F5A286DA351:331776
:C0000040:510EC50467CBF6BB46EAC64AE024D926:266240
:C0000040:FD40D3916937B059DAAA5EC28E67C24C:8192
.aqua:C0000040:33DCC447F51CC50A0E8B4CC80DD636F4:61440


Scan completed!

Scan result: 8 detected items
Scan completed in: Scan completed in 23 minute(s) 31 sec.
Files were scanned: 17364
  • 0

#3 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 08 December 2011 - 09:05 AM

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.




Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.


Also, please post the complete results of your last MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 11:46 AM

Logs from TDSS and MBAM:

08:45:42.0510 1588 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
08:45:42.0853 1588 ============================================================
08:45:42.0853 1588 Current date / time: 2011/12/08 08:45:42.0853
08:45:42.0853 1588 SystemInfo:
08:45:42.0853 1588
08:45:42.0853 1588 OS Version: 6.1.7601 ServicePack: 1.0
08:45:42.0853 1588 Product type: Workstation
08:45:42.0853 1588 ComputerName: MOG-PEECEE
08:45:42.0853 1588 UserName: mog
08:45:42.0853 1588 Windows directory: C:\Windows
08:45:42.0853 1588 System windows directory: C:\Windows
08:45:42.0853 1588 Processor architecture: Intel x86
08:45:42.0853 1588 Number of processors: 1
08:45:42.0854 1588 Page size: 0x1000
08:45:42.0854 1588 Boot type: Safe boot with network
08:45:42.0854 1588 ============================================================
08:45:43.0674 1588 Initialize success
08:45:47.0889 1992 ============================================================
08:45:47.0889 1992 Scan started
08:45:47.0889 1992 Mode: Manual; SigCheck; TDLFS;
08:45:47.0889 1992 ============================================================
08:45:48.0349 1992 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:45:48.0404 1992 1394ohci - ok
08:45:48.0453 1992 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\Windows\system32\DRIVERS\61883.sys
08:45:48.0477 1992 61883 - ok
08:45:48.0536 1992 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:45:48.0550 1992 ACPI - ok
08:45:48.0587 1992 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:45:48.0601 1992 AcpiPmi - ok
08:45:48.0657 1992 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:45:48.0675 1992 adp94xx - ok
08:45:48.0726 1992 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:45:48.0742 1992 adpahci - ok
08:45:48.0789 1992 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:45:48.0800 1992 adpu320 - ok
08:45:48.0870 1992 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:45:48.0886 1992 AFD - ok
08:45:48.0926 1992 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:45:48.0936 1992 agp440 - ok
08:45:48.0991 1992 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:45:49.0000 1992 aic78xx - ok
08:45:49.0061 1992 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:45:49.0070 1992 aliide - ok
08:45:49.0192 1992 ALSysIO - ok
08:45:49.0235 1992 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:45:49.0244 1992 amdagp - ok
08:45:49.0284 1992 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:45:49.0292 1992 amdide - ok
08:45:49.0319 1992 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:45:49.0341 1992 AmdK8 - ok
08:45:49.0369 1992 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:45:49.0380 1992 AmdPPM - ok
08:45:49.0437 1992 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:45:49.0447 1992 amdsata - ok
08:45:49.0660 1992 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:45:49.0671 1992 amdsbs - ok
08:45:49.0732 1992 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:45:49.0742 1992 amdxata - ok
08:45:49.0792 1992 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:45:49.0818 1992 AppID - ok
08:45:49.0889 1992 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:45:49.0910 1992 arc - ok
08:45:49.0937 1992 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:45:49.0948 1992 arcsas - ok
08:45:50.0028 1992 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
08:45:50.0060 1992 aswFsBlk - ok
08:45:50.0118 1992 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
08:45:50.0125 1992 aswMonFlt - ok
08:45:50.0180 1992 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
08:45:50.0188 1992 aswRdr - ok
08:45:50.0236 1992 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
08:45:50.0258 1992 aswSnx - ok
08:45:50.0306 1992 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
08:45:50.0320 1992 aswSP - ok
08:45:50.0364 1992 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
08:45:50.0372 1992 aswTdi - ok
08:45:50.0408 1992 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:45:50.0435 1992 AsyncMac - ok
08:45:50.0491 1992 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:45:50.0500 1992 atapi - ok
08:45:50.0575 1992 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\Windows\system32\DRIVERS\avc.sys
08:45:50.0598 1992 Avc - ok
08:45:50.0655 1992 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:45:50.0672 1992 b06bdrv - ok
08:45:50.0736 1992 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:45:50.0750 1992 b57nd60x - ok
08:45:50.0816 1992 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:45:50.0853 1992 Beep - ok
08:45:50.0906 1992 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:45:50.0917 1992 blbdrive - ok
08:45:50.0972 1992 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:45:50.0984 1992 bowser - ok
08:45:51.0026 1992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:45:51.0040 1992 BrFiltLo - ok
08:45:51.0072 1992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:45:51.0095 1992 BrFiltUp - ok
08:45:51.0152 1992 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:45:51.0167 1992 Brserid - ok
08:45:51.0196 1992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:45:51.0219 1992 BrSerWdm - ok
08:45:51.0246 1992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:45:51.0259 1992 BrUsbMdm - ok
08:45:51.0296 1992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:45:51.0308 1992 BrUsbSer - ok
08:45:51.0351 1992 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:45:51.0365 1992 BTHMODEM - ok
08:45:51.0416 1992 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:45:51.0443 1992 cdfs - ok
08:45:51.0499 1992 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:45:51.0511 1992 cdrom - ok
08:45:51.0637 1992 cg (4b61eac4e485109662376b8e1230e24d) C:\Users\mog\Desktop\tempp\cg.sys
08:45:51.0641 1992 cg ( UnsignedFile.Multi.Generic ) - warning
08:45:51.0641 1992 cg - detected UnsignedFile.Multi.Generic (1)
08:45:51.0686 1992 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:45:51.0700 1992 circlass - ok
08:45:51.0755 1992 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:45:51.0779 1992 CLFS - ok
08:45:51.0825 1992 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:45:51.0853 1992 CmBatt - ok
08:45:51.0888 1992 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:45:51.0907 1992 cmdide - ok
08:45:51.0950 1992 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:45:51.0980 1992 CNG - ok
08:45:52.0007 1992 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:45:52.0016 1992 Compbatt - ok
08:45:52.0072 1992 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:45:52.0095 1992 CompositeBus - ok
08:45:52.0208 1992 cpuz126 - ok
08:45:52.0295 1992 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
08:45:52.0302 1992 cpuz134 - ok
08:45:52.0372 1992 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
08:45:52.0378 1992 cpuz135 - ok
08:45:52.0415 1992 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:45:52.0423 1992 crcdisk - ok
08:45:52.0504 1992 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:45:52.0532 1992 CSC - ok
08:45:52.0591 1992 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
08:45:52.0604 1992 dc3d - ok
08:45:52.0692 1992 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:45:52.0727 1992 DfsC - ok
08:45:52.0776 1992 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:45:52.0803 1992 discache - ok
08:45:52.0840 1992 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:45:52.0850 1992 Disk - ok
08:45:52.0935 1992 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:45:52.0948 1992 drmkaud - ok
08:45:53.0009 1992 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:45:53.0042 1992 DXGKrnl - ok
08:45:53.0193 1992 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:45:53.0258 1992 ebdrv - ok
08:45:53.0340 1992 echo1394 (32665d5c8db4e178ed6d148b1a9204ba) C:\Windows\system32\DRIVERS\echo1394.sys
08:45:53.0351 1992 echo1394 - ok
08:45:53.0430 1992 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:45:53.0449 1992 elxstor - ok
08:45:53.0494 1992 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:45:53.0504 1992 ErrDev - ok
08:45:53.0590 1992 EUBAKUP (de3a2ea4d8adcb66a4a480d50c351f0d) C:\Windows\system32\drivers\eubakup.sys
08:45:53.0597 1992 EUBAKUP - ok
08:45:53.0635 1992 EUBKMON (c53eb687b7428ee0f106528ab0b1068f) C:\Windows\system32\drivers\EUBKMON.sys
08:45:53.0653 1992 EUBKMON - ok
08:45:53.0686 1992 EUDSKACS (bfc9821147b594257f1ebc4b55b5664c) C:\Windows\system32\drivers\eudskacs.sys
08:45:53.0692 1992 EUDSKACS - ok
08:45:53.0732 1992 EUFDDISK (f4a7310c48cba35a204a1442650ecd7c) C:\Windows\system32\drivers\EuFdDisk.sys
08:45:53.0742 1992 EUFDDISK - ok
08:45:53.0801 1992 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:45:53.0840 1992 exfat - ok
08:45:53.0882 1992 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:45:53.0921 1992 fastfat - ok
08:45:53.0965 1992 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:45:53.0977 1992 fdc - ok
08:45:54.0043 1992 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:45:54.0053 1992 FileInfo - ok
08:45:54.0090 1992 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:45:54.0118 1992 Filetrace - ok
08:45:54.0169 1992 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:45:54.0180 1992 flpydisk - ok
08:45:54.0232 1992 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:45:54.0245 1992 FltMgr - ok
08:45:54.0301 1992 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:45:54.0311 1992 FsDepends - ok
08:45:54.0349 1992 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:45:54.0358 1992 Fs_Rec - ok
08:45:54.0414 1992 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:45:54.0428 1992 fvevol - ok
08:45:54.0480 1992 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:45:54.0490 1992 gagp30kx - ok
08:45:54.0556 1992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:45:54.0564 1992 GEARAspiWDM - ok
08:45:54.0665 1992 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
08:45:54.0669 1992 giveio ( UnsignedFile.Multi.Generic ) - warning
08:45:54.0669 1992 giveio - detected UnsignedFile.Multi.Generic (1)
08:45:54.0759 1992 hcmon (51fa91bb463b15fd8eacd5045c3f2fa6) C:\Windows\system32\drivers\hcmon.sys
08:45:54.0777 1992 hcmon - ok
08:45:54.0804 1992 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:45:54.0816 1992 hcw85cir - ok
08:45:54.0869 1992 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:45:54.0883 1992 HDAudBus - ok
08:45:54.0921 1992 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:45:54.0933 1992 HidBatt - ok
08:45:54.0978 1992 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:45:54.0992 1992 HidBth - ok
08:45:55.0030 1992 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:45:55.0043 1992 HidIr - ok
08:45:55.0101 1992 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:45:55.0113 1992 HidUsb - ok
08:45:55.0188 1992 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:45:55.0198 1992 HpSAMD - ok
08:45:55.0279 1992 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:45:55.0313 1992 HTTP - ok
08:45:55.0371 1992 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:45:55.0379 1992 hwpolicy - ok
08:45:55.0427 1992 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:45:55.0440 1992 i8042prt - ok
08:45:55.0494 1992 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:45:55.0509 1992 iaStorV - ok
08:45:55.0560 1992 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:45:55.0569 1992 iirsp - ok
08:45:55.0632 1992 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:45:55.0641 1992 intelide - ok
08:45:55.0684 1992 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:45:55.0697 1992 intelppm - ok
08:45:55.0750 1992 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:45:55.0787 1992 IpFilterDriver - ok
08:45:55.0850 1992 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:45:55.0862 1992 IPMIDRV - ok
08:45:55.0903 1992 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:45:55.0931 1992 IPNAT - ok
08:45:55.0991 1992 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:45:56.0005 1992 IRENUM - ok
08:45:56.0076 1992 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:45:56.0095 1992 isapnp - ok
08:45:56.0135 1992 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:45:56.0159 1992 iScsiPrt - ok
08:45:56.0192 1992 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:45:56.0201 1992 kbdclass - ok
08:45:56.0256 1992 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:45:56.0278 1992 kbdhid - ok
08:45:56.0338 1992 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:45:56.0348 1992 KSecDD - ok
08:45:56.0381 1992 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:45:56.0392 1992 KSecPkg - ok
08:45:56.0483 1992 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:45:56.0516 1992 lltdio - ok
08:45:56.0602 1992 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:45:56.0612 1992 LSI_FC - ok
08:45:56.0642 1992 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:45:56.0663 1992 LSI_SAS - ok
08:45:56.0692 1992 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:45:56.0701 1992 LSI_SAS2 - ok
08:45:56.0741 1992 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:45:56.0750 1992 LSI_SCSI - ok
08:45:56.0793 1992 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:45:56.0828 1992 luafv - ok
08:45:56.0912 1992 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
08:45:56.0921 1992 ManyCam - ok
08:45:57.0014 1992 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
08:45:57.0031 1992 mcdbus ( UnsignedFile.Multi.Generic ) - warning
08:45:57.0031 1992 mcdbus - detected UnsignedFile.Multi.Generic (1)
08:45:57.0073 1992 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:45:57.0092 1992 megasas - ok
08:45:57.0124 1992 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:45:57.0137 1992 MegaSR - ok
08:45:57.0192 1992 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:45:57.0230 1992 Modem - ok
08:45:57.0257 1992 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:45:57.0282 1992 monitor - ok
08:45:57.0327 1992 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:45:57.0346 1992 mouclass - ok
08:45:57.0386 1992 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:45:57.0409 1992 mouhid - ok
08:45:57.0453 1992 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:45:57.0473 1992 mountmgr - ok
08:45:57.0526 1992 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:45:57.0537 1992 mpio - ok
08:45:57.0574 1992 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:45:57.0610 1992 mpsdrv - ok
08:45:57.0668 1992 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:45:57.0686 1992 MRxDAV - ok
08:45:57.0735 1992 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:45:57.0752 1992 mrxsmb - ok
08:45:57.0799 1992 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:45:57.0814 1992 mrxsmb10 - ok
08:45:57.0860 1992 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:45:57.0872 1992 mrxsmb20 - ok
08:45:57.0930 1992 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:45:57.0939 1992 msahci - ok
08:45:57.0992 1992 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:45:58.0002 1992 msdsm - ok
08:45:58.0076 1992 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:45:58.0114 1992 Msfs - ok
08:45:58.0158 1992 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:45:58.0184 1992 mshidkmdf - ok
08:45:58.0231 1992 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
08:45:58.0239 1992 MSHUSBVideo - ok
08:45:58.0284 1992 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:45:58.0292 1992 msisadrv - ok
08:45:58.0358 1992 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:45:58.0385 1992 MSKSSRV - ok
08:45:58.0430 1992 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:45:58.0467 1992 MSPCLOCK - ok
08:45:58.0497 1992 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:45:58.0534 1992 MSPQM - ok
08:45:58.0573 1992 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:45:58.0595 1992 MsRPC - ok
08:45:58.0637 1992 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:45:58.0656 1992 mssmbios - ok
08:45:58.0690 1992 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:45:58.0727 1992 MSTEE - ok
08:45:58.0756 1992 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:45:58.0778 1992 MTConfig - ok
08:45:58.0823 1992 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:45:58.0842 1992 Mup - ok
08:45:58.0904 1992 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:45:58.0923 1992 NativeWifiP - ok
08:45:58.0990 1992 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:45:59.0012 1992 NDIS - ok
08:45:59.0059 1992 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:45:59.0097 1992 NdisCap - ok
08:45:59.0126 1992 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:45:59.0162 1992 NdisTapi - ok
08:45:59.0215 1992 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:45:59.0241 1992 Ndisuio - ok
08:45:59.0291 1992 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:45:59.0319 1992 NdisWan - ok
08:45:59.0366 1992 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:45:59.0402 1992 NDProxy - ok
08:45:59.0442 1992 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:45:59.0486 1992 NetBIOS - ok
08:45:59.0543 1992 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:45:59.0572 1992 NetBT - ok
08:45:59.0686 1992 netr28 (652881f65b35564575255a0e05e23c55) C:\Windows\system32\DRIVERS\netr28.sys
08:45:59.0717 1992 netr28 - ok
08:45:59.0788 1992 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:45:59.0797 1992 nfrd960 - ok
08:45:59.0887 1992 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
08:45:59.0906 1992 NPF - ok
08:45:59.0944 1992 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:45:59.0982 1992 Npfs - ok
08:46:00.0041 1992 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:46:00.0068 1992 nsiproxy - ok
08:46:00.0168 1992 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:46:00.0200 1992 Ntfs - ok
08:46:00.0254 1992 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:46:00.0262 1992 NuidFltr - ok
08:46:00.0315 1992 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:46:00.0352 1992 Null - ok
08:46:00.0416 1992 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\Windows\system32\drivers\nvax.sys
08:46:00.0429 1992 nvax - ok
08:46:00.0488 1992 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
08:46:00.0505 1992 NVENETFD - ok
08:46:00.0771 1992 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:46:00.0996 1992 nvlddmkm - ok
08:46:01.0063 1992 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\Windows\system32\drivers\nvapu.sys
08:46:01.0091 1992 nvnforce - ok
08:46:01.0141 1992 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:46:01.0162 1992 nvraid - ok
08:46:01.0213 1992 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:46:01.0225 1992 nvstor - ok
08:46:01.0292 1992 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:46:01.0303 1992 nv_agp - ok
08:46:01.0354 1992 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:46:01.0366 1992 ohci1394 - ok
08:46:01.0494 1992 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:46:01.0506 1992 Parport - ok
08:46:01.0559 1992 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:46:01.0569 1992 partmgr - ok
08:46:01.0625 1992 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:46:01.0637 1992 Parvdm - ok
08:46:01.0692 1992 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:46:01.0714 1992 pci - ok
08:46:01.0749 1992 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:46:01.0757 1992 pciide - ok
08:46:01.0806 1992 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:46:01.0819 1992 pcmcia - ok
08:46:01.0868 1992 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:46:01.0877 1992 pcw - ok
08:46:01.0934 1992 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:46:01.0980 1992 PEAUTH - ok
08:46:02.0135 1992 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
08:46:02.0153 1992 Point32 - ok
08:46:02.0228 1992 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:46:02.0255 1992 PptpMiniport - ok
08:46:02.0294 1992 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:46:02.0307 1992 Processor - ok
08:46:02.0372 1992 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:46:02.0411 1992 Psched - ok
08:46:02.0447 1992 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
08:46:02.0464 1992 PxHelp20 - ok
08:46:02.0559 1992 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:46:02.0595 1992 ql2300 - ok
08:46:02.0639 1992 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:46:02.0661 1992 ql40xx - ok
08:46:02.0699 1992 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:46:02.0724 1992 QWAVEdrv - ok
08:46:02.0752 1992 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:46:02.0791 1992 RasAcd - ok
08:46:02.0840 1992 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:46:02.0866 1992 RasAgileVpn - ok
08:46:02.0920 1992 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:46:02.0949 1992 Rasl2tp - ok
08:46:03.0004 1992 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:46:03.0042 1992 RasPppoe - ok
08:46:03.0073 1992 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:46:03.0109 1992 RasSstp - ok
08:46:03.0169 1992 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:46:03.0198 1992 rdbss - ok
08:46:03.0241 1992 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:46:03.0254 1992 rdpbus - ok
08:46:03.0313 1992 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:46:03.0348 1992 RDPCDD - ok
08:46:03.0402 1992 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:46:03.0415 1992 RDPDR - ok
08:46:03.0450 1992 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:46:03.0485 1992 RDPENCDD - ok
08:46:03.0540 1992 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:46:03.0564 1992 RDPREFMP - ok
08:46:03.0620 1992 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
08:46:03.0630 1992 RdpVideoMiniport - ok
08:46:03.0688 1992 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:46:03.0726 1992 RDPWD - ok
08:46:03.0778 1992 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:46:03.0790 1992 rdyboost - ok
08:46:03.0912 1992 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:46:03.0939 1992 rspndr - ok
08:46:04.0012 1992 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\Windows\system32\DRIVERS\RT61.sys
08:46:04.0038 1992 RT61 - ok
08:46:04.0092 1992 rt61x86 (e70dab50dc67d4037a612384d649313f) C:\Windows\system32\DRIVERS\WMP54Gv41x86.sys
08:46:04.0106 1992 rt61x86 - ok
08:46:04.0195 1992 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:46:04.0215 1992 s3cap - ok
08:46:04.0342 1992 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x86\Sandra.sys
08:46:04.0350 1992 SANDRA - ok
08:46:04.0418 1992 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:46:04.0426 1992 SASDIFSV - ok
08:46:04.0466 1992 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:46:04.0473 1992 SASKUTIL - ok
08:46:04.0537 1992 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\DRIVERS\sbp2port.sys
08:46:04.0547 1992 sbp2port - ok
08:46:04.0609 1992 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:46:04.0634 1992 scfilter - ok
08:46:04.0724 1992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:46:04.0750 1992 secdrv - ok
08:46:04.0848 1992 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:46:04.0860 1992 Serenum - ok
08:46:04.0901 1992 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:46:04.0914 1992 Serial - ok
08:46:04.0965 1992 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:46:04.0977 1992 sermouse - ok
08:46:05.0069 1992 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:46:05.0092 1992 sffdisk - ok
08:46:05.0122 1992 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:46:05.0135 1992 sffp_mmc - ok
08:46:05.0174 1992 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:46:05.0188 1992 sffp_sd - ok
08:46:05.0235 1992 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:46:05.0247 1992 sfloppy - ok
08:46:05.0318 1992 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:46:05.0328 1992 sisagp - ok
08:46:05.0367 1992 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:46:05.0376 1992 SiSRaid2 - ok
08:46:05.0416 1992 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:46:05.0426 1992 SiSRaid4 - ok
08:46:05.0478 1992 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:46:05.0506 1992 Smb - ok
08:46:05.0608 1992 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
08:46:05.0618 1992 speedfan - ok
08:46:05.0667 1992 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:46:05.0676 1992 spldr - ok
08:46:05.0764 1992 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:46:05.0790 1992 srv - ok
08:46:05.0844 1992 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:46:05.0860 1992 srv2 - ok
08:46:05.0890 1992 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:46:05.0914 1992 srvnet - ok
08:46:05.0977 1992 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:46:05.0986 1992 stexstor - ok
08:46:06.0041 1992 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:46:06.0049 1992 storflt - ok
08:46:06.0097 1992 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:46:06.0106 1992 storvsc - ok
08:46:06.0139 1992 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:46:06.0159 1992 swenum - ok
08:46:06.0197 1992 Synth3dVsc - ok
08:46:06.0318 1992 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:46:06.0362 1992 Tcpip - ok
08:46:06.0434 1992 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:46:06.0478 1992 TCPIP6 - ok
08:46:06.0541 1992 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:46:06.0567 1992 tcpipreg - ok
08:46:06.0626 1992 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:46:06.0668 1992 TDPIPE - ok
08:46:06.0715 1992 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:46:06.0741 1992 TDTCP - ok
08:46:06.0796 1992 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:46:06.0822 1992 tdx - ok
08:46:06.0868 1992 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:46:06.0876 1992 TermDD - ok
08:46:06.0989 1992 truecrypt (746b8cf9cededdd865472544edf626da) C:\Windows\system32\drivers\truecrypt.sys
08:46:07.0000 1992 truecrypt - ok
08:46:07.0072 1992 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:46:07.0107 1992 tssecsrv - ok
08:46:07.0167 1992 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:46:07.0179 1992 TsUsbFlt - ok
08:46:07.0217 1992 tsusbhub - ok
08:46:07.0259 1992 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:46:07.0296 1992 tunnel - ok
08:46:07.0346 1992 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:46:07.0356 1992 uagp35 - ok
08:46:07.0406 1992 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:46:07.0441 1992 udfs - ok
08:46:07.0564 1992 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:46:07.0574 1992 uliagpkx - ok
08:46:07.0626 1992 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:46:07.0638 1992 umbus - ok
08:46:07.0696 1992 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:46:07.0717 1992 UmPass - ok
08:46:07.0791 1992 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:46:07.0801 1992 USBAAPL - ok
08:46:07.0855 1992 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
08:46:07.0871 1992 usbaudio - ok
08:46:07.0922 1992 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:46:07.0935 1992 usbccgp - ok
08:46:07.0986 1992 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:46:08.0006 1992 usbcir - ok
08:46:08.0060 1992 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:46:08.0072 1992 usbehci - ok
08:46:08.0133 1992 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:46:08.0159 1992 usbhub - ok
08:46:08.0217 1992 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
08:46:08.0229 1992 usbohci - ok
08:46:08.0275 1992 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:46:08.0289 1992 usbprint - ok
08:46:08.0329 1992 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:46:08.0351 1992 USBSTOR - ok
08:46:08.0386 1992 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
08:46:08.0408 1992 usbuhci - ok
08:46:08.0448 1992 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
08:46:08.0474 1992 usbvideo - ok
08:46:08.0564 1992 VBoxDrv (30c64b663efebc34c0070838bcca32ef) C:\Windows\system32\DRIVERS\VBoxDrv.sys
08:46:08.0575 1992 VBoxDrv - ok
08:46:08.0628 1992 VBoxNetAdp (3d4b1f1f81ef8813348c01081f8b2a17) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
08:46:08.0637 1992 VBoxNetAdp - ok
08:46:08.0690 1992 VBoxUSBMon (6aeaf649ef06dbb3f83efe2249472e38) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
08:46:08.0698 1992 VBoxUSBMon - ok
08:46:08.0746 1992 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:46:08.0754 1992 vdrvroot - ok
08:46:08.0817 1992 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:46:08.0840 1992 vga - ok
08:46:08.0871 1992 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:46:08.0908 1992 VgaSave - ok
08:46:08.0936 1992 VGPU - ok
08:46:08.0989 1992 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:46:09.0001 1992 vhdmp - ok
08:46:09.0048 1992 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:46:09.0058 1992 viaagp - ok
08:46:09.0103 1992 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:46:09.0115 1992 ViaC7 - ok
08:46:09.0158 1992 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:46:09.0167 1992 viaide - ok
08:46:09.0250 1992 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:46:09.0262 1992 vmbus - ok
08:46:09.0323 1992 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:46:09.0344 1992 VMBusHID - ok
08:46:09.0401 1992 vmci (6bf7fef91d45fd2c68d71d454243e46d) C:\Windows\system32\Drivers\vmci.sys
08:46:09.0409 1992 vmci - ok
08:46:09.0482 1992 vmkbd (27df4aece721961f9c9064a31790f2ea) C:\Windows\system32\drivers\VMkbd.sys
08:46:09.0490 1992 vmkbd - ok
08:46:09.0542 1992 VMnetAdapter (e41704d8149992107b333cc7a52c07cc) C:\Windows\system32\DRIVERS\vmnetadapter.sys
08:46:09.0549 1992 VMnetAdapter - ok
08:46:09.0607 1992 VMnetBridge (462f2a31ea8b87a28962aca998df1869) C:\Windows\system32\DRIVERS\vmnetbridge.sys
08:46:09.0614 1992 VMnetBridge - ok
08:46:09.0672 1992 VMnetuserif (79bf063792ecbce9bb065090a60a1e7c) C:\Windows\system32\drivers\vmnetuserif.sys
08:46:09.0679 1992 VMnetuserif - ok
08:46:09.0731 1992 VMparport (e8f328e819e12629eaa80f9e6aab42a3) C:\Windows\system32\Drivers\VMparport.sys
08:46:09.0738 1992 VMparport - ok
08:46:09.0873 1992 vmx86 (ba3992252dd311ce41fafe565244fa6f) C:\Windows\system32\Drivers\vmx86.sys
08:46:09.0906 1992 vmx86 - ok
08:46:09.0965 1992 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:46:09.0975 1992 volmgr - ok
08:46:10.0029 1992 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:46:10.0044 1992 volmgrx - ok
08:46:10.0103 1992 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:46:10.0118 1992 volsnap - ok
08:46:10.0166 1992 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:46:10.0177 1992 vsmraid - ok
08:46:10.0311 1992 vstor2-ws60 (98929c5c5314c4c048e2f60492c26723) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
08:46:10.0318 1992 vstor2-ws60 - ok
08:46:10.0365 1992 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:46:10.0378 1992 vwifibus - ok
08:46:10.0454 1992 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:46:10.0476 1992 WacomPen - ok
08:46:10.0528 1992 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:46:10.0553 1992 WANARP - ok
08:46:10.0573 1992 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:46:10.0616 1992 Wanarpv6 - ok
08:46:10.0703 1992 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:46:10.0722 1992 Wd - ok
08:46:10.0761 1992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:46:10.0790 1992 Wdf01000 - ok
08:46:10.0916 1992 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:46:10.0944 1992 WfpLwf - ok
08:46:10.0992 1992 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:46:11.0000 1992 WIMMount - ok
08:46:11.0191 1992 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:46:11.0215 1992 WinUsb - ok
08:46:11.0291 1992 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:46:11.0303 1992 WmiAcpi - ok
08:46:11.0415 1992 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:46:11.0442 1992 ws2ifsl - ok
08:46:11.0557 1992 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:46:11.0593 1992 WudfPf - ok
08:46:11.0630 1992 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:46:11.0674 1992 WUDFRd - ok
08:46:11.0791 1992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:46:11.0891 1992 \Device\Harddisk0\DR0 - ok
08:46:11.0910 1992 Boot (0x1200) (5879961be247589e8062a280396df181) \Device\Harddisk0\DR0\Partition0
08:46:11.0912 1992 \Device\Harddisk0\DR0\Partition0 - ok
08:46:11.0945 1992 Boot (0x1200) (4767449cf97acc62dc6bf4407e937e11) \Device\Harddisk0\DR0\Partition1
08:46:11.0946 1992 \Device\Harddisk0\DR0\Partition1 - ok
08:46:11.0982 1992 Boot (0x1200) (fa5fd69bdf410f5f5123bd9c63f44795) \Device\Harddisk0\DR0\Partition2
08:46:11.0984 1992 \Device\Harddisk0\DR0\Partition2 - ok
08:46:11.0990 1992 ============================================================
08:46:11.0990 1992 Scan finished
08:46:11.0990 1992 ============================================================
08:46:12.0014 1756 Detected object count: 3
08:46:12.0014 1756 Actual detected object count: 3
08:46:15.0466 1756 cg ( UnsignedFile.Multi.Generic ) - skipped by user
08:46:15.0466 1756 cg ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:46:15.0471 1756 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
08:46:15.0471 1756 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:46:15.0477 1756 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
08:46:15.0477 1756 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:46:17.0796 1932 Deinitialize success


============================================================================

My latest Malwarebyte's Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8327

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.7601.17514

12/8/2011 9:05:25 AM
mbam-log-2011-12-08 (09-05-25).txt

Scan type: Quick scan
Objects scanned: 189213
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by bummerman, 08 December 2011 - 12:08 PM.

  • 0

#5 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 11:58 AM

Regarding Malwarebyte's logs:

I have logs with two different naming conventions.

for example:
mbam-log-2011-12-08 (08-27-34).txt

and:
protection-log-2011-11-25.txt

the former in: C:\Users\mog\AppData\Roaming\Malwarebytes

the latter in: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs


Furthermore, in C:\Users\mog\AppData, the following directories exist:

Local
LocalLow
Roaming

Another oddity is when I boot normal, having UAC enabled now (it had been disabled previously per my volition), and I click on "show processes from all users" in task manager, I get a UAC permission prompt for taskmgr.exe, but the author is unknown, and if I hover the cursor over the file location, the directory show "C:\Windows\System32\taskmgr.exe /1".
when I look at my system32 directory with or without showing hidden files, I only see 1 taskmgr.exe
  • 0

#6 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 12:01 PM

Under C:\Users I have

mog
Public
UpdatusUser
UpdatusUser.mog-PeeCee
  • 0

#7 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 08 December 2011 - 01:16 PM

I don't use Windows 7 so I can't tell if those subfolders in C:\Users\mog\AppData are normal or not. Do they have recent creation dates? Is there anything inside them?

TDDSKiller provided an UnsignedFile.Multi.Generic warning on these three files.

C:\Users\mog\Desktop\tempp\cg.sys
C:\Windows\system32\giveio.sys
C:\Windows\system32\DRIVERS\mcdbus.sys

Get a second opinion. Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.


-- Post back with the results of the file analysis.



If you are are using a CD Emulator (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infection, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results and false detections. This often often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by CM Emulators. Since this is the case, please follow these instructions to disable CD Emulators until disinfection is completed. Or for a complete uninstall, and so our tools may run unhindered, please follow the steps on DuplexSecure's FAQ page for uninstalling the SPTD driver which these emulators use. They can be re-installed after your machine has been cleaned.


Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix.

  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them. The list is not all inclusive.

Note: ComboFix may require some anti-virus programs to be uninstalled before running the tool. Why? Due to recent changes they "falsely" target ComboFix's embedded files as a threat and may remove them. If some of these files are removed, ComboFix will not perform its routines properly and may cause damaging or "unpredictable results". If you have difficulty uninstalling the anti-virus, download and use Opswat AppRemover.

  • Install the Windows Recovery Console if using Windows XP. As part of it's routine, ComboFix will check to see if the Recovery Console is installed before attempting to remove any malware. If not installed, ComboFix will not attempt to fix some serious infections. The Recovery Console will allow you to boot into a special repair mode should your computer encounter any problems during the disinfection process.
-- if using Vista or Windows 7, just skip the Recovery Console part as you can use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry.

  • ComboFix will begin by showing a Disclaimer. Be sure to read it and click I Agree if you want to continue.


    Posted Image
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.

-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#8 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 03:27 PM

Combofix reports aVast as running when they are not? I'm booted into safe mode with networking. Also using Revo Uninstaller it found files left over called "rootkit.dll" and other suspicious files all the other steps missed.
  • 0

#9 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 08 December 2011 - 03:48 PM

Combofix is optimized to run from normal mode where it is most effective. However, it should run ok in safe mode if you are having trouble getting it to run or loading Windows in normal mode.
  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#10 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 05:19 PM

I ran Combofix three times. The latest results file shows that the logs are somewhere, because it renamed it in the log to Combofix3log - but I can't seem to find the other logs. Where are they stored? I will report all three logs.
  • 0

#11 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 08 December 2011 - 05:32 PM

ComboFix will create and save a log to the root directory, usually C:\ComboFix.txt. To retrieve the log, launch Windows Explorer, navigate to the root directory (C:\) and double-click on it to open in Notepad. To open and view the log file automatically:
  • Go to Posted Image > Run..., then copy and paste this command into the Open box:
    notepad %SystemDrive%\ComboFix.txt
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.

  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#12 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 07:36 PM

Results from 1st Combofix run. Holy garbage. Look at the other deletions!

ComboFix 11-12-08.01 - mog 12/08/2011 12:26:44.1.1 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3072.2659 [GMT -8:00]
Running from: c:\users\mog\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mog\001.flv
c:\users\mog\AppData\Local\TempDIR
c:\users\mog\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\searchplugins\bing-zugo.xml
c:\users\mog\Documents\palemoon-5.0-installer.tmp
c:\windows\InstallDir
c:\windows\security\Database\tmp.edb
c:\windows\system32\~.inf
c:\windows\system32\accessibilitycpl.dll.xpize
c:\windows\system32\ActionCenter.dll.xpize
c:\windows\system32\ActionCenterCPL.dll.xpize
c:\windows\system32\AuthFWGP.dll.xpize
c:\windows\system32\authui.dll.xpize
c:\windows\system32\autoplay.dll.xpize
c:\windows\system32\batmeter.dll.xpize
c:\windows\system32\comres.dll.xpize
c:\windows\system32\DDORes.dll.xpize
c:\windows\system32\DeviceCenter.dll.xpize
c:\windows\system32\devmgr.dll.xpize
c:\windows\system32\DiagCpl.dll.xpize
c:\windows\system32\Display.dll.xpize
c:\windows\system32\ExplorerFrame.dll.xpize
c:\windows\system32\filemgmt.dll.xpize
c:\windows\system32\FirewallControlPanel.dll.xpize
c:\windows\system32\fontext.dll.xpize
c:\windows\system32\fvecpl.dll.xpize
c:\windows\system32\gameux.dll.xpize
c:\windows\system32\hotplug.dll.xpize
c:\windows\system32\ieframe.dll.xpize
c:\windows\system32\imageres.dll.xpize
c:\windows\system32\imagesp1.dll.xpize
c:\windows\system32\iscsicpl.dll.xpize
c:\windows\system32\miguiresource.dll.xpize
c:\windows\system32\mmres.dll.xpize
c:\windows\system32\mycomput.dll.xpize
c:\windows\system32\mydocs.dll.xpize
c:\windows\system32\netcenter.dll.xpize
c:\windows\system32\NetProjW.dll.xpize
c:\windows\system32\netshell.dll.xpize
c:\windows\system32\networkexplorer.dll.xpize
c:\windows\system32\odbcint.dll.xpize
c:\windows\system32\OobeFldr.dll.xpize
c:\windows\system32\PerfCenterCPL.dll.xpize
c:\windows\system32\pmcsnap.dll.xpize
c:\windows\system32\pnidui.dll.xpize
c:\windows\system32\pnpui.dll.xpize
c:\windows\system32\powercpl.dll.xpize
c:\windows\system32\sdcpl.dll.xpize
c:\windows\system32\SensorsCpl.dll.xpize
c:\windows\system32\shell32.dll.xpize
c:\windows\system32\SndVolSSO.dll.xpize
c:\windows\system32\srchadmin.dll.xpize
c:\windows\system32\stobject.dll.xpize
c:\windows\system32\SyncCenter.dll.xpize
c:\windows\system32\taskbarcpl.dll.xpize
c:\windows\system32\themecpl.dll.xpize
c:\windows\system32\TSWorkspace.dll.xpize
c:\windows\system32\usercpl.dll.xpize
c:\windows\system32\Vault.dll.xpize
c:\windows\system32\wdc.dll.xpize
c:\windows\system32\wmploc.DLL.xpize
c:\windows\system32\wpccpl.dll.xpize
c:\windows\system32\wsecedit.dll.xpize
c:\windows\system32\wucltux.dll.xpize
E:\explorer.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 17:49 . 2011-12-08 17:49 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-12-07 19:31 . 2011-12-07 19:31 -------- d-----w- c:\programdata\F-Secure
2011-12-07 19:12 . 2011-12-07 19:12 -------- d-----w- c:\program files\ESET
2011-12-07 18:05 . 2011-12-07 18:05 -------- d-----w- C:\rsit
2011-12-07 15:59 . 2011-12-07 15:59 -------- d-----w- c:\programdata\Trend Micro
2011-12-07 15:49 . 2011-12-07 15:49 -------- d-----w- c:\program files\WinPcap
2011-12-07 15:44 . 2011-12-07 17:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-12-07 14:01 . 2011-12-07 14:01 -------- d--h--w- c:\windows\PIF
2011-12-07 12:14 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:08 . 2011-12-07 19:44 -------- d-----w- c:\program files\Trend Micro
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- c:\program files\Recuva
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- C:\Extracted
2011-12-06 13:31 . 2011-12-07 11:57 -------- d-----w- c:\program files\ReClock
2011-12-05 20:47 . 2011-12-05 20:47 -------- d-----w- c:\windows\Java
2011-12-05 20:47 . 2010-08-22 21:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-12-05 20:44 . 2011-12-06 13:46 -------- d-----w- c:\programdata\Yahoo!
2011-12-05 20:44 . 2011-12-06 13:47 -------- d-----w- c:\program files\Yahoo!
2011-12-04 23:27 . 2011-03-26 07:42 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-12-04 23:27 . 2011-03-26 07:42 404080 ----a-w- c:\windows\system32\vmnat.exe
2011-12-04 23:27 . 2011-03-26 07:40 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-12-04 23:26 . 2011-03-26 07:42 760432 ----a-w- c:\windows\system32\vnetlib.dll
2011-12-04 23:25 . 2011-03-26 07:41 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-12-04 23:23 . 2011-12-04 23:23 -------- d-----w- c:\program files\Common Files\VMware
2011-12-04 23:21 . 2011-12-08 18:09 -------- d-----w- c:\programdata\VMware
2011-12-04 23:21 . 2011-12-04 23:21 -------- d-----w- c:\program files\VMware
2011-12-04 22:44 . 2011-12-04 22:44 -------- d-----w- c:\program files\WinArchiver
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\programdata\ashampoo
2011-12-04 22:12 . 2011-12-04 22:32 -------- d-----w- c:\program files\Ashampoo
2011-12-04 21:57 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-12-02 18:04 . 1999-10-21 19:12 20400 ----a-w- c:\windows\system32\drivers\entech.sys
2011-12-02 18:04 . 2011-12-07 17:06 -------- d-----w- c:\program files\AquaMark3
2011-12-02 11:57 . 2011-12-02 11:57 -------- d-----w- c:\program files\Lunascape
2011-12-02 07:41 . 2011-12-02 07:42 -------- d-----w- c:\program files\Echo FireWire
2011-12-01 20:57 . 2011-12-01 20:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-12-01 15:29 . 2011-12-02 08:59 -------- d-----w- c:\program files\Microsoft LifeCam
2011-12-01 15:25 . 2011-12-04 18:44 -------- d-----w- c:\users\UpdatusUser.mog-PeeCee
2011-12-01 15:21 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-12-01 15:21 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-12-01 15:21 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-01 15:21 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-01 15:21 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-01 15:21 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-01 15:21 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-01 15:21 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-01 15:21 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-01 15:09 . 2011-12-01 16:36 -------- d-----w- c:\program files\Driver-Soft
2011-12-01 12:27 . 2011-12-01 12:27 -------- d-----w- c:\program files\Defraggler
2011-12-01 09:31 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-01 09:31 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-30 12:25 . 2011-11-30 12:26 -------- d-----w- c:\program files\ManyCam
2011-11-30 07:52 . 2010-11-20 12:21 525824 ----a-w- c:\windows\system32\usercpl.dll
2011-11-30 04:38 . 2011-11-30 07:35 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.0
2011-11-30 04:33 . 2011-12-04 21:57 -------- d-----w- c:\program files\MagicDisc
2011-11-29 15:43 . 2011-12-01 09:30 -------- d-----w- c:\program files\iPod
2011-11-29 15:43 . 2011-12-01 09:31 -------- d-----w- c:\program files\iTunes
2011-11-25 23:05 . 2011-12-07 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 20:52 . 2011-11-25 20:52 -------- d-----w- C:\BOOT
2011-11-25 14:05 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-25 14:05 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-25 14:05 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-25 14:05 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-25 14:05 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 14:05 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-25 14:05 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-25 14:05 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-25 14:05 . 2011-11-25 14:05 -------- d-----w- c:\programdata\AVAST Software
2011-11-25 14:05 . 2011-11-25 14:05 -------- d-----w- c:\program files\AVAST Software
2011-11-25 12:09 . 2011-12-02 09:39 360960 --sha-w- C:\EUMONBMP.SYS
2011-11-25 12:08 . 2011-11-25 12:09 -------- d-----w- c:\program files\Surf Canyon
2011-11-25 12:02 . 2011-10-22 06:46 185480 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-11-25 12:02 . 2011-10-22 06:46 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-11-25 12:02 . 2011-10-22 06:46 39560 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-11-25 12:02 . 2011-10-22 06:46 43656 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-11-25 11:58 . 2011-10-22 06:47 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\program files\EaseUS
2011-11-25 09:15 . 2011-11-25 09:15 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-25 09:15 . 2011-11-25 09:15 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-25 09:15 . 2011-11-25 09:15 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-25 09:15 . 2011-11-25 09:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-25 09:15 . 2011-11-25 09:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-25 09:15 . 2011-11-25 09:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-25 09:15 . 2011-11-25 09:15 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-25 09:15 . 2011-11-25 09:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-25 09:14 . 2011-11-25 09:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-11-25 09:14 . 2011-11-25 09:14 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-25 09:13 . 2011-11-25 09:13 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-25 09:13 . 2011-11-25 09:13 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-25 09:12 . 2011-11-25 09:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-25 09:12 . 2011-11-25 09:12 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-11-25 09:12 . 2011-11-25 09:12 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-11-25 09:11 . 2011-11-25 09:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-25 09:10 . 2011-10-20 06:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 21:14 . 2011-12-01 16:37 -------- d-----w- c:\programdata\IObit
2011-11-24 21:13 . 2011-11-24 21:13 -------- d-----w- c:\program files\IObit
2011-11-24 21:09 . 2011-11-24 21:10 1617955 ----a-w- c:\program files\Winrar_4.10_32bit.exe
2011-11-24 16:27 . 2011-11-30 07:35 -------- d-----w- c:\program files\XWindows Dock
2011-11-24 07:15 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-11-24 07:15 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-11-24 06:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-24 05:45 . 2011-11-30 07:35 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 05:39 . 2010-11-20 12:30 153984 ----a-w- c:\windows\system32\drivers\pci.sys
2011-11-24 05:38 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 05:38 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-11-24 04:35 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-24 04:35 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-24 04:35 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-24 04:35 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-24 04:35 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-11-24 04:35 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-11-24 04:35 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-11-24 04:35 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-11-24 04:35 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-11-24 04:35 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-24 04:34 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-24 04:34 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-24 04:07 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-24 04:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-24 04:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-24 03:57 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-11-24 03:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-24 02:54 . 2011-12-08 20:13 -------- d-----w- c:\windows\system32\wbem\Performance
2011-11-24 02:09 . 2011-12-08 20:32 -------- d-----w- c:\users\mog
2011-11-24 02:06 . 2011-12-08 17:27 -------- d-sh--w- c:\windows\Installer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 07:52 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-11-30 07:52 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-24 06:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:49 . 2011-08-16 08:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 12:01 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-22 11:18 . 2007-07-03 23:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-22 11:18 . 2007-07-03 23:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-03 12:06 . 2011-08-07 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-16 22:12 . 2011-10-22 11:17 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe
2011-09-16 22:12 . 2011-10-22 11:17 143240 ----a-w- c:\program files\Common Files\ApnStub.exe
2010-01-26 18:11 . 2011-10-22 11:17 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-08-12 05:57 . 2011-08-28 02:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 3BD6181D61A88FCC48FCBAF937A7FE2E . 1383424 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[7] 2011-11-25 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-11-25 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-11-25 . 7E16BE9F2BC4D57D5A320DE994F85D81 . 2567168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-11-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2011-11-25 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}]
2011-09-05 16:55 138032 ----a-w- c:\program files\Smart Suggestor\SmartSuggestor.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskDrive.lnk]
backup=c:\windows\pss\DeskDrive.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk]
backup=c:\windows\pss\tClock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacSearch.lnk
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MySpaces.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySpaces.lnk
backup=c:\windows\pss\MySpaces.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SUPERAntiSpyware Alternate Start Tool.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPERAntiSpyware Alternate Start Tool.lnk
backup=c:\windows\pss\SUPERAntiSpyware Alternate Start Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Switcher.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switcher.lnk
backup=c:\windows\pss\Switcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^T-Clock 2010.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock 2010.lnk
backup=c:\windows\pss\T-Clock 2010.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Video Stream Server.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Video Stream Server.lnk
backup=c:\windows\pss\Video Stream Server.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2011-11-12 18:42 1647448 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-22 01:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-10-22 06:47 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-10-22 06:47 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 23:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-12 02:04 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 22:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2011-09-29 11:44 1756232 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-01-16 17:54 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteHelper]
2011-02-14 08:55 586752 ----a-w- c:\program files\Remote HD\Remote Helper\RemoteHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 323584 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro RUBotted V2.0 Beta]
2010-12-17 17:33 1103184 ----a-w- c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2011-03-26 07:42 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 185480]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-07-19 158000]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
R3 ALSysIO;ALSysIO;c:\users\mog\AppData\Local\Temp\ALSysIO.sys [x]
R3 cg;cg;c:\users\mog\Desktop\tempp\cg.sys [2004-12-06 6528]
R3 cpuz126;cpuz126;c:\users\mog\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 echo1394;AudioFire service;c:\windows\system32\DRIVERS\echo1394.sys [2009-12-14 81600]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-19 93848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-07-19 104752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
R4 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
R4 gfi_backup_mcs;GFI Backup Management Console Service;c:\program files\GFI\GFI Backup Administration Console\backupmcs.exe [2010-04-27 99840]
R4 GFIBackupAdministrationConsole;GFI Backup Administration Console;c:\program files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe [2010-07-22 24645]
R4 GFIBckBAtt;GFI Backup Attendant Service;c:\program files\GFI\GFI Backup\GFIBInst.exe [2011-05-24 945520]
R4 GFIBckBSched;GFI Backup Scheduler Service;c:\program files\GFI\GFI Backup\GFIBSched.exe [2011-05-24 2613616]
R4 GFIBckDiskImage;GFI Backup DiskImage;c:\program files\GFI\GFI Backup\DiskImage\Win32\oodiag.exe [2011-05-18 2699264]
R4 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 43656]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001Core.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001UA.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} - c:\program files\Smart Suggestor\SmartSuggestor.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: blank
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14776
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20111022&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-Copernic Desktop Search - Home - c:\program files\copernic desktop search - home\desktopsearchservice.exe
MSConfigStartUp-DeskDriveStartup - c:\windows\Lion Skin Pack\DeskDrive\DeskDrive.exe
MSConfigStartUp-Desktop Coral - c:\windows\Lion Skin Pack\DesktopCoral\DesktopCoral.exe
MSConfigStartUp-xwidget - c:\windows\LION SKIN PACK\XWIDGET\XWIDGET.EXE
AddRemove-Lion Skin Pack - c:\windows\Lion Skin Pack\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-08 12:35:55
ComboFix-quarantined-files.txt 2011-12-08 20:35
.
Pre-Run: 219,310,395,392 bytes free
Post-Run: 219,347,693,568 bytes free
.
- - End Of File - - 8F326A6CFF44FE1D7B2CDFB0A2B7FB37
  • 0

#13 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 07:36 PM

Results from SECOND run:

ComboFix 11-12-08.01 - mog 12/08/2011 12:43:49.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3072.2415 [GMT -8:00]
Running from: c:\users\mog\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 20:53 . 2011-12-08 20:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-08 20:53 . 2011-12-08 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 17:49 . 2011-12-08 17:49 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-12-07 19:31 . 2011-12-07 19:31 -------- d-----w- c:\programdata\F-Secure
2011-12-07 19:12 . 2011-12-07 19:12 -------- d-----w- c:\program files\ESET
2011-12-07 18:05 . 2011-12-07 18:05 -------- d-----w- C:\rsit
2011-12-07 15:59 . 2011-12-07 15:59 -------- d-----w- c:\programdata\Trend Micro
2011-12-07 15:49 . 2011-12-07 15:49 -------- d-----w- c:\program files\WinPcap
2011-12-07 15:44 . 2011-12-07 17:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-12-07 14:01 . 2011-12-07 14:01 -------- d--h--w- c:\windows\PIF
2011-12-07 12:14 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:08 . 2011-12-07 19:44 -------- d-----w- c:\program files\Trend Micro
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- c:\program files\Recuva
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- C:\Extracted
2011-12-06 13:31 . 2011-12-07 11:57 -------- d-----w- c:\program files\ReClock
2011-12-05 20:47 . 2011-12-05 20:47 -------- d-----w- c:\windows\Java
2011-12-05 20:47 . 2010-08-22 21:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-12-05 20:44 . 2011-12-06 13:46 -------- d-----w- c:\programdata\Yahoo!
2011-12-05 20:44 . 2011-12-06 13:47 -------- d-----w- c:\program files\Yahoo!
2011-12-04 23:27 . 2011-03-26 07:42 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-12-04 23:27 . 2011-03-26 07:42 404080 ----a-w- c:\windows\system32\vmnat.exe
2011-12-04 23:27 . 2011-03-26 07:40 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-12-04 23:26 . 2011-03-26 07:42 760432 ----a-w- c:\windows\system32\vnetlib.dll
2011-12-04 23:25 . 2011-03-26 07:41 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-12-04 23:23 . 2011-12-04 23:23 -------- d-----w- c:\program files\Common Files\VMware
2011-12-04 23:21 . 2011-12-08 18:09 -------- d-----w- c:\programdata\VMware
2011-12-04 23:21 . 2011-12-04 23:21 -------- d-----w- c:\program files\VMware
2011-12-04 22:44 . 2011-12-04 22:44 -------- d-----w- c:\program files\WinArchiver
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\programdata\ashampoo
2011-12-04 22:12 . 2011-12-04 22:32 -------- d-----w- c:\program files\Ashampoo
2011-12-04 21:57 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-12-02 18:04 . 1999-10-21 19:12 20400 ----a-w- c:\windows\system32\drivers\entech.sys
2011-12-02 18:04 . 2011-12-07 17:06 -------- d-----w- c:\program files\AquaMark3
2011-12-02 11:57 . 2011-12-02 11:57 -------- d-----w- c:\program files\Lunascape
2011-12-02 07:41 . 2011-12-02 07:42 -------- d-----w- c:\program files\Echo FireWire
2011-12-01 20:57 . 2011-12-01 20:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-12-01 15:29 . 2011-12-02 08:59 -------- d-----w- c:\program files\Microsoft LifeCam
2011-12-01 15:25 . 2011-12-04 18:44 -------- d-----w- c:\users\UpdatusUser.mog-PeeCee
2011-12-01 15:21 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-12-01 15:21 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-12-01 15:21 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-01 15:21 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-01 15:21 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-01 15:21 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-01 15:21 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-01 15:21 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-01 15:21 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-01 15:09 . 2011-12-01 16:36 -------- d-----w- c:\program files\Driver-Soft
2011-12-01 12:27 . 2011-12-01 12:27 -------- d-----w- c:\program files\Defraggler
2011-12-01 09:31 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-01 09:31 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-30 12:25 . 2011-11-30 12:26 -------- d-----w- c:\program files\ManyCam
2011-11-30 07:52 . 2010-11-20 12:21 525824 ----a-w- c:\windows\system32\usercpl.dll
2011-11-30 04:38 . 2011-11-30 07:35 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.0
2011-11-30 04:33 . 2011-12-04 21:57 -------- d-----w- c:\program files\MagicDisc
2011-11-29 15:43 . 2011-12-01 09:30 -------- d-----w- c:\program files\iPod
2011-11-29 15:43 . 2011-12-01 09:31 -------- d-----w- c:\program files\iTunes
2011-11-25 23:05 . 2011-12-07 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 20:52 . 2011-11-25 20:52 -------- d-----w- C:\BOOT
2011-11-25 14:05 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-25 14:05 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-25 14:05 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-25 14:05 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-25 14:05 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 14:05 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-25 14:05 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-25 14:05 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-25 14:05 . 2011-11-25 14:05 -------- d-----w- c:\programdata\AVAST Software
2011-11-25 14:05 . 2011-11-25 14:05 -------- d-----w- c:\program files\AVAST Software
2011-11-25 12:09 . 2011-12-02 09:39 360960 --sha-w- C:\EUMONBMP.SYS
2011-11-25 12:08 . 2011-11-25 12:09 -------- d-----w- c:\program files\Surf Canyon
2011-11-25 12:02 . 2011-10-22 06:46 185480 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-11-25 12:02 . 2011-10-22 06:46 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-11-25 12:02 . 2011-10-22 06:46 39560 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-11-25 12:02 . 2011-10-22 06:46 43656 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-11-25 11:58 . 2011-10-22 06:47 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\program files\EaseUS
2011-11-25 09:15 . 2011-11-25 09:15 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-25 09:15 . 2011-11-25 09:15 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-25 09:15 . 2011-11-25 09:15 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-25 09:15 . 2011-11-25 09:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-25 09:15 . 2011-11-25 09:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-25 09:15 . 2011-11-25 09:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-25 09:15 . 2011-11-25 09:15 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-25 09:15 . 2011-11-25 09:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-25 09:14 . 2011-11-25 09:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-11-25 09:14 . 2011-11-25 09:14 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-25 09:13 . 2011-11-25 09:13 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-25 09:13 . 2011-11-25 09:13 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-25 09:12 . 2011-11-25 09:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-25 09:12 . 2011-11-25 09:12 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-11-25 09:12 . 2011-11-25 09:12 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-11-25 09:11 . 2011-11-25 09:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-25 09:10 . 2011-10-20 06:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 21:14 . 2011-12-01 16:37 -------- d-----w- c:\programdata\IObit
2011-11-24 21:13 . 2011-11-24 21:13 -------- d-----w- c:\program files\IObit
2011-11-24 21:09 . 2011-11-24 21:10 1617955 ----a-w- c:\program files\Winrar_4.10_32bit.exe
2011-11-24 16:27 . 2011-11-30 07:35 -------- d-----w- c:\program files\XWindows Dock
2011-11-24 07:15 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-11-24 07:15 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-11-24 06:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-24 05:45 . 2011-11-30 07:35 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 05:39 . 2010-11-20 12:30 153984 ----a-w- c:\windows\system32\drivers\pci.sys
2011-11-24 05:38 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 05:38 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-11-24 04:35 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-24 04:35 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-24 04:35 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-24 04:35 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-24 04:35 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-11-24 04:35 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-11-24 04:35 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-11-24 04:35 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-11-24 04:35 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-11-24 04:35 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-24 04:34 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-24 04:34 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-24 04:07 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-24 04:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-24 04:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-24 03:57 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-11-24 03:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-24 02:54 . 2011-12-08 20:47 -------- d-----w- c:\windows\system32\wbem\Performance
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 07:52 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-11-30 07:52 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-24 06:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:49 . 2011-08-16 08:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 12:01 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-22 11:18 . 2007-07-03 23:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-22 11:18 . 2007-07-03 23:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-03 12:06 . 2011-08-07 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-16 22:12 . 2011-10-22 11:17 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe
2011-09-16 22:12 . 2011-10-22 11:17 143240 ----a-w- c:\program files\Common Files\ApnStub.exe
2010-01-26 18:11 . 2011-10-22 11:17 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-08-12 05:57 . 2011-08-28 02:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 3BD6181D61A88FCC48FCBAF937A7FE2E . 1383424 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[7] 2011-11-25 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-11-25 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-11-25 . 7E16BE9F2BC4D57D5A320DE994F85D81 . 2567168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-11-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2011-11-25 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}]
2011-09-05 16:55 138032 ----a-w- c:\program files\Smart Suggestor\SmartSuggestor.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskDrive.lnk]
backup=c:\windows\pss\DeskDrive.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk]
backup=c:\windows\pss\tClock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacSearch.lnk
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MySpaces.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySpaces.lnk
backup=c:\windows\pss\MySpaces.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SUPERAntiSpyware Alternate Start Tool.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPERAntiSpyware Alternate Start Tool.lnk
backup=c:\windows\pss\SUPERAntiSpyware Alternate Start Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Switcher.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switcher.lnk
backup=c:\windows\pss\Switcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^T-Clock 2010.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock 2010.lnk
backup=c:\windows\pss\T-Clock 2010.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Video Stream Server.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Video Stream Server.lnk
backup=c:\windows\pss\Video Stream Server.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2011-11-12 18:42 1647448 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-22 01:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-10-22 06:47 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-10-22 06:47 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2011-08-01 23:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2009-11-12 02:04 1505144 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 22:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2011-09-29 11:44 1756232 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-01-16 17:54 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteHelper]
2011-02-14 08:55 586752 ----a-w- c:\program files\Remote HD\Remote Helper\RemoteHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 323584 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro RUBotted V2.0 Beta]
2010-12-17 17:33 1103184 ----a-w- c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2011-03-26 07:42 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\mog\AppData\Local\Temp\ALSysIO.sys [x]
R3 cg;cg;c:\users\mog\Desktop\tempp\cg.sys [2004-12-06 6528]
R3 cpuz126;cpuz126;c:\users\mog\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 echo1394;AudioFire service;c:\windows\system32\DRIVERS\echo1394.sys [2009-12-14 81600]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-19 93848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-07-19 104752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-11 490840]
R4 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
R4 gfi_backup_mcs;GFI Backup Management Console Service;c:\program files\GFI\GFI Backup Administration Console\backupmcs.exe [2010-04-27 99840]
R4 GFIBackupAdministrationConsole;GFI Backup Administration Console;c:\program files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe [2010-07-22 24645]
R4 GFIBckBAtt;GFI Backup Attendant Service;c:\program files\GFI\GFI Backup\GFIBInst.exe [2011-05-24 945520]
R4 GFIBckBSched;GFI Backup Scheduler Service;c:\program files\GFI\GFI Backup\GFIBSched.exe [2011-05-24 2613616]
R4 GFIBckDiskImage;GFI Backup DiskImage;c:\program files\GFI\GFI Backup\DiskImage\Win32\oodiag.exe [2011-05-18 2699264]
R4 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 43656]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 185480]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-07-19 158000]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001Core.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001UA.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} - c:\program files\Smart Suggestor\SmartSuggestor.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: blank
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14776
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20111022&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-08 12:57:47
ComboFix-quarantined-files.txt 2011-12-08 20:57
ComboFix2.txt 2011-12-08 20:35
.
Pre-Run: 219,334,926,336 bytes free
Post-Run: 218,960,650,240 bytes free
.
- - End Of File - - EACE289A46DC60252C2E4009DCD6EBD5
  • 0

#14 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 07:36 PM

Results after THIRD run:

ComboFix 11-12-08.01 - mog 12/08/2011 13:37:27.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3072.2382 [GMT -8:00]
Running from: c:\users\mog\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-08 to 2011-12-08 )))))))))))))))))))))))))))))))
.
.
2011-12-08 21:45 . 2011-12-08 21:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-08 21:45 . 2011-12-08 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-08 17:49 . 2011-12-08 17:49 -------- d-----w- c:\users\Default\AppData\Roaming\IObit
2011-12-07 19:31 . 2011-12-07 19:31 -------- d-----w- c:\programdata\F-Secure
2011-12-07 19:12 . 2011-12-07 19:12 -------- d-----w- c:\program files\ESET
2011-12-07 18:05 . 2011-12-07 18:05 -------- d-----w- C:\rsit
2011-12-07 15:59 . 2011-12-07 15:59 -------- d-----w- c:\programdata\Trend Micro
2011-12-07 15:49 . 2011-12-07 15:49 -------- d-----w- c:\program files\WinPcap
2011-12-07 15:44 . 2011-12-07 17:06 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-12-07 14:01 . 2011-12-07 14:01 -------- d--h--w- c:\windows\PIF
2011-12-07 12:14 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 12:08 . 2011-12-07 19:44 -------- d-----w- c:\program files\Trend Micro
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- c:\program files\Recuva
2011-12-06 19:45 . 2011-12-06 19:45 -------- d-----w- C:\Extracted
2011-12-06 13:31 . 2011-12-07 11:57 -------- d-----w- c:\program files\ReClock
2011-12-05 20:47 . 2011-12-05 20:47 -------- d-----w- c:\windows\Java
2011-12-05 20:47 . 2010-08-22 21:48 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2011-12-05 20:44 . 2011-12-06 13:46 -------- d-----w- c:\programdata\Yahoo!
2011-12-05 20:44 . 2011-12-06 13:47 -------- d-----w- c:\program files\Yahoo!
2011-12-04 23:27 . 2011-03-26 07:42 334448 ----a-w- c:\windows\system32\vmnetdhcp.exe
2011-12-04 23:27 . 2011-03-26 07:42 404080 ----a-w- c:\windows\system32\vmnat.exe
2011-12-04 23:27 . 2011-03-26 07:40 26352 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-12-04 23:26 . 2011-03-26 07:42 760432 ----a-w- c:\windows\system32\vnetlib.dll
2011-12-04 23:25 . 2011-03-26 07:41 24688 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2011-12-04 23:23 . 2011-12-04 23:23 -------- d-----w- c:\program files\Common Files\VMware
2011-12-04 23:21 . 2011-12-08 18:09 -------- d-----w- c:\programdata\VMware
2011-12-04 23:21 . 2011-12-04 23:21 -------- d-----w- c:\program files\VMware
2011-12-04 22:44 . 2011-12-04 22:44 -------- d-----w- c:\program files\WinArchiver
2011-12-04 22:34 . 2011-12-04 22:34 -------- d-----w- c:\programdata\ashampoo
2011-12-04 22:12 . 2011-12-04 22:32 -------- d-----w- c:\program files\Ashampoo
2011-12-04 21:57 . 2009-02-25 02:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-12-02 18:04 . 1999-10-21 19:12 20400 ----a-w- c:\windows\system32\drivers\entech.sys
2011-12-02 11:57 . 2011-12-02 11:57 -------- d-----w- c:\program files\Lunascape
2011-12-02 07:41 . 2011-12-02 07:42 -------- d-----w- c:\program files\Echo FireWire
2011-12-01 20:57 . 2011-12-01 20:57 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2011-12-01 15:29 . 2011-12-02 08:59 -------- d-----w- c:\program files\Microsoft LifeCam
2011-12-01 15:25 . 2011-12-04 18:44 -------- d-----w- c:\users\UpdatusUser.mog-PeeCee
2011-12-01 15:21 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-12-01 15:21 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-12-01 15:21 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-01 15:21 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-12-01 15:21 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-01 15:21 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-12-01 15:21 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-12-01 15:21 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-12-01 15:21 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-01 15:09 . 2011-12-01 16:36 -------- d-----w- c:\program files\Driver-Soft
2011-12-01 12:27 . 2011-12-01 12:27 -------- d-----w- c:\program files\Defraggler
2011-12-01 09:31 . 2009-05-18 21:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-01 09:31 . 2008-04-17 20:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-11-30 12:25 . 2011-11-30 12:26 -------- d-----w- c:\program files\ManyCam
2011-11-30 07:52 . 2010-11-20 12:21 525824 ----a-w- c:\windows\system32\usercpl.dll
2011-11-30 04:38 . 2011-11-30 07:35 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 7.0
2011-11-30 04:33 . 2011-12-04 21:57 -------- d-----w- c:\program files\MagicDisc
2011-11-29 15:43 . 2011-12-01 09:30 -------- d-----w- c:\program files\iPod
2011-11-29 15:43 . 2011-12-01 09:31 -------- d-----w- c:\program files\iTunes
2011-11-25 23:05 . 2011-12-07 12:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-25 20:52 . 2011-11-25 20:52 -------- d-----w- C:\BOOT
2011-11-25 14:05 . 2011-12-08 21:27 -------- d-----w- c:\programdata\AVAST Software
2011-11-25 14:05 . 2011-11-25 14:05 -------- d-----w- c:\program files\AVAST Software
2011-11-25 12:09 . 2011-12-02 09:39 360960 --sha-w- C:\EUMONBMP.SYS
2011-11-25 12:08 . 2011-11-25 12:09 -------- d-----w- c:\program files\Surf Canyon
2011-11-25 12:02 . 2011-10-22 06:46 185480 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-11-25 12:02 . 2011-10-22 06:46 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-11-25 12:02 . 2011-10-22 06:46 39560 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-11-25 12:02 . 2011-10-22 06:46 43656 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-11-25 11:58 . 2011-10-22 06:47 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-11-25 11:58 . 2011-11-25 11:58 -------- d-----w- c:\program files\EaseUS
2011-11-25 09:15 . 2011-11-25 09:15 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-11-25 09:15 . 2011-11-25 09:15 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-11-25 09:15 . 2011-11-25 09:15 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-11-25 09:15 . 2011-11-25 09:15 337408 ----a-w- c:\windows\system32\mssph.dll
2011-11-25 09:15 . 2011-11-25 09:15 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-11-25 09:15 . 2011-11-25 09:15 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-11-25 09:15 . 2011-11-25 09:15 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-11-25 09:15 . 2011-11-25 09:15 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-11-25 09:15 . 2011-11-25 09:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-11-25 09:14 . 2011-11-25 09:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-11-25 09:14 . 2011-11-25 09:14 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-25 09:13 . 2011-11-25 09:13 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-25 09:13 . 2011-11-25 09:13 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-25 09:12 . 2011-11-25 09:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-11-25 09:12 . 2011-11-25 09:12 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-11-25 09:12 . 2011-11-25 09:12 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-11-25 09:11 . 2011-11-25 09:11 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-11-25 09:10 . 2011-10-20 06:15 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 21:14 . 2011-12-01 16:37 -------- d-----w- c:\programdata\IObit
2011-11-24 21:13 . 2011-12-08 21:21 -------- d-----w- c:\program files\IObit
2011-11-24 21:09 . 2011-11-24 21:10 1617955 ----a-w- c:\program files\Winrar_4.10_32bit.exe
2011-11-24 16:27 . 2011-11-30 07:35 -------- d-----w- c:\program files\XWindows Dock
2011-11-24 07:15 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-11-24 07:15 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-11-24 06:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-24 05:45 . 2011-11-30 07:35 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 05:39 . 2010-11-20 12:30 153984 ----a-w- c:\windows\system32\drivers\pci.sys
2011-11-24 05:38 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 05:38 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-11-24 04:35 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-24 04:35 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-11-24 04:35 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-24 04:35 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-11-24 04:35 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-11-24 04:35 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-11-24 04:35 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-11-24 04:35 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-11-24 04:35 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-11-24 04:35 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-24 04:34 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-11-24 04:34 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-11-24 04:07 . 2011-01-07 06:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-24 04:07 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-24 04:07 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-24 03:57 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-11-24 03:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-11-24 02:54 . 2011-12-08 21:40 -------- d-----w- c:\windows\system32\wbem\Performance
2011-11-24 02:09 . 2011-12-08 20:32 -------- d-----w- c:\users\mog
2011-11-24 02:06 . 2011-12-08 17:27 -------- d-sh--w- c:\windows\Installer
2011-11-24 02:06 . 2011-11-24 02:06 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-24 02:06 . 2011-12-01 16:37 -------- d-----w- c:\program files\NVIDIA Corporation
2011-11-23 14:43 . 2011-11-25 22:31 -------- d-----w- C:\NST
2011-11-23 02:50 . 2011-11-24 02:13 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-11-23 02:41 . 2011-11-24 02:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-22 09:10 . 2011-11-24 02:16 -------- d-----w- c:\programdata\DonationCoder
2011-11-21 20:10 . 2011-11-24 02:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 07:52 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2011-11-30 07:52 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2011-11-24 06:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-16 13:49 . 2011-08-16 08:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 12:01 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-10-22 11:18 . 2007-07-03 23:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-10-22 11:18 . 2007-07-03 23:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-10-03 12:06 . 2011-08-07 15:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-16 22:12 . 2011-10-22 11:17 3623592 ----a-w- c:\program files\Common Files\ApnToolbarInstaller.exe
2011-09-16 22:12 . 2011-10-22 11:17 143240 ----a-w- c:\program files\Common Files\ApnStub.exe
2010-01-26 18:11 . 2011-10-22 11:17 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-08-12 05:57 . 2011-08-28 02:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 3BD6181D61A88FCC48FCBAF937A7FE2E . 1383424 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[7] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[7] 2011-11-25 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-11-25 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[-] 2011-11-25 . 7E16BE9F2BC4D57D5A320DE994F85D81 . 2567168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2011-11-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[7] 2011-11-25 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DB536AF2-E422-402d-B7FD-887297F1A198}]
2011-09-05 16:55 138032 ----a-w- c:\program files\Smart Suggestor\SmartSuggestor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\microsoft intellitype pro\itype.exe" [2009-11-12 1505144]
"IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" [2011-08-01 1821576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DeskDrive.lnk]
backup=c:\windows\pss\DeskDrive.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tClock.lnk]
backup=c:\windows\pss\tClock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Finderbar.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
backup=c:\windows\pss\Finderbar.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MacSearch.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MacSearch.lnk
backup=c:\windows\pss\MacSearch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MySpaces.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySpaces.lnk
backup=c:\windows\pss\MySpaces.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SUPERAntiSpyware Alternate Start Tool.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SUPERAntiSpyware Alternate Start Tool.lnk
backup=c:\windows\pss\SUPERAntiSpyware Alternate Start Tool.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Switcher.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Switcher.lnk
backup=c:\windows\pss\Switcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^T-Clock 2010.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\T-Clock 2010.lnk
backup=c:\windows\pss\T-Clock 2010.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Video Stream Server.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Video Stream Server.lnk
backup=c:\windows\pss\Video Stream Server.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Winroll.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
backup=c:\windows\pss\Winroll.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mog^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 14:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-01-22 01:22 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-10-22 06:47 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-10-22 06:47 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 22:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2011-09-29 11:44 1756232 ----a-w- c:\program files\ManyCam\Bin\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-01-16 17:54 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-06 01:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteHelper]
2011-02-14 08:55 586752 ----a-w- c:\program files\Remote HD\Remote Helper\RemoteHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES]
2009-07-14 01:14 323584 ----a-w- c:\windows\System32\StikyNot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trend Micro RUBotted V2.0 Beta]
2010-12-17 17:33 1103184 ----a-w- c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2011-03-26 07:42 129648 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\mog\AppData\Local\Temp\ALSysIO.sys [x]
R3 cg;cg;c:\users\mog\Desktop\tempp\cg.sys [2004-12-06 6528]
R3 cpuz126;cpuz126;c:\users\mog\AppData\Local\Temp\cpuz.sys [x]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 echo1394;AudioFire service;c:\windows\system32\DRIVERS\echo1394.sys [2009-12-14 81600]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-07-19 104752]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
R4 gfi_backup_mcs;GFI Backup Management Console Service;c:\program files\GFI\GFI Backup Administration Console\backupmcs.exe [2010-04-27 99840]
R4 GFIBackupAdministrationConsole;GFI Backup Administration Console;c:\program files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe [2010-07-22 24645]
R4 GFIBckBAtt;GFI Backup Attendant Service;c:\program files\GFI\GFI Backup\GFIBInst.exe [2011-05-24 945520]
R4 GFIBckBSched;GFI Backup Scheduler Service;c:\program files\GFI\GFI Backup\GFIBSched.exe [2011-05-24 2613616]
R4 GFIBckDiskImage;GFI Backup DiskImage;c:\program files\GFI\GFI Backup\DiskImage\Win32\oodiag.exe [2011-05-18 2699264]
R4 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R4 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
R4 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe [2008-09-19 93848]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-26 539248]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-22 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-22 43656]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-22 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-22 185480]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-07-19 158000]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2011-03-26 70768]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 30576]
S3 rt61x86;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x86.sys [2010-04-07 376160]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - avgntflt
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001Core.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1175243136-2182879396-1685703000-1001UA.job
- c:\users\mog\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-07 12:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102868&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - {DB536AF2-E422-402d-B7FD-887297F1A198} - c:\program files\Smart Suggestor\SmartSuggestor.dll
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: blank
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=14776
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z149&form=ZGAADF&install_date=20111022&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Advanced SystemCare 5 - c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-08 13:48:22
ComboFix-quarantined-files.txt 2011-12-08 21:48
ComboFix2.txt 2011-12-08 20:57
ComboFix3.txt 2011-12-08 20:35
.
Pre-Run: 219,485,732,864 bytes free
Post-Run: 219,073,486,848 bytes free
.
- - End Of File - - 0AA63715CDB5EF49B4A6711621D3B1CA
  • 0

#15 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 07:37 PM

Quarantined files:

2011-12-08 21:47:11 . 2011-12-08 21:47:11 988 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Advanced SystemCare 5.reg.dat
2011-12-08 20:35:10 . 2011-12-08 20:35:10 770 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Lion Skin Pack.reg.dat
2011-12-08 20:34:53 . 2011-12-08 20:34:53 880 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-xwidget.reg.dat
2011-12-08 20:34:52 . 2011-12-08 20:34:52 950 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Desktop Coral.reg.dat
2011-12-08 20:34:52 . 2011-12-08 20:34:52 924 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-DeskDriveStartup.reg.dat
2011-12-08 20:34:52 . 2011-12-08 20:34:52 1,044 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Copernic Desktop Search - Home.reg.dat
2011-12-08 20:34:51 . 2011-12-08 20:34:51 750 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-!SASWinLogon.reg.dat
2011-12-08 20:34:49 . 2011-12-08 20:34:49 146 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}.reg.dat
2011-12-08 20:34:41 . 2011-12-08 20:34:41 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}.reg.dat
2011-12-08 20:34:41 . 2011-12-08 20:34:41 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}.reg.dat
2011-12-08 20:34:41 . 2011-12-08 20:34:41 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}.reg.dat
2011-12-08 20:34:40 . 2011-12-08 20:34:40 159 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}.reg.dat
2011-12-08 20:34:40 . 2011-12-08 20:34:40 130 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}.reg.dat
2011-12-08 20:33:46 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\E\install.exe.vir
2011-12-08 20:33:46 . 2009-04-12 06:42:10 2,641,408 ----a-w- C:\Qoobox\Quarantine\E\explorer.exe.vir
2011-12-08 20:31:22 . 2011-12-08 21:43:06 7,397 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-08 20:24:56 . 2011-12-08 21:37:27 186 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-11-30 07:53:03 . 2010-11-20 12:08:44 12,625,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wmploc.DLL.xpize.vir
2011-11-30 07:53:02 . 2010-11-20 12:21:40 2,414,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wucltux.dll.xpize.vir
2011-11-30 07:53:01 . 2009-07-14 01:16:20 1,294,336 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wsecedit.dll.xpize.vir
2011-11-30 07:53:01 . 2010-11-20 12:21:37 766,464 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wpccpl.dll.xpize.vir
2011-11-30 07:53:00 . 2010-11-20 12:21:35 1,227,776 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wdc.dll.xpize.vir
2011-11-30 07:53:00 . 2010-11-20 12:21:33 933,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Vault.dll.xpize.vir
2011-11-30 07:52:59 . 2010-11-20 12:21:33 600,064 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\usercpl.dll.xpize.vir
2011-11-30 07:52:58 . 2010-11-20 12:21:32 597,504 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\TSWorkspace.dll.xpize.vir
2011-11-30 07:52:58 . 2010-11-20 12:21:29 2,157,568 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\themecpl.dll.xpize.vir
2011-11-30 07:52:57 . 2010-11-20 12:21:28 233,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\taskbarcpl.dll.xpize.vir
2011-11-30 07:52:56 . 2010-11-20 12:21:27 2,146,304 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SyncCenter.dll.xpize.vir
2011-11-30 07:52:56 . 2010-11-20 12:21:25 301,568 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\srchadmin.dll.xpize.vir
2011-11-30 07:52:53 . 2011-11-25 09:17:17 12,872,704 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\shell32.dll.xpize.vir
2011-11-30 07:52:52 . 2010-11-20 12:21:08 2,202,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SensorsCpl.dll.xpize.vir
2011-11-30 07:52:51 . 2010-11-20 12:21:06 750,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\sdcpl.dll.xpize.vir
2011-11-30 07:52:51 . 2010-11-20 12:20:56 441,856 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\powercpl.dll.xpize.vir
2011-11-30 07:52:50 . 2009-07-14 01:16:12 629,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\pmcsnap.dll.xpize.vir
2011-11-30 07:52:50 . 2010-11-20 12:20:52 600,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\PerfCenterCPL.dll.xpize.vir
2011-11-30 07:52:49 . 2010-11-20 12:20:50 859,648 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\OobeFldr.dll.xpize.vir
2011-11-30 07:52:49 . 2009-07-14 01:09:14 229,376 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\odbcint.dll.xpize.vir
2011-11-30 07:52:48 . 2010-11-20 12:20:29 1,661,440 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\networkexplorer.dll.xpize.vir
2011-11-30 07:52:48 . 2009-07-14 01:16:03 1,114,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\NetProjW.dll.xpize.vir
2011-11-30 07:52:47 . 2010-11-20 12:20:28 1,644,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\netcenter.dll.xpize.vir
2011-11-30 07:52:46 . 2009-07-14 01:16:02 229,888 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\mycomput.dll.xpize.vir
2011-11-30 07:52:45 . 2009-07-14 01:15:40 181,760 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\miguiresource.dll.xpize.vir
2011-11-30 07:52:45 . 2009-07-14 01:15:34 218,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\iscsicpl.dll.xpize.vir
2011-11-30 07:52:39 . 2009-07-14 01:06:03 20,268,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\imageres.dll.xpize.vir
2011-11-30 07:52:38 . 2010-11-20 12:19:18 10,990,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ieframe.dll.xpize.vir
2011-11-30 07:52:37 . 2010-11-20 12:19:05 2,576,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\gameux.dll.xpize.vir
2011-11-30 07:52:37 . 2010-11-20 12:19:03 175,104 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\fvecpl.dll.xpize.vir
2011-11-30 07:52:36 . 2010-11-20 12:19:02 828,928 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\fontext.dll.xpize.vir
2011-11-30 07:52:35 . 2010-11-20 12:19:02 856,576 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\FirewallControlPanel.dll.xpize.vir
2011-11-30 07:52:35 . 2009-07-14 01:15:21 444,416 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\filemgmt.dll.xpize.vir
2011-11-30 07:52:34 . 2010-11-20 12:19:01 1,493,504 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ExplorerFrame.dll.xpize.vir
2011-11-30 07:52:34 . 2010-11-20 12:18:32 1,040,384 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Display.dll.xpize.vir
2011-11-30 07:52:33 . 2010-11-20 12:18:32 1,188,864 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DiagCpl.dll.xpize.vir
2011-11-30 07:52:32 . 2009-07-14 01:15:11 410,624 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\devmgr.dll.xpize.vir
2011-11-30 07:52:31 . 2010-11-20 12:18:29 484,864 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DeviceCenter.dll.xpize.vir
2011-11-30 07:52:30 . 2009-07-14 01:15:10 6,278,656 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\DDORes.dll.xpize.vir
2011-11-30 07:52:30 . 2009-07-14 01:04:30 1,297,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\comres.dll.xpize.vir
2011-11-30 07:52:29 . 2010-11-20 12:18:05 146,944 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\autoplay.dll.xpize.vir
2011-11-30 07:52:28 . 2009-07-14 01:14:57 297,472 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\AuthFWGP.dll.xpize.vir
2011-11-30 07:52:28 . 2010-11-20 12:18:01 537,600 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ActionCenterCPL.dll.xpize.vir
2011-11-30 07:52:27 . 2010-11-20 12:18:00 3,727,872 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\accessibilitycpl.dll.xpize.vir
2011-11-30 07:52:26 . 2010-11-20 12:21:26 228,352 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\stobject.dll.xpize.vir
2011-11-30 07:52:26 . 2010-11-20 12:21:23 220,160 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\SndVolSSO.dll.xpize.vir
2011-11-30 07:52:25 . 2010-11-20 12:20:55 1,750,528 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\pnidui.dll.xpize.vir
2011-11-30 07:52:24 . 2010-11-20 12:20:27 136,192 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\mydocs.dll.xpize.vir
2011-11-30 07:52:23 . 2010-11-20 12:18:06 740,864 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\batmeter.dll.xpize.vir
2011-11-30 07:52:21 . 2010-11-20 12:18:05 1,792,000 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\authui.dll.xpize.vir
2011-11-30 07:52:21 . 2009-07-14 01:16:12 379,904 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\pnpui.dll.xpize.vir
2011-11-30 07:52:20 . 2010-11-20 12:20:29 2,494,464 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\netshell.dll.xpize.vir
2011-11-30 07:52:19 . 2009-07-14 01:06:45 9,053,696 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\mmres.dll.xpize.vir
2011-11-30 07:52:19 . 2009-07-14 01:06:06 705,536 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\imagesp1.dll.xpize.vir
2011-11-30 07:52:18 . 2009-07-14 01:15:24 56,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\hotplug.dll.xpize.vir
2011-11-30 07:52:17 . 2010-11-20 12:18:01 744,448 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\ActionCenter.dll.xpize.vir
2011-11-24 06:13:36 . 2011-11-24 06:13:36 1,056,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2011-11-21 19:04:49 . 2011-11-23 09:12:31 196 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\~.inf.vir
2011-08-28 12:41:20 . 2011-08-28 12:41:12 0 ----a-w- C:\Qoobox\Quarantine\C\Users\mog\001.flv.vir
2011-08-16 07:51:41 . 2011-08-16 07:53:57 7,394,734 ----a-w- C:\Qoobox\Quarantine\C\Users\mog\Documents\palemoon-5.0-installer.tmp.vir
2011-06-26 12:00:14 . 2011-06-26 12:00:14 197,632 ----a-w- C:\Qoobox\Quarantine\C\Users\mog\AppData\Local\TempDIR\BetterInstaller.exe.vir
2011-04-15 13:05:38 . 2011-10-22 11:04:00 1,945 ----a-w- C:\Qoobox\Quarantine\C\Users\mog\AppData\Roaming\Mozilla\Firefox\Profiles\rc6vqg0u.default\searchplugins\bing-zugo.xml.vir
  • 0

#16 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 08 December 2011 - 08:03 PM

It appears I've the DLLHOST.EXE virus...STILL.
  • 0

#17 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 08 December 2011 - 09:42 PM

Go to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, click the "browse" button and locate the following file:
C:\WINDOWS\System32\comres.dll <- this file
Click "Open", then click the "Submit" button. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
-- Post back with the results of the file analysis in your next reply.


Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2
Link 3Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe), select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • At the 'Setup page', click Next, check the box to accept the license agreement and click Next twice more to extract the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan. Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2011.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#18 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 09 December 2011 - 02:06 AM

All the suspicious files turned out to be okay (the suspicious files that were uploaded to Jotti's).

I ran Combofix again, and it restarted the PC, finished, and reported that the comres.dll file was infected, and replaced it with the one directly below it as shown in the last log file. I then ran security task manager, and when attempting to end the process associated with Microsoft Office Professional Plus 2010, I got a pop up saying my computer had encountered a serious or critical error and would reboot in 10 seconds.

After running combofix, and trying to run task manager, I get the error illegal operation on a key marked for deletion. This error goes away after a reboot.

Hitman removed several items, one of which was included in the Trojan Killer download!


Kaspersky didn't find anything unusual, but my comp is still behaving like it's infected.

Is it time to give up and wipe?

Automatic Scan: completed 1 minute ago (events: 3510, objects: 3473, time: 00:03:20)
12/8/2011 10:46:32 PM Task started
12/8/2011 10:46:33 PM OK System Memory
12/8/2011 10:46:33 PM OK 6150270.exe\6150270.exe
12/8/2011 10:46:34 PM OK 6150270.exe\cabinet.dll
12/8/2011 10:46:34 PM OK 6150270.exe\spfileq.dll
12/8/2011 10:46:34 PM OK 6150270.exe\cryptnet.dll
12/8/2011 10:46:34 PM OK C:\Users\mog\AppData\Local\temp\RarSFX0\6150270.exe/#
12/8/2011 10:46:34 PM OK C:\Users\mog\AppData\Local\temp\RarSFX0\6150270.exe
12/8/2011 10:46:34 PM OK 6150270.exe\ntshrui.dll
12/8/2011 10:46:34 PM OK 6150270.exe\cscapi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\SensApi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\fltLib.dll
12/8/2011 10:46:34 PM OK 6150270.exe\shdocvw.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\cabinet.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\spfileq.dll
12/8/2011 10:46:34 PM OK 6150270.exe\linkinfo.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\cryptnet.dll
12/8/2011 10:46:34 PM OK 6150270.exe\slc.dll
12/8/2011 10:46:34 PM OK 6150270.exe\WindowsCodecs.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\ntshrui.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\cscapi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\ntmarta.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\SensApi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\dwmapi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\GdiPlus.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\fltLib.dll
12/8/2011 10:46:34 PM OK 6150270.exe\uxtheme.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\shdocvw.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\linkinfo.dll
12/8/2011 10:46:34 PM OK 6150270.exe\propsys.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\slc.dll
12/8/2011 10:46:34 PM OK 6150270.exe\comctl32.dll
12/8/2011 10:46:34 PM OK 6150270.exe\gpapi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\userenv.dll
12/8/2011 10:46:34 PM OK 6150270.exe\SPInf.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\ntmarta.dll
12/8/2011 10:46:34 PM OK 6150270.exe\scecli.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\dwmapi.dll
12/8/2011 10:46:34 PM OK 6150270.exe\bcryptprimitives.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\WindowsCodecs.dll
12/8/2011 10:46:34 PM OK 6150270.exe\rsaenh.dll
12/8/2011 10:46:34 PM OK 6150270.exe\cryptsp.dll
12/8/2011 10:46:34 PM OK 6150270.exe\devrtl.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\uxtheme.dll
12/8/2011 10:46:34 PM OK 6150270.exe\srvcli.dll
12/8/2011 10:46:34 PM OK 6150270.exe\bcrypt.dll
12/8/2011 10:46:34 PM OK C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
12/8/2011 10:46:34 PM OK 6150270.exe\ncrypt.dll
12/8/2011 10:46:34 PM OK C:\Windows\System32\propsys.dll
12/8/2011 10:46:34 PM OK C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\gpapi.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\userenv.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\SPInf.dll
12/8/2011 10:46:35 PM OK 6150270.exe\apphelp.dll
12/8/2011 10:46:35 PM OK 6150270.exe\cryptbase.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\bcryptprimitives.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\rsaenh.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\scecli.dll
12/8/2011 10:46:35 PM OK 6150270.exe\profapi.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\cryptsp.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\devrtl.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\srvcli.dll
12/8/2011 10:46:35 PM OK 6150270.exe\msasn1.dll
12/8/2011 10:46:35 PM OK 6150270.exe\cfgmgr32.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\bcrypt.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\ncrypt.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\apphelp.dll
12/8/2011 10:46:35 PM OK 6150270.exe\wintrust.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\cryptbase.dll
12/8/2011 10:46:35 PM OK 6150270.exe\devobj.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\msasn1.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\profapi.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\cfgmgr32.dll
12/8/2011 10:46:35 PM OK 6150270.exe\crypt32.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\wintrust.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\devobj.dll
12/8/2011 10:46:35 PM OK 6150270.exe\KernelBase.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\crypt32.dll
12/8/2011 10:46:35 PM OK 6150270.exe\usp10.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\KernelBase.dll
12/8/2011 10:46:35 PM OK 6150270.exe\imm32.dll
12/8/2011 10:46:35 PM OK C:\Windows\System32\usp10.dll
12/8/2011 10:46:35 PM OK 6150270.exe\advapi32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\imm32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\msvcrt.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\advapi32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\oleaut32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\msvcrt.dll
12/8/2011 10:46:36 PM OK 6150270.exe\clbcatq.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\oleaut32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\gdi32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\clbcatq.dll
12/8/2011 10:46:36 PM OK 6150270.exe\user32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\gdi32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\Wldap32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\psapi.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\user32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\Wldap32.dll
12/8/2011 10:46:36 PM OK 6150270.exe\shell32.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\psapi.dll
12/8/2011 10:46:36 PM OK 6150270.exe\lpk.dll
12/8/2011 10:46:36 PM OK 6150270.exe\rpcrt4.dll
12/8/2011 10:46:36 PM OK C:\Windows\System32\lpk.dll
12/8/2011 10:46:37 PM OK 6150270.exe\setupapi.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\rpcrt4.dll
12/8/2011 10:46:37 PM OK 6150270.exe\imagehlp.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\shell32.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\setupapi.dll
12/8/2011 10:46:37 PM OK 6150270.exe\msctf.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\imagehlp.dll
12/8/2011 10:46:37 PM OK 6150270.exe\kernel32.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\msctf.dll
12/8/2011 10:46:37 PM OK 6150270.exe\ole32.dll
12/8/2011 10:46:37 PM OK 6150270.exe\ntdll.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\kernel32.dll
12/8/2011 10:46:37 PM OK 6150270.exe\sechost.dll
12/8/2011 10:46:37 PM OK C:\Windows\System32\ole32.dll
12/8/2011 10:46:38 PM OK 6150270.exe\shlwapi.dll
12/8/2011 10:46:38 PM OK C:\Windows\System32\ntdll.dll
12/8/2011 10:46:38 PM OK 6150270.exe\apisetschema.dll
12/8/2011 10:46:38 PM OK C:\Windows\System32\sechost.dll
12/8/2011 10:46:38 PM OK C:\Windows\System32\shlwapi.dll
12/8/2011 10:46:38 PM OK C:\Windows\System32\apisetschema.dll
12/8/2011 10:46:38 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\setup_11.0.0.1245.x01_2011_12_09_10_21.exe
12/8/2011 10:46:39 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe:Zone.Identifier
12/8/2011 10:46:40 PM Archive: RAR C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe
12/8/2011 10:46:40 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/archive comment
12/8/2011 10:46:41 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/6150270.exe Object was not changed (iChecker)
12/8/2011 10:46:42 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/6150270.prg
12/8/2011 10:47:30 PM Archive: RAR C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/6150270rar.exe
12/8/2011 10:47:30 PM Password protected C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/6150270rar.exe
12/8/2011 10:47:30 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/6150270rar.prg
12/8/2011 10:47:31 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/background.png
12/8/2011 10:47:31 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/1/kl1.cat
12/8/2011 10:47:31 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/1/kl1.inf
12/8/2011 10:47:31 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/1/kl1.sys
12/8/2011 10:47:32 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/501/6150270drv.cat
12/8/2011 10:47:32 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/501/6150270drv.inf
12/8/2011 10:47:33 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/501/6150270drv.sys
12/8/2011 10:47:33 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/600/6150270drv.cat
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/600/6150270drv.inf
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win32/2/600/6150270drv.sys
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/1/kl1.cat
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/1/kl1.inf
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/1/kl1.sys
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/501/6150270drv.cat
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/501/6150270drv.inf
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/501/6150270drv.sys
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/600/6150270drv.cat
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/600/6150270drv.inf
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/Drivers/Win64/2/600/6150270drv.sys
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/helper64.exe
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/helper64.prg
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/#
12/8/2011 10:47:34 PM OK C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/#
12/8/2011 10:47:36 PM Archive: RAR C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/#
12/8/2011 10:47:36 PM Password protected C:\Users\mog\Desktop\setup_11.0.0.1245.x01_2011_12_09_10_21.exe/#
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\riched20.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\riched32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\shdocvw.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\ntmarta.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\dwmapi.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\uxtheme.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\propsys.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\comctl32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\version.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\sspicli.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\riched20.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\apphelp.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\cryptbase.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\profapi.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\msasn1.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\cfgmgr32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\devobj.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\crypt32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\KernelBase.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\usp10.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\imm32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\advapi32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\msvcrt.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\oleaut32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\clbcatq.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\gdi32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\user32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\Wldap32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\shell32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\lpk.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\rpcrt4.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\urlmon.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\riched32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\setupapi.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\comdlg32.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\version.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\msctf.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\kernel32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\ole32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\wininet.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\iertutil.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\sspicli.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\comdlg32.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\ntdll.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\sechost.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\shlwapi.dll
12/8/2011 10:47:36 PM OK setup_11.0.0.1245.x01_2011_12_09_10_21.exe\apisetschema.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\urlmon.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\wininet.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\iertutil.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\WmiPrvSE.exe
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\wmiprov.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\wbemsvc.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\wmiutils.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\wbem\WmiPrvSE.exe
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\ncobjapi.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\wbem\wmiprov.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\wbem\wbemsvc.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\ntdsapi.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\wbem\wmiutils.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\fastprox.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\ncobjapi.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\wbemcomn.dll
12/8/2011 10:47:36 PM OK C:\Windows\System32\ntdsapi.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\ntmarta.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\rsaenh.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\cryptsp.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\cryptbase.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\RpcRtRemote.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\KernelBase.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\usp10.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\imm32.dll
12/8/2011 10:47:36 PM OK WmiPrvSE.exe\ws2_32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\advapi32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\msvcrt.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\oleaut32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\clbcatq.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\gdi32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\user32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\Wldap32.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\wbemcomn.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\lpk.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\rpcrt4.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\msctf.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\kernel32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\ole32.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\ntdll.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\sechost.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\nsi.dll
12/8/2011 10:47:37 PM OK WmiPrvSE.exe\apisetschema.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\wbem\fastprox.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\RpcRtRemote.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\nsi.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\ws2_32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\TrustedInstaller.exe
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\wcp.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\dbghelp.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\CbsApi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\sqmapi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\sxsstore.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\wrpint.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\spp.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\srclient.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\DrUpdate.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\dpx.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\CbsCore.dll
12/8/2011 10:47:37 PM OK C:\Windows\servicing\TrustedInstaller.exe
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\wdscore.dll
12/8/2011 10:47:37 PM OK C:\Windows\servicing\CbsApi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\vsstrace.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\vssapi.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\dbghelp.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\mpr.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\sqmapi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\ktmw32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\atl.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\version.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\userenv.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\rsaenh.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\cryptsp.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\cryptbase.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\RpcRtRemote.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\profapi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\msasn1.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\cfgmgr32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\wintrust.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\devobj.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\crypt32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\KernelBase.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\usp10.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\imm32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\advapi32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\msvcrt.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\oleaut32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\clbcatq.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\gdi32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\user32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\lpk.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\rpcrt4.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\setupapi.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\msctf.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\kernel32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\ole32.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\ntdll.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\sechost.dll
12/8/2011 10:47:37 PM OK TrustedInstaller.exe\apisetschema.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\sxsstore.dll
12/8/2011 10:47:37 PM OK C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll
12/8/2011 10:47:37 PM OK C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\spp.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\srclient.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\dpx.dll
12/8/2011 10:47:37 PM OK C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\wdscore.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\vsstrace.dll
12/8/2011 10:47:37 PM OK C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\mpr.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\vssapi.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\atl.dll
12/8/2011 10:47:37 PM OK C:\Windows\System32\ktmw32.dll
12/8/2011 10:47:37 PM OK explorer.exe\explorer.exe
12/8/2011 10:47:37 PM OK explorer.exe\7z.dll
12/8/2011 10:47:37 PM OK explorer.exe\WASHELL.DLL
12/8/2011 10:47:38 PM OK explorer.exe\ieframe.dll
12/8/2011 10:47:38 PM OK explorer.exe\PortableDeviceApi.dll
12/8/2011 10:47:38 PM OK explorer.exe\winmm.dll
12/8/2011 10:47:38 PM OK explorer.exe\IconCodecService.dll
12/8/2011 10:47:38 PM OK explorer.exe\ntshrui.dll
12/8/2011 10:47:38 PM OK explorer.exe\cscapi.dll
12/8/2011 10:47:38 PM OK explorer.exe\EhStorShell.dll
12/8/2011 10:47:38 PM OK explorer.exe\EhStorAPI.dll
12/8/2011 10:47:38 PM OK explorer.exe\davclnt.dll
12/8/2011 10:47:38 PM OK explorer.exe\StructuredQuery.dll
12/8/2011 10:47:38 PM OK explorer.exe\ntlanman.dll
12/8/2011 10:47:38 PM OK explorer.exe\drprov.dll
12/8/2011 10:47:38 PM OK explorer.exe\ieproxy.dll
12/8/2011 10:47:38 PM OK explorer.exe\thumbcache.dll
12/8/2011 10:47:38 PM OK explorer.exe\networkexplorer.dll
12/8/2011 10:47:38 PM OK C:\Program Files\WinArchiver\7z.dll
12/8/2011 10:47:38 PM OK explorer.exe\davhlpr.dll
12/8/2011 10:47:38 PM OK explorer.exe\shdocvw.dll
12/8/2011 10:47:38 PM OK explorer.exe\linkinfo.dll
12/8/2011 10:47:38 PM OK explorer.exe\msls31.dll
12/8/2011 10:47:38 PM OK C:\Program Files\WinArchiver\WASHELL.DLL
12/8/2011 10:47:38 PM OK C:\Program Files\WinArchiver\WASHELL.DLL
12/8/2011 10:47:38 PM OK explorer.exe\msftedit.dll
12/8/2011 10:47:38 PM OK explorer.exe\actxprxy.dll
12/8/2011 10:47:38 PM OK explorer.exe\ExplorerFrame.dll
12/8/2011 10:47:38 PM OK explorer.exe\mpr.dll
12/8/2011 10:47:38 PM OK explorer.exe\oleacc.dll
12/8/2011 10:47:38 PM OK explorer.exe\slc.dll
12/8/2011 10:47:38 PM OK explorer.exe\winspool.drv
12/8/2011 10:47:38 PM OK C:\Windows\System32\PortableDeviceApi.dll
12/8/2011 10:47:38 PM OK explorer.exe\samcli.dll
12/8/2011 10:47:38 PM OK explorer.exe\wkscli.dll
12/8/2011 10:47:38 PM OK explorer.exe\netutils.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\winmm.dll
12/8/2011 10:47:38 PM OK explorer.exe\WindowsCodecs.dll
12/8/2011 10:47:38 PM OK explorer.exe\ntmarta.dll
12/8/2011 10:47:38 PM OK explorer.exe\powrprof.dll
12/8/2011 10:47:38 PM OK C:\Windows\explorer.exe
12/8/2011 10:47:38 PM OK C:\Windows\System32\IconCodecService.dll
12/8/2011 10:47:38 PM OK explorer.exe\xmllite.dll
12/8/2011 10:47:38 PM OK explorer.exe\dwmapi.dll
12/8/2011 10:47:38 PM OK explorer.exe\duser.dll
12/8/2011 10:47:38 PM OK explorer.exe\dui70.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\EhStorShell.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\EhStorAPI.dll
12/8/2011 10:47:38 PM OK explorer.exe\GdiPlus.dll
12/8/2011 10:47:38 PM OK explorer.exe\uxtheme.dll
12/8/2011 10:47:38 PM OK explorer.exe\propsys.dll
12/8/2011 10:47:38 PM OK explorer.exe\samlib.dll
12/8/2011 10:47:38 PM OK explorer.exe\comctl32.dll
12/8/2011 10:47:38 PM OK explorer.exe\version.dll
12/8/2011 10:47:38 PM OK explorer.exe\rsaenh.dll
12/8/2011 10:47:38 PM OK explorer.exe\cryptsp.dll
12/8/2011 10:47:38 PM OK explorer.exe\srvcli.dll
12/8/2011 10:47:38 PM OK explorer.exe\secur32.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\StructuredQuery.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\davclnt.dll
12/8/2011 10:47:38 PM OK explorer.exe\sspicli.dll
12/8/2011 10:47:38 PM OK explorer.exe\apphelp.dll
12/8/2011 10:47:38 PM OK explorer.exe\cryptbase.dll
12/8/2011 10:47:38 PM OK explorer.exe\sxs.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\ntlanman.dll
12/8/2011 10:47:38 PM OK explorer.exe\winsta.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\drprov.dll
12/8/2011 10:47:38 PM OK C:\Program Files\Internet Explorer\ieproxy.dll
12/8/2011 10:47:38 PM OK explorer.exe\RpcRtRemote.dll
12/8/2011 10:47:38 PM OK explorer.exe\profapi.dll
12/8/2011 10:47:38 PM OK explorer.exe\msasn1.dll
12/8/2011 10:47:38 PM OK explorer.exe\cfgmgr32.dll
12/8/2011 10:47:38 PM OK explorer.exe\wintrust.dll
12/8/2011 10:47:38 PM OK explorer.exe\devobj.dll
12/8/2011 10:47:38 PM OK explorer.exe\crypt32.dll
12/8/2011 10:47:38 PM OK explorer.exe\KernelBase.dll
12/8/2011 10:47:38 PM OK explorer.exe\usp10.dll
12/8/2011 10:47:38 PM OK explorer.exe\imm32.dll
12/8/2011 10:47:38 PM OK explorer.exe\advapi32.dll
12/8/2011 10:47:38 PM OK explorer.exe\msvcrt.dll
12/8/2011 10:47:38 PM OK explorer.exe\oleaut32.dll
12/8/2011 10:47:38 PM OK explorer.exe\clbcatq.dll
12/8/2011 10:47:38 PM OK explorer.exe\gdi32.dll
12/8/2011 10:47:38 PM OK explorer.exe\user32.dll
12/8/2011 10:47:38 PM OK explorer.exe\Wldap32.dll
12/8/2011 10:47:38 PM OK explorer.exe\psapi.dll
12/8/2011 10:47:38 PM OK explorer.exe\shell32.dll
12/8/2011 10:47:38 PM OK explorer.exe\lpk.dll
12/8/2011 10:47:38 PM OK explorer.exe\rpcrt4.dll
12/8/2011 10:47:38 PM OK explorer.exe\urlmon.dll
12/8/2011 10:47:38 PM OK explorer.exe\setupapi.dll
12/8/2011 10:47:38 PM OK explorer.exe\msctf.dll
12/8/2011 10:47:38 PM OK explorer.exe\kernel32.dll
12/8/2011 10:47:38 PM OK explorer.exe\ole32.dll
12/8/2011 10:47:38 PM OK explorer.exe\wininet.dll
12/8/2011 10:47:38 PM OK explorer.exe\iertutil.dll
12/8/2011 10:47:38 PM OK explorer.exe\ntdll.dll
12/8/2011 10:47:38 PM OK explorer.exe\sechost.dll
12/8/2011 10:47:38 PM OK explorer.exe\shlwapi.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\thumbcache.dll
12/8/2011 10:47:38 PM OK explorer.exe\apisetschema.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\davhlpr.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\msls31.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\msftedit.dll
12/8/2011 10:47:38 PM OK C:\Windows\System32\networkexplorer.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\actxprxy.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\oleacc.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\winspool.drv
12/8/2011 10:47:39 PM OK C:\Windows\System32\samcli.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\wkscli.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\ExplorerFrame.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\ieframe.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\netutils.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\powrprof.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\xmllite.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\duser.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\samlib.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\secur32.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\sxs.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\dui70.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\winsta.dll
12/8/2011 10:47:39 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:39 PM OK svchost.exe\mpengine.dll
12/8/2011 10:47:39 PM OK svchost.exe\offreg.dll
12/8/2011 10:47:39 PM OK svchost.exe\tdh.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\svchost.exe
12/8/2011 10:47:39 PM OK svchost.exe\MpRTP.dll
12/8/2011 10:47:39 PM OK svchost.exe\MpClient.dll
12/8/2011 10:47:39 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\offreg.dll
12/8/2011 10:47:39 PM OK svchost.exe\sfc_os.dll
12/8/2011 10:47:39 PM OK svchost.exe\sfc.dll
12/8/2011 10:47:39 PM OK svchost.exe\wscapi.dll
12/8/2011 10:47:39 PM OK C:\Program Files\Windows Defender\MpRTP.dll
12/8/2011 10:47:39 PM OK svchost.exe\MpSvc.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\tdh.dll
12/8/2011 10:47:39 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:39 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:39 PM OK svchost.exe\xmllite.dll
12/8/2011 10:47:39 PM OK svchost.exe\version.dll
12/8/2011 10:47:39 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:39 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:39 PM OK svchost.exe\bcryptprimitives.dll
12/8/2011 10:47:39 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:39 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:39 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:39 PM OK C:\Program Files\Windows Defender\MpClient.dll
12/8/2011 10:47:39 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:39 PM OK svchost.exe\bcrypt.dll
12/8/2011 10:47:39 PM OK svchost.exe\ncrypt.dll
12/8/2011 10:47:39 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:39 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:39 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:39 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:39 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:39 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:39 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:39 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:39 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:39 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:39 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:39 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:39 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:39 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:39 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:39 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:39 PM OK svchost.exe\user32.dll
12/8/2011 10:47:39 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:39 PM OK svchost.exe\psapi.dll
12/8/2011 10:47:39 PM OK svchost.exe\shell32.dll
12/8/2011 10:47:39 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:39 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:39 PM OK svchost.exe\urlmon.dll
12/8/2011 10:47:39 PM OK svchost.exe\imagehlp.dll
12/8/2011 10:47:39 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:39 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:39 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:39 PM OK svchost.exe\wininet.dll
12/8/2011 10:47:39 PM OK svchost.exe\iertutil.dll
12/8/2011 10:47:39 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:39 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:39 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:39 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:39 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\sfc_os.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\sfc.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\wscapi.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\wtsapi32.dll
12/8/2011 10:47:39 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0000.res
12/8/2011 10:47:39 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0001.res
12/8/2011 10:47:39 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0002.res
12/8/2011 10:47:39 PM OK C:\Program Files\Windows Defender\MpSvc.dll
12/8/2011 10:47:39 PM OK C:\Windows\System32\credssp.dll
12/8/2011 10:47:40 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0000.res Object was not changed (iChecker)
12/8/2011 10:47:40 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0001.res Object was not changed (iChecker)
12/8/2011 10:47:40 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll/data0002.res Object was not changed (iChecker)
12/8/2011 10:47:40 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll
12/8/2011 10:47:40 PM OK C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA29489D-E39C-4047-87FD-9FA0399D64BE}\mpengine.dll
12/8/2011 10:47:40 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:40 PM OK svchost.exe\PortableDeviceApi.dll
12/8/2011 10:47:40 PM OK svchost.exe\fdPnp.dll
12/8/2011 10:47:40 PM OK svchost.exe\fundisc.dll
12/8/2011 10:47:40 PM OK svchost.exe\wsdchngr.dll
12/8/2011 10:47:40 PM OK svchost.exe\wiatrace.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\fdPnp.dll
12/8/2011 10:47:40 PM OK svchost.exe\wiaservc.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\fundisc.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\wsdchngr.dll
12/8/2011 10:47:40 PM OK svchost.exe\msxml6.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\wiatrace.dll
12/8/2011 10:47:40 PM OK svchost.exe\atl.dll
12/8/2011 10:47:40 PM OK svchost.exe\version.dll
12/8/2011 10:47:40 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:40 PM OK svchost.exe\msv1_0.dll
12/8/2011 10:47:40 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:40 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:40 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:40 PM OK svchost.exe\cryptdll.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\wiaservc.dll
12/8/2011 10:47:40 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:40 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:40 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:40 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:40 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:40 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:40 PM OK svchost.exe\devobj.dll
12/8/2011 10:47:40 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:40 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:40 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:40 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:40 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:40 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:40 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:40 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:40 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:40 PM OK svchost.exe\user32.dll
12/8/2011 10:47:40 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:40 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:40 PM OK svchost.exe\setupapi.dll
12/8/2011 10:47:40 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:40 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:40 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:40 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:40 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:40 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:40 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\msv1_0.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\cryptdll.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\msxml6.dll
12/8/2011 10:47:40 PM OK taskhost.exe\taskhost.exe
12/8/2011 10:47:40 PM OK taskhost.exe\npmproxy.dll
12/8/2011 10:47:40 PM OK taskhost.exe\netprofm.dll
12/8/2011 10:47:40 PM OK taskhost.exe\dimsjob.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\taskhost.exe
12/8/2011 10:47:40 PM OK C:\Windows\System32\npmproxy.dll
12/8/2011 10:47:40 PM OK taskhost.exe\winmm.dll
12/8/2011 10:47:40 PM OK taskhost.exe\wdmaud.drv
12/8/2011 10:47:40 PM OK taskhost.exe\midimap.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\netprofm.dll
12/8/2011 10:47:40 PM OK taskhost.exe\msacm32.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\dimsjob.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\wdmaud.drv
12/8/2011 10:47:40 PM OK taskhost.exe\msacm32.drv
12/8/2011 10:47:40 PM OK taskhost.exe\taskschd.dll
12/8/2011 10:47:40 PM OK taskhost.exe\dxva2.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\midimap.dll
12/8/2011 10:47:40 PM OK taskhost.exe\PlaySndSrv.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\msacm32.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\msacm32.drv
12/8/2011 10:47:40 PM OK taskhost.exe\mscms.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\taskschd.dll
12/8/2011 10:47:40 PM OK taskhost.exe\msutb.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\dxva2.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\PlaySndSrv.dll
12/8/2011 10:47:40 PM OK taskhost.exe\MsCtfMonitor.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\mscms.dll
12/8/2011 10:47:40 PM OK taskhost.exe\HotStartUserAgent.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\msutb.dll
12/8/2011 10:47:40 PM OK taskhost.exe\msxml6.dll
12/8/2011 10:47:40 PM OK taskhost.exe\slc.dll
12/8/2011 10:47:40 PM OK taskhost.exe\nlaapi.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\MsCtfMonitor.dll
12/8/2011 10:47:40 PM OK taskhost.exe\AudioSes.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\HotStartUserAgent.dll
12/8/2011 10:47:40 PM OK taskhost.exe\wtsapi32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\ksuser.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\nlaapi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\avrt.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\ksuser.dll
12/8/2011 10:47:40 PM OK taskhost.exe\dwmapi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\MMDevAPI.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\AudioSes.dll
12/8/2011 10:47:40 PM OK taskhost.exe\uxtheme.dll
12/8/2011 10:47:40 PM OK taskhost.exe\propsys.dll
12/8/2011 10:47:40 PM OK taskhost.exe\userenv.dll
12/8/2011 10:47:40 PM OK taskhost.exe\rsaenh.dll
12/8/2011 10:47:40 PM OK taskhost.exe\cryptsp.dll
12/8/2011 10:47:40 PM OK taskhost.exe\sspicli.dll
12/8/2011 10:47:40 PM OK taskhost.exe\cryptbase.dll
12/8/2011 10:47:40 PM OK taskhost.exe\winsta.dll
12/8/2011 10:47:40 PM OK taskhost.exe\RpcRtRemote.dll
12/8/2011 10:47:40 PM OK taskhost.exe\profapi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\cfgmgr32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\devobj.dll
12/8/2011 10:47:40 PM OK taskhost.exe\KernelBase.dll
12/8/2011 10:47:40 PM OK taskhost.exe\usp10.dll
12/8/2011 10:47:40 PM OK taskhost.exe\imm32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\advapi32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\msvcrt.dll
12/8/2011 10:47:40 PM OK taskhost.exe\oleaut32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\clbcatq.dll
12/8/2011 10:47:40 PM OK taskhost.exe\gdi32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\user32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\lpk.dll
12/8/2011 10:47:40 PM OK taskhost.exe\rpcrt4.dll
12/8/2011 10:47:40 PM OK taskhost.exe\setupapi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\msctf.dll
12/8/2011 10:47:40 PM OK taskhost.exe\kernel32.dll
12/8/2011 10:47:40 PM OK taskhost.exe\ole32.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\avrt.dll
12/8/2011 10:47:40 PM OK C:\Windows\System32\MMDevAPI.dll
12/8/2011 10:47:40 PM OK taskhost.exe\ntdll.dll
12/8/2011 10:47:40 PM OK taskhost.exe\sechost.dll
12/8/2011 10:47:40 PM OK taskhost.exe\nsi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\shlwapi.dll
12/8/2011 10:47:40 PM OK taskhost.exe\apisetschema.dll
12/8/2011 10:47:41 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:41 PM OK svchost.exe\npmproxy.dll
12/8/2011 10:47:41 PM OK svchost.exe\netprofm.dll
12/8/2011 10:47:41 PM OK svchost.exe\diagperf.dll
12/8/2011 10:47:41 PM OK svchost.exe\wdiasqmmodule.dll
12/8/2011 10:47:41 PM OK svchost.exe\radardt.dll
12/8/2011 10:47:41 PM OK svchost.exe\pnpts.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\wdiasqmmodule.dll
12/8/2011 10:47:41 PM OK svchost.exe\taskschd.dll
12/8/2011 10:47:41 PM OK svchost.exe\wfapigp.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\diagperf.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\radardt.dll
12/8/2011 10:47:41 PM OK svchost.exe\wshqos.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\pnpts.dll
12/8/2011 10:47:41 PM OK svchost.exe\wdi.dll
12/8/2011 10:47:41 PM OK svchost.exe\MPSSVC.dll
12/8/2011 10:47:41 PM OK svchost.exe\dps.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\wshqos.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\wfapigp.dll
12/8/2011 10:47:41 PM OK svchost.exe\BFE.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\wdi.dll
12/8/2011 10:47:41 PM OK svchost.exe\dhcpcsvc.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\dps.dll
12/8/2011 10:47:41 PM OK svchost.exe\dhcpcsvc6.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\BFE.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\MPSSVC.dll
12/8/2011 10:47:41 PM OK svchost.exe\FWPUCLNT.DLL
12/8/2011 10:47:41 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\dhcpcsvc.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\dhcpcsvc6.dll
12/8/2011 10:47:41 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\FWPUCLNT.DLL
12/8/2011 10:47:41 PM OK svchost.exe\slc.dll
12/8/2011 10:47:41 PM OK svchost.exe\nlaapi.dll
12/8/2011 10:47:41 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:41 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:41 PM OK svchost.exe\version.dll
12/8/2011 10:47:41 PM OK svchost.exe\FirewallAPI.dll
12/8/2011 10:47:41 PM OK svchost.exe\WSHTCPIP.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\winnsi.dll
12/8/2011 10:47:41 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:41 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:41 PM OK svchost.exe\pcwum.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\IPHLPAPI.DLL
12/8/2011 10:47:41 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:41 PM OK svchost.exe\wship6.dll
12/8/2011 10:47:41 PM OK svchost.exe\mswsock.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\WSHTCPIP.DLL
12/8/2011 10:47:41 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:41 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:41 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:41 PM OK svchost.exe\bcrypt.dll
12/8/2011 10:47:41 PM OK svchost.exe\authz.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\FirewallAPI.dll
12/8/2011 10:47:41 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:41 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:41 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:41 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:41 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:41 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:41 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:41 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:41 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:41 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:41 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:41 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:41 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:41 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:41 PM OK svchost.exe\user32.dll
12/8/2011 10:47:41 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:41 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:41 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:41 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:41 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:41 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:41 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:41 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:41 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:41 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:41 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\wship6.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\pcwum.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\mswsock.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\authz.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\spoolsv.exe
12/8/2011 10:47:41 PM OK spoolsv.exe\pdfcmnnt.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\win32spl.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\webservices.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\spoolsv.exe
12/8/2011 10:47:41 PM OK spoolsv.exe\WSDApi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\localspl.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\pdfcmnnt.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\winprint.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\WSDMon.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\tcpmon.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\WSDApi.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\webservices.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\WlS0WndH.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\win32spl.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\usbmon.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\rasadhlp.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\WLIDNSP.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\WSDMon.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\tcpmon.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\WlS0WndH.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\wsnmp32.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\rasadhlp.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\localspl.dll
12/8/2011 10:47:41 PM OK C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
12/8/2011 10:47:41 PM OK C:\Windows\System32\usbmon.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\snmpapi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\PrintIsolationProxy.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\snmpapi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\fdPnp.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\fundisc.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\cscapi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\spoolss.dll
12/8/2011 10:47:41 PM OK C:\Windows\System32\wsnmp32.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\comctl32.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\msxml6.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\FWPUCLNT.DLL
12/8/2011 10:47:41 PM OK spoolsv.exe\umb.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\winnsi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\IPHLPAPI.DLL
12/8/2011 10:47:41 PM OK spoolsv.exe\slc.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\dsrole.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\atl.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\winspool.drv
12/8/2011 10:47:41 PM OK spoolsv.exe\netutils.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\powrprof.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\version.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\FirewallAPI.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\WSHTCPIP.DLL
12/8/2011 10:47:41 PM OK spoolsv.exe\gpapi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\userenv.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\SPInf.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\rsaenh.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\dnsapi.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\wship6.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\mswsock.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\cryptsp.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\devrtl.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\credssp.dll
12/8/2011 10:47:41 PM OK spoolsv.exe\srvcli.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\secur32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\sspicli.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\cryptbase.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\winsta.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\RpcRtRemote.dll
12/8/2011 10:47:42 PM OK C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\profapi.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\msasn1.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\cfgmgr32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\wintrust.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\devobj.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\crypt32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\KernelBase.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\usp10.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\imm32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\ws2_32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\advapi32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\msvcrt.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\oleaut32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\clbcatq.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\gdi32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\user32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\psapi.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\shell32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\lpk.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\rpcrt4.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\setupapi.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\comdlg32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\msctf.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\kernel32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\ole32.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\ntdll.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\sechost.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\nsi.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\shlwapi.dll
12/8/2011 10:47:42 PM OK spoolsv.exe\apisetschema.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\PrintIsolationProxy.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\spoolss.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\dnsapi.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\umb.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\dsrole.dll
12/8/2011 10:47:42 PM OK explorer.exe\explorer.exe
12/8/2011 10:47:42 PM OK explorer.exe\TeraCopy.dll
12/8/2011 10:47:42 PM OK explorer.exe\misosh.dll
12/8/2011 10:47:42 PM OK C:\Program Files\TeraCopy\TeraCopy.dll
12/8/2011 10:47:42 PM OK explorer.exe\IZArcCM.dll
12/8/2011 10:47:42 PM Packed: UPX C:\Program Files\MagicISO\misosh.dll
12/8/2011 10:47:42 PM OK C:\Program Files\MagicISO\misosh.dll/UPX
12/8/2011 10:47:42 PM OK C:\Program Files\MagicISO\misosh.dll
12/8/2011 10:47:42 PM OK explorer.exe\TeraCopyExt.dll
12/8/2011 10:47:42 PM OK explorer.exe\7z.dll
12/8/2011 10:47:42 PM OK explorer.exe\WASHELL.DLL Object was not changed (iChecker)
12/8/2011 10:47:42 PM OK explorer.exe\fzshellext.dll
12/8/2011 10:47:42 PM OK explorer.exe\hcproviders.dll
12/8/2011 10:47:42 PM OK explorer.exe\wercplsupport.dll
12/8/2011 10:47:42 PM OK explorer.exe\framedynos.dll
12/8/2011 10:47:42 PM OK explorer.exe\werconcpl.dll
12/8/2011 10:47:42 PM OK C:\Program Files\FileZilla FTP Client\fzshellext.dll
12/8/2011 10:47:42 PM OK explorer.exe\wscui.cpl
12/8/2011 10:47:42 PM OK explorer.exe\mfc90u.dll
12/8/2011 10:47:42 PM OK C:\Program Files\TeraCopy\TeraCopyExt.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\hcproviders.dll
12/8/2011 10:47:42 PM OK explorer.exe\ieframe.dll
12/8/2011 10:47:42 PM OK explorer.exe\npmproxy.dll
12/8/2011 10:47:42 PM OK explorer.exe\netprofm.dll
12/8/2011 10:47:42 PM OK explorer.exe\wer.dll
12/8/2011 10:47:42 PM OK explorer.exe\syncui.dll
12/8/2011 10:47:42 PM OK explorer.exe\msvcp90.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\wercplsupport.dll
12/8/2011 10:47:42 PM OK C:\Program Files\izarc\izarccm.dll
12/8/2011 10:47:42 PM OK explorer.exe\wscinterop.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\framedynos.dll
12/8/2011 10:47:42 PM OK explorer.exe\sfc_os.dll
12/8/2011 10:47:42 PM OK explorer.exe\sfc.dll
12/8/2011 10:47:42 PM OK explorer.exe\PortableDeviceApi.dll
12/8/2011 10:47:42 PM OK explorer.exe\DefragglerShell.dll
12/8/2011 10:47:42 PM OK explorer.exe\twext.dll
12/8/2011 10:47:42 PM OK explorer.exe\winmm.dll
12/8/2011 10:47:42 PM OK explorer.exe\IconCodecService.dll
12/8/2011 10:47:42 PM OK explorer.exe\ntshrui.dll
12/8/2011 10:47:42 PM OK explorer.exe\cscapi.dll
12/8/2011 10:47:42 PM OK explorer.exe\cscdll.dll
12/8/2011 10:47:42 PM OK explorer.exe\cscui.dll
12/8/2011 10:47:42 PM OK explorer.exe\EhStorShell.dll
12/8/2011 10:47:42 PM OK explorer.exe\msvcr90.dll
12/8/2011 10:47:42 PM OK explorer.exe\gameux.dll
12/8/2011 10:47:42 PM OK explorer.exe\EhStorAPI.dll
12/8/2011 10:47:42 PM OK explorer.exe\synceng.dll
12/8/2011 10:47:42 PM OK explorer.exe\ieproxy.dll
12/8/2011 10:47:42 PM OK explorer.exe\thumbcache.dll
12/8/2011 10:47:42 PM OK explorer.exe\mbamext.dll
12/8/2011 10:47:42 PM OK explorer.exe\ATL90.dll
12/8/2011 10:47:42 PM OK explorer.exe\ERASER~2.DLL
12/8/2011 10:47:42 PM OK explorer.exe\wdmaud.drv
12/8/2011 10:47:42 PM OK explorer.exe\RarExt.dll
12/8/2011 10:47:42 PM OK explorer.exe\zipfldr.dll
12/8/2011 10:47:42 PM OK explorer.exe\wscapi.dll
12/8/2011 10:47:42 PM OK explorer.exe\midimap.dll
12/8/2011 10:47:42 PM OK explorer.exe\msacm32.dll
12/8/2011 10:47:42 PM OK explorer.exe\acppage.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\werconcpl.dll
12/8/2011 10:47:42 PM OK explorer.exe\olepro32.dll
12/8/2011 10:47:42 PM OK explorer.exe\msacm32.drv
12/8/2011 10:47:42 PM OK explorer.exe\networkexplorer.dll
12/8/2011 10:47:42 PM OK explorer.exe\msimg32.dll
12/8/2011 10:47:42 PM OK explorer.exe\shdocvw.dll
12/8/2011 10:47:42 PM OK explorer.exe\linkinfo.dll
12/8/2011 10:47:42 PM OK explorer.exe\msls31.dll
12/8/2011 10:47:42 PM OK explorer.exe\msftedit.dll
12/8/2011 10:47:42 PM OK explorer.exe\actxprxy.dll
12/8/2011 10:47:42 PM OK explorer.exe\es.dll
12/8/2011 10:47:42 PM OK explorer.exe\timedate.cpl
12/8/2011 10:47:42 PM OK explorer.exe\ExplorerFrame.dll
12/8/2011 10:47:42 PM OK explorer.exe\mpr.dll
12/8/2011 10:47:42 PM OK explorer.exe\msxml6.dll
12/8/2011 10:47:42 PM OK explorer.exe\dhcpcsvc.dll
12/8/2011 10:47:42 PM OK explorer.exe\dhcpcsvc6.dll
12/8/2011 10:47:42 PM OK explorer.exe\winnsi.dll
12/8/2011 10:47:42 PM OK explorer.exe\IPHLPAPI.DLL
12/8/2011 10:47:42 PM OK explorer.exe\provsvc.dll
12/8/2011 10:47:42 PM OK C:\Windows\System32\wer.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\syncui.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\wscui.cpl
12/8/2011 10:47:43 PM OK explorer.exe\hgcpl.dll
12/8/2011 10:47:43 PM OK explorer.exe\oleacc.dll
12/8/2011 10:47:43 PM OK explorer.exe\bthprops.cpl
12/8/2011 10:47:43 PM OK explorer.exe\imapi2.dll
12/8/2011 10:47:43 PM OK explorer.exe\ActionCenter.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\wscinterop.dll
12/8/2011 10:47:43 PM OK explorer.exe\QAGENT.DLL
12/8/2011 10:47:43 PM OK C:\Program Files\Defraggler\DefragglerShell.dll
12/8/2011 10:47:43 PM OK explorer.exe\WWanAPI.dll
12/8/2011 10:47:43 PM OK explorer.exe\srchadmin.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\twext.dll
12/8/2011 10:47:43 PM OK explorer.exe\wlanapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\QUTIL.DLL
12/8/2011 10:47:43 PM OK explorer.exe\pnidui.dll
12/8/2011 10:47:43 PM OK explorer.exe\netshell.dll
12/8/2011 10:47:43 PM OK explorer.exe\DXP.dll
12/8/2011 10:47:43 PM OK C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
12/8/2011 10:47:43 PM OK explorer.exe\SyncCenter.dll
12/8/2011 10:47:43 PM OK explorer.exe\msi.dll
12/8/2011 10:47:43 PM OK explorer.exe\slc.dll
12/8/2011 10:47:43 PM OK explorer.exe\atl.dll
12/8/2011 10:47:43 PM OK explorer.exe\nlaapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\AudioSes.dll
12/8/2011 10:47:43 PM OK explorer.exe\MFC90ENU.DLL
12/8/2011 10:47:43 PM OK C:\Windows\System32\cscdll.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\cscui.dll
12/8/2011 10:47:43 PM OK explorer.exe\batmeter.dll
12/8/2011 10:47:43 PM OK explorer.exe\PortableDeviceTypes.dll
12/8/2011 10:47:43 PM OK explorer.exe\stobject.dll
12/8/2011 10:47:43 PM OK explorer.exe\wlanutil.dll
12/8/2011 10:47:43 PM OK explorer.exe\WPDShServiceObj.dll
12/8/2011 10:47:43 PM OK C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
12/8/2011 10:47:43 PM OK explorer.exe\winspool.drv
12/8/2011 10:47:43 PM OK explorer.exe\samcli.dll
12/8/2011 10:47:43 PM OK explorer.exe\wkscli.dll
12/8/2011 10:47:43 PM OK explorer.exe\netutils.dll
12/8/2011 10:47:43 PM OK explorer.exe\wwapi.dll
12/8/2011 10:47:43 PM OK C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
12/8/2011 10:47:43 PM OK explorer.exe\prnfldr.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\synceng.dll
12/8/2011 10:47:43 PM OK explorer.exe\wtsapi32.dll
12/8/2011 10:47:43 PM OK explorer.exe\AltTab.dll
12/8/2011 10:47:43 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
12/8/2011 10:47:43 PM OK explorer.exe\ehSSO.dll
12/8/2011 10:47:43 PM OK explorer.exe\Syncreg.dll
12/8/2011 10:47:43 PM OK C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
12/8/2011 10:47:43 PM OK C:\Program Files\eraser\eraser.shell.dll
12/8/2011 10:47:43 PM OK explorer.exe\ksuser.dll
12/8/2011 10:47:43 PM OK explorer.exe\msiltcfg.dll
12/8/2011 10:47:43 PM OK explorer.exe\avrt.dll
12/8/2011 10:47:43 PM OK explorer.exe\WindowsCodecs.dll
12/8/2011 10:47:43 PM OK explorer.exe\ntmarta.dll
12/8/2011 10:47:43 PM OK explorer.exe\powrprof.dll
12/8/2011 10:47:43 PM OK explorer.exe\xmllite.dll
12/8/2011 10:47:43 PM OK explorer.exe\dwmapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\MMDevAPI.dll
12/8/2011 10:47:43 PM OK explorer.exe\hid.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\zipfldr.dll
12/8/2011 10:47:43 PM OK explorer.exe\SndVolSSO.dll
12/8/2011 10:47:43 PM OK explorer.exe\duser.dll
12/8/2011 10:47:43 PM OK explorer.exe\dui70.dll
12/8/2011 10:47:43 PM OK explorer.exe\GdiPlus.dll
12/8/2011 10:47:43 PM OK explorer.exe\uxtheme.dll
12/8/2011 10:47:43 PM OK explorer.exe\propsys.dll
12/8/2011 10:47:43 PM OK explorer.exe\samlib.dll
12/8/2011 10:47:43 PM OK explorer.exe\shacct.dll
12/8/2011 10:47:43 PM OK explorer.exe\comctl32.dll
12/8/2011 10:47:43 PM OK explorer.exe\cryptui.dll
12/8/2011 10:47:43 PM OK C:\Program Files\WinRAR\RarExt.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\acppage.dll
12/8/2011 10:47:43 PM OK explorer.exe\authui.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\olepro32.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\gameux.dll
12/8/2011 10:47:43 PM OK explorer.exe\version.dll
12/8/2011 10:47:43 PM OK explorer.exe\userenv.dll
12/8/2011 10:47:43 PM OK explorer.exe\rsaenh.dll
12/8/2011 10:47:43 PM OK explorer.exe\cryptsp.dll
12/8/2011 10:47:43 PM OK explorer.exe\netjoin.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\es.dll
12/8/2011 10:47:43 PM OK explorer.exe\devrtl.dll
12/8/2011 10:47:43 PM OK explorer.exe\srvcli.dll
12/8/2011 10:47:43 PM OK explorer.exe\secur32.dll
12/8/2011 10:47:43 PM OK explorer.exe\wevtapi.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\timedate.cpl
12/8/2011 10:47:43 PM OK explorer.exe\sspicli.dll
12/8/2011 10:47:43 PM OK explorer.exe\apphelp.dll
12/8/2011 10:47:43 PM OK explorer.exe\cryptbase.dll
12/8/2011 10:47:43 PM OK explorer.exe\sxs.dll
12/8/2011 10:47:43 PM OK explorer.exe\winsta.dll
12/8/2011 10:47:43 PM OK explorer.exe\RpcRtRemote.dll
12/8/2011 10:47:43 PM OK explorer.exe\profapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\msasn1.dll
12/8/2011 10:47:43 PM OK explorer.exe\cfgmgr32.dll
12/8/2011 10:47:43 PM OK explorer.exe\wintrust.dll
12/8/2011 10:47:43 PM OK explorer.exe\devobj.dll
12/8/2011 10:47:43 PM OK explorer.exe\crypt32.dll
12/8/2011 10:47:43 PM OK explorer.exe\KernelBase.dll
12/8/2011 10:47:43 PM OK explorer.exe\usp10.dll
12/8/2011 10:47:43 PM OK explorer.exe\imm32.dll
12/8/2011 10:47:43 PM OK explorer.exe\ws2_32.dll
12/8/2011 10:47:43 PM OK explorer.exe\advapi32.dll
12/8/2011 10:47:43 PM OK explorer.exe\msvcrt.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\msimg32.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\provsvc.dll
12/8/2011 10:47:43 PM OK explorer.exe\oleaut32.dll
12/8/2011 10:47:43 PM OK explorer.exe\clbcatq.dll
12/8/2011 10:47:43 PM OK explorer.exe\gdi32.dll
12/8/2011 10:47:43 PM OK explorer.exe\user32.dll
12/8/2011 10:47:43 PM OK explorer.exe\Wldap32.dll
12/8/2011 10:47:43 PM OK explorer.exe\psapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\shell32.dll
12/8/2011 10:47:43 PM OK explorer.exe\lpk.dll
12/8/2011 10:47:43 PM OK explorer.exe\rpcrt4.dll
12/8/2011 10:47:43 PM OK explorer.exe\urlmon.dll
12/8/2011 10:47:43 PM OK explorer.exe\setupapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\msctf.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\bthprops.cpl
12/8/2011 10:47:43 PM OK C:\Windows\System32\imapi2.dll
12/8/2011 10:47:43 PM OK explorer.exe\kernel32.dll
12/8/2011 10:47:43 PM OK explorer.exe\ole32.dll
12/8/2011 10:47:43 PM OK explorer.exe\wininet.dll
12/8/2011 10:47:43 PM OK explorer.exe\iertutil.dll
12/8/2011 10:47:43 PM OK explorer.exe\ntdll.dll
12/8/2011 10:47:43 PM OK explorer.exe\sechost.dll
12/8/2011 10:47:43 PM OK explorer.exe\nsi.dll
12/8/2011 10:47:43 PM OK explorer.exe\shlwapi.dll
12/8/2011 10:47:43 PM OK explorer.exe\apisetschema.dll
12/8/2011 10:47:43 PM OK C:\Windows\System32\hgcpl.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\QAGENT.DLL
12/8/2011 10:47:44 PM OK C:\Windows\System32\WWanAPI.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\ActionCenter.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\wlanapi.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\QUTIL.DLL
12/8/2011 10:47:44 PM OK C:\Windows\System32\srchadmin.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\DXP.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\netshell.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\msi.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\pnidui.dll
12/8/2011 10:47:44 PM OK C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
12/8/2011 10:47:44 PM OK C:\Windows\System32\PortableDeviceTypes.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\SyncCenter.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\wlanutil.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\stobject.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\WPDShServiceObj.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\batmeter.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\wwapi.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\prnfldr.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\AltTab.dll
12/8/2011 10:47:44 PM OK C:\Windows\ehome\ehSSO.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\msiltcfg.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\Syncreg.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\hid.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\shacct.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\SndVolSSO.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\netjoin.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\wevtapi.dll
12/8/2011 10:47:44 PM OK C:\Windows\System32\cryptui.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\authui.dll
12/8/2011 10:47:45 PM OK dwm.exe\dwm.exe
12/8/2011 10:47:45 PM OK dwm.exe\dxgi.dll
12/8/2011 10:47:45 PM OK dwm.exe\d3d10_1core.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\dwm.exe
12/8/2011 10:47:45 PM OK C:\Windows\System32\dxgi.dll
12/8/2011 10:47:45 PM OK dwm.exe\d3d10_1.dll
12/8/2011 10:47:45 PM OK dwm.exe\dwmcore.dll
12/8/2011 10:47:45 PM OK dwm.exe\dwmredir.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\d3d10_1core.dll
12/8/2011 10:47:45 PM OK dwm.exe\WindowsCodecs.dll
12/8/2011 10:47:45 PM OK dwm.exe\dwmapi.dll
12/8/2011 10:47:45 PM OK dwm.exe\uxtheme.dll
12/8/2011 10:47:45 PM OK dwm.exe\version.dll
12/8/2011 10:47:45 PM OK dwm.exe\msasn1.dll
12/8/2011 10:47:45 PM OK dwm.exe\wintrust.dll
12/8/2011 10:47:45 PM OK dwm.exe\crypt32.dll
12/8/2011 10:47:45 PM OK dwm.exe\KernelBase.dll
12/8/2011 10:47:45 PM OK dwm.exe\usp10.dll
12/8/2011 10:47:45 PM OK dwm.exe\imm32.dll
12/8/2011 10:47:45 PM OK dwm.exe\advapi32.dll
12/8/2011 10:47:45 PM OK dwm.exe\msvcrt.dll
12/8/2011 10:47:45 PM OK dwm.exe\gdi32.dll
12/8/2011 10:47:45 PM OK dwm.exe\user32.dll
12/8/2011 10:47:45 PM OK dwm.exe\psapi.dll
12/8/2011 10:47:45 PM OK dwm.exe\lpk.dll
12/8/2011 10:47:45 PM OK dwm.exe\rpcrt4.dll
12/8/2011 10:47:45 PM OK dwm.exe\msctf.dll
12/8/2011 10:47:45 PM OK dwm.exe\kernel32.dll
12/8/2011 10:47:45 PM OK dwm.exe\ole32.dll
12/8/2011 10:47:45 PM OK dwm.exe\ntdll.dll
12/8/2011 10:47:45 PM OK dwm.exe\sechost.dll
12/8/2011 10:47:45 PM OK dwm.exe\apisetschema.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\d3d10_1.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\dwmredir.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\dwmcore.dll
12/8/2011 10:47:45 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:45 PM OK svchost.exe\cabinet.dll
12/8/2011 10:47:45 PM OK svchost.exe\winrnr.dll
12/8/2011 10:47:45 PM OK svchost.exe\pnrpnsp.dll
12/8/2011 10:47:45 PM OK svchost.exe\NapiNSP.dll
12/8/2011 10:47:45 PM OK svchost.exe\esent.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\winrnr.dll
12/8/2011 10:47:45 PM OK svchost.exe\rasadhlp.dll
12/8/2011 10:47:45 PM OK svchost.exe\WLIDNSP.DLL
12/8/2011 10:47:45 PM OK svchost.exe\vsstrace.dll
12/8/2011 10:47:45 PM OK svchost.exe\vssapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\tapisrv.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\pnrpnsp.dll
12/8/2011 10:47:45 PM OK svchost.exe\ssdpapi.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\NapiNSP.dll
12/8/2011 10:47:45 PM OK svchost.exe\webio.dll
12/8/2011 10:47:45 PM OK svchost.exe\winhttp.dll
12/8/2011 10:47:45 PM OK svchost.exe\ncsi.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\tapisrv.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\ssdpapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\nlasvc.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\webio.dll
12/8/2011 10:47:45 PM OK svchost.exe\es.dll
12/8/2011 10:47:45 PM OK svchost.exe\cryptsvc.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\winhttp.dll
12/8/2011 10:47:45 PM OK svchost.exe\dhcpcsvc.dll
12/8/2011 10:47:45 PM OK svchost.exe\dhcpcsvc6.dll
12/8/2011 10:47:45 PM OK svchost.exe\dnsext.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\ncsi.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\nlasvc.dll
12/8/2011 10:47:45 PM OK svchost.exe\FWPUCLNT.DLL
12/8/2011 10:47:45 PM OK svchost.exe\dnsrslvr.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\cryptsvc.dll
12/8/2011 10:47:45 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:45 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:45 PM OK svchost.exe\atl.dll
12/8/2011 10:47:45 PM OK svchost.exe\nlaapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\rtutils.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\dnsext.dll
12/8/2011 10:47:45 PM OK svchost.exe\samcli.dll
12/8/2011 10:47:45 PM OK svchost.exe\wkscli.dll
12/8/2011 10:47:45 PM OK svchost.exe\netutils.dll
12/8/2011 10:47:45 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:45 PM OK svchost.exe\propsys.dll
12/8/2011 10:47:45 PM OK svchost.exe\samlib.dll
12/8/2011 10:47:45 PM OK svchost.exe\WSHTCPIP.DLL
12/8/2011 10:47:45 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:45 PM OK svchost.exe\bcryptprimitives.dll
12/8/2011 10:47:45 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:45 PM OK svchost.exe\logoncli.dll
12/8/2011 10:47:45 PM OK svchost.exe\dnsapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\wship6.dll
12/8/2011 10:47:45 PM OK svchost.exe\mswsock.dll
12/8/2011 10:47:45 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:45 PM OK svchost.exe\netjoin.dll
12/8/2011 10:47:45 PM OK svchost.exe\devrtl.dll
12/8/2011 10:47:45 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:45 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:45 PM OK svchost.exe\bcrypt.dll
12/8/2011 10:47:45 PM OK svchost.exe\wevtapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:45 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:45 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:45 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:45 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:45 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:45 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:45 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:45 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:45 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:45 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:45 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:45 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:45 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:45 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:45 PM OK svchost.exe\user32.dll
12/8/2011 10:47:45 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:45 PM OK svchost.exe\psapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:45 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:45 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:45 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:45 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:45 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:45 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\dnsrslvr.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\esent.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\logoncli.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\rtutils.dll
12/8/2011 10:47:45 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:45 PM OK svchost.exe\npmproxy.dll
12/8/2011 10:47:45 PM OK svchost.exe\netprofm.dll
12/8/2011 10:47:45 PM OK svchost.exe\aepic.dll
12/8/2011 10:47:45 PM OK svchost.exe\wer.dll
12/8/2011 10:47:45 PM OK svchost.exe\perftrack.dll
12/8/2011 10:47:45 PM OK svchost.exe\sfc_os.dll
12/8/2011 10:47:45 PM OK svchost.exe\sfc.dll
12/8/2011 10:47:45 PM OK svchost.exe\sstpsvc.dll
12/8/2011 10:47:45 PM OK svchost.exe\httpapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\webio.dll
12/8/2011 10:47:45 PM OK svchost.exe\es.dll
12/8/2011 10:47:45 PM OK svchost.exe\wdi.dll
12/8/2011 10:47:45 PM OK svchost.exe\nsisvc.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\aepic.dll
12/8/2011 10:47:45 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:45 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:45 PM OK svchost.exe\nlaapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\rtutils.dll
12/8/2011 10:47:45 PM OK svchost.exe\dwmapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\version.dll
12/8/2011 10:47:45 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:45 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:45 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:45 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:45 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:45 PM OK svchost.exe\apphelp.dll
12/8/2011 10:47:45 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:45 PM OK svchost.exe\sxs.dll
12/8/2011 10:47:45 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:45 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:45 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:45 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:45 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:45 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:45 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:45 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:45 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:45 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:45 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:45 PM OK svchost.exe\user32.dll
12/8/2011 10:47:45 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:45 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:45 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:45 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:45 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:45 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:45 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:45 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\httpapi.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\perftrack.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\sstpsvc.dll
12/8/2011 10:47:45 PM OK C:\Windows\System32\nsisvc.dll
12/8/2011 10:47:46 PM OK audiodg.exe\audiodg.exe
12/8/2011 10:47:46 PM OK audiodg.exe\AUDIOKSE.dll
12/8/2011 10:47:46 PM OK audiodg.exe\AudioEng.dll
12/8/2011 10:47:46 PM OK audiodg.exe\AudioSes.dll
12/8/2011 10:47:46 PM OK audiodg.exe\ksuser.dll
12/8/2011 10:47:46 PM OK audiodg.exe\avrt.dll
12/8/2011 10:47:46 PM OK audiodg.exe\ntmarta.dll
12/8/2011 10:47:46 PM OK audiodg.exe\MMDevAPI.dll
12/8/2011 10:47:46 PM OK audiodg.exe\propsys.dll
12/8/2011 10:47:46 PM OK audiodg.exe\rsaenh.dll
12/8/2011 10:47:46 PM OK audiodg.exe\cryptsp.dll
12/8/2011 10:47:46 PM OK audiodg.exe\cryptbase.dll
12/8/2011 10:47:46 PM OK audiodg.exe\RpcRtRemote.dll
12/8/2011 10:47:46 PM OK audiodg.exe\msasn1.dll
12/8/2011 10:47:46 PM OK audiodg.exe\cfgmgr32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\wintrust.dll
12/8/2011 10:47:46 PM OK audiodg.exe\devobj.dll
12/8/2011 10:47:46 PM OK audiodg.exe\crypt32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\KernelBase.dll
12/8/2011 10:47:46 PM OK audiodg.exe\usp10.dll
12/8/2011 10:47:46 PM OK audiodg.exe\imm32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\advapi32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\msvcrt.dll
12/8/2011 10:47:46 PM OK audiodg.exe\oleaut32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\clbcatq.dll
12/8/2011 10:47:46 PM OK audiodg.exe\gdi32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\user32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\Wldap32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\lpk.dll
12/8/2011 10:47:46 PM OK audiodg.exe\rpcrt4.dll
12/8/2011 10:47:46 PM OK audiodg.exe\setupapi.dll
12/8/2011 10:47:46 PM OK audiodg.exe\msctf.dll
12/8/2011 10:47:46 PM OK audiodg.exe\kernel32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\ole32.dll
12/8/2011 10:47:46 PM OK audiodg.exe\ntdll.dll
12/8/2011 10:47:46 PM OK audiodg.exe\sechost.dll
12/8/2011 10:47:46 PM OK audiodg.exe\shlwapi.dll
12/8/2011 10:47:46 PM OK audiodg.exe\apisetschema.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\audiodg.exe
12/8/2011 10:47:46 PM OK C:\Windows\System32\AUDIOKSE.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\AudioEng.dll
12/8/2011 10:47:46 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:46 PM OK svchost.exe\mspatcha.dll
12/8/2011 10:47:46 PM OK svchost.exe\cabinet.dll
12/8/2011 10:47:46 PM OK svchost.exe\wuaueng.dll
12/8/2011 10:47:46 PM OK svchost.exe\bitsigd.dll
12/8/2011 10:47:46 PM OK svchost.exe\bitsperf.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\mspatcha.dll
12/8/2011 10:47:46 PM OK svchost.exe\qmgr.dll
12/8/2011 10:47:46 PM OK svchost.exe\advpack.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\bitsperf.dll
12/8/2011 10:47:46 PM OK svchost.exe\wbemsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\esent.dll
12/8/2011 10:47:46 PM OK svchost.exe\wer.dll
12/8/2011 10:47:46 PM OK svchost.exe\rasadhlp.dll
12/8/2011 10:47:46 PM OK svchost.exe\WLIDNSP.DLL
12/8/2011 10:47:46 PM OK svchost.exe\resutils.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\bitsigd.dll
12/8/2011 10:47:46 PM OK svchost.exe\clusapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\browser.dll
12/8/2011 10:47:46 PM OK svchost.exe\wbemess.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\advpack.dll
12/8/2011 10:47:46 PM OK svchost.exe\repdrvfs.dll
12/8/2011 10:47:46 PM OK svchost.exe\wmiutils.dll
12/8/2011 10:47:46 PM OK svchost.exe\sscore.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\qmgr.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\resutils.dll
12/8/2011 10:47:46 PM OK svchost.exe\srvsvc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wuaueng.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\browser.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\clusapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\WmiPrvSD.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\sscore.dll
12/8/2011 10:47:46 PM OK svchost.exe\ncobjapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\TSChannel.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\wbemess.dll
12/8/2011 10:47:46 PM OK svchost.exe\esscli.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\srvsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\wbemcore.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\WmiPrvSD.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\TSChannel.dll
12/8/2011 10:47:46 PM OK svchost.exe\NCProv.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\repdrvfs.dll
12/8/2011 10:47:46 PM OK svchost.exe\aelupsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\ntdsapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\fastprox.dll
12/8/2011 10:47:46 PM OK svchost.exe\wbemcomn.dll
12/8/2011 10:47:46 PM OK svchost.exe\WMIsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\vsstrace.dll
12/8/2011 10:47:46 PM OK svchost.exe\vssapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\raschap.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\esscli.dll
12/8/2011 10:47:46 PM OK svchost.exe\comctl32.dll
12/8/2011 10:47:46 PM OK svchost.exe\rastls.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\NCProv.dll
12/8/2011 10:47:46 PM OK svchost.exe\seclogon.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\WMIsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\webio.dll
12/8/2011 10:47:46 PM OK svchost.exe\winhttp.dll
12/8/2011 10:47:46 PM OK svchost.exe\IKEEXT.DLL
12/8/2011 10:47:46 PM OK C:\Windows\System32\raschap.dll
12/8/2011 10:47:46 PM OK svchost.exe\wiarpc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\aelupsvc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wbem\wbemcore.dll
12/8/2011 10:47:46 PM OK svchost.exe\taskcomp.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\rastls.dll
12/8/2011 10:47:46 PM OK svchost.exe\fvecerts.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\seclogon.dll
12/8/2011 10:47:46 PM OK svchost.exe\tbs.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\wiarpc.dll
12/8/2011 10:47:46 PM OK svchost.exe\fveapi.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\taskcomp.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\fvecerts.dll
12/8/2011 10:47:46 PM OK svchost.exe\schedsvc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\tbs.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\IKEEXT.DLL
12/8/2011 10:47:46 PM OK svchost.exe\shsvcs.dll
12/8/2011 10:47:46 PM OK svchost.exe\dhcpcsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\dhcpcsvc6.dll
12/8/2011 10:47:46 PM OK svchost.exe\FWPUCLNT.DLL
12/8/2011 10:47:46 PM OK svchost.exe\ktmw32.dll
12/8/2011 10:47:46 PM OK svchost.exe\umb.dll
12/8/2011 10:47:46 PM OK svchost.exe\eapphost.dll
12/8/2011 10:47:46 PM OK svchost.exe\eapsvc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\fveapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:46 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:46 PM OK svchost.exe\appinfo.dll
12/8/2011 10:47:46 PM OK svchost.exe\msi.dll
12/8/2011 10:47:46 PM OK svchost.exe\slc.dll
12/8/2011 10:47:46 PM OK svchost.exe\dsrole.dll
12/8/2011 10:47:46 PM OK svchost.exe\themeservice.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\shsvcs.dll
12/8/2011 10:47:46 PM OK svchost.exe\atl.dll
12/8/2011 10:47:46 PM OK svchost.exe\profsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\nlaapi.dll
12/8/2011 10:47:46 PM OK svchost.exe\gpsvc.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\eapphost.dll
12/8/2011 10:47:46 PM OK svchost.exe\rtutils.dll
12/8/2011 10:47:46 PM OK svchost.exe\rasman.dll
12/8/2011 10:47:46 PM OK svchost.exe\rasapi32.dll
12/8/2011 10:47:46 PM OK C:\Windows\System32\eapsvc.dll
12/8/2011 10:47:46 PM OK svchost.exe\winspool.drv
12/8/2011 10:47:47 PM OK svchost.exe\samcli.dll
12/8/2011 10:47:47 PM OK svchost.exe\wkscli.dll
12/8/2011 10:47:47 PM OK svchost.exe\netutils.dll
12/8/2011 10:47:47 PM OK svchost.exe\netapi32.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\schedsvc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\appinfo.dll
12/8/2011 10:47:47 PM OK svchost.exe\credui.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\themeservice.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\profsvc.dll
12/8/2011 10:47:47 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\mmcss.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\rasman.dll
12/8/2011 10:47:47 PM OK svchost.exe\avrt.dll
12/8/2011 10:47:47 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:47 PM OK svchost.exe\xmllite.dll
12/8/2011 10:47:47 PM OK svchost.exe\uxtheme.dll
12/8/2011 10:47:47 PM OK svchost.exe\propsys.dll
12/8/2011 10:47:47 PM OK svchost.exe\samlib.dll
12/8/2011 10:47:47 PM OK svchost.exe\comctl32.dll
12/8/2011 10:47:47 PM OK svchost.exe\version.dll
12/8/2011 10:47:47 PM OK svchost.exe\FirewallAPI.dll
12/8/2011 10:47:47 PM OK svchost.exe\WSHTCPIP.DLL
12/8/2011 10:47:47 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:47 PM OK svchost.exe\ubpm.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\rasapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\bcryptprimitives.dll
12/8/2011 10:47:47 PM OK svchost.exe\pcwum.dll
12/8/2011 10:47:47 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:47 PM OK svchost.exe\logoncli.dll
12/8/2011 10:47:47 PM OK svchost.exe\dnsapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\wship6.dll
12/8/2011 10:47:47 PM OK svchost.exe\mswsock.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:47 PM OK svchost.exe\netjoin.dll
12/8/2011 10:47:47 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:47 PM OK svchost.exe\wmsgapi.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\gpsvc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\netapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\sysntfy.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\credui.dll
12/8/2011 10:47:47 PM OK svchost.exe\srvcli.dll
12/8/2011 10:47:47 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:47 PM OK svchost.exe\bcrypt.dll
12/8/2011 10:47:47 PM OK svchost.exe\ncrypt.dll
12/8/2011 10:47:47 PM OK svchost.exe\authz.dll
12/8/2011 10:47:47 PM OK svchost.exe\wevtapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptdll.dll
12/8/2011 10:47:47 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:47 PM OK svchost.exe\apphelp.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:47 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:47 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:47 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:47 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:47 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:47 PM OK svchost.exe\devobj.dll
12/8/2011 10:47:47 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\mmcss.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\wmsgapi.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\sysntfy.dll
12/8/2011 10:47:47 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:47 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:47 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:47 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:47 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:47 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:47 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\user32.dll
12/8/2011 10:47:47 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:47 PM OK svchost.exe\psapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\shell32.dll
12/8/2011 10:47:47 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:47 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:47 PM OK svchost.exe\setupapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:47 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:47 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:47 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:47 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\ubpm.dll
12/8/2011 10:47:47 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:47 PM OK svchost.exe\wbemsvc.dll
12/8/2011 10:47:47 PM OK svchost.exe\PortableDeviceConnectApi.dll
12/8/2011 10:47:47 PM OK svchost.exe\Apphlpdm.dll
12/8/2011 10:47:47 PM OK svchost.exe\aepic.dll
12/8/2011 10:47:47 PM OK svchost.exe\wer.dll
12/8/2011 10:47:47 PM OK svchost.exe\hidserv.dll
12/8/2011 10:47:47 PM OK svchost.exe\sfc_os.dll
12/8/2011 10:47:47 PM OK svchost.exe\sfc.dll
12/8/2011 10:47:47 PM OK svchost.exe\PortableDeviceApi.dll
12/8/2011 10:47:47 PM OK svchost.exe\wbemprox.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\PortableDeviceConnectApi.dll
12/8/2011 10:47:47 PM OK svchost.exe\ntdsapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\fastprox.dll
12/8/2011 10:47:47 PM OK svchost.exe\wbemcomn.dll
12/8/2011 10:47:47 PM OK svchost.exe\sysmain.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\Apphlpdm.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\hidserv.dll
12/8/2011 10:47:47 PM OK svchost.exe\netman.dll
12/8/2011 10:47:47 PM OK svchost.exe\wdi.dll
12/8/2011 10:47:47 PM OK svchost.exe\netcfgx.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\wbem\wbemprox.dll
12/8/2011 10:47:47 PM OK svchost.exe\eappcfg.dll
12/8/2011 10:47:47 PM OK svchost.exe\eappprxy.dll
12/8/2011 10:47:47 PM OK svchost.exe\onex.dll
12/8/2011 10:47:47 PM OK svchost.exe\msxml6.dll
12/8/2011 10:47:47 PM OK svchost.exe\l2gpstore.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\netman.dll
12/8/2011 10:47:47 PM OK svchost.exe\dot3gpclnt.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\netcfgx.dll
12/8/2011 10:47:47 PM OK svchost.exe\dot3msm.dll
12/8/2011 10:47:47 PM OK svchost.exe\dhcpcsvc.dll
12/8/2011 10:47:47 PM OK svchost.exe\dhcpcsvc6.dll
12/8/2011 10:47:47 PM OK svchost.exe\dot3svc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\eappcfg.dll
12/8/2011 10:47:47 PM OK svchost.exe\eapphost.dll
12/8/2011 10:47:47 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:47 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:47 PM OK svchost.exe\pcasvc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\sysmain.dll
12/8/2011 10:47:47 PM OK svchost.exe\hnetcfg.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\eappprxy.dll
12/8/2011 10:47:47 PM OK svchost.exe\mprapi.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\dot3gpclnt.dll
12/8/2011 10:47:47 PM OK svchost.exe\rasdlg.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\onex.dll
12/8/2011 10:47:47 PM OK svchost.exe\netshell.dll
12/8/2011 10:47:47 PM OK svchost.exe\WUDFPlatform.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\l2gpstore.dll
12/8/2011 10:47:47 PM OK svchost.exe\WUDFSvc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\dot3msm.dll
12/8/2011 10:47:47 PM OK svchost.exe\uxsms.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\dot3svc.dll
12/8/2011 10:47:47 PM OK svchost.exe\slc.dll
12/8/2011 10:47:47 PM OK svchost.exe\dsrole.dll
12/8/2011 10:47:47 PM OK svchost.exe\atl.dll
12/8/2011 10:47:47 PM OK svchost.exe\nlaapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\rtutils.dll
12/8/2011 10:47:47 PM OK svchost.exe\rasman.dll
12/8/2011 10:47:47 PM OK svchost.exe\rasapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\avrt.dll
12/8/2011 10:47:47 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:47 PM OK svchost.exe\powrprof.dll
12/8/2011 10:47:47 PM OK svchost.exe\audiosrv.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\pcasvc.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\hnetcfg.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\mprapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\MMDevAPI.dll
12/8/2011 10:47:47 PM OK svchost.exe\hid.dll
12/8/2011 10:47:47 PM OK svchost.exe\propsys.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\WUDFPlatform.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\WUDFSvc.dll
12/8/2011 10:47:47 PM OK svchost.exe\comctl32.dll
12/8/2011 10:47:47 PM OK svchost.exe\version.dll
12/8/2011 10:47:47 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:47 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:47 PM OK svchost.exe\kerberos.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\audiosrv.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\rasdlg.dll
12/8/2011 10:47:47 PM OK svchost.exe\devrtl.dll
12/8/2011 10:47:47 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:47 PM OK svchost.exe\sysntfy.dll
12/8/2011 10:47:47 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:47 PM OK svchost.exe\authz.dll
12/8/2011 10:47:47 PM OK svchost.exe\wevtapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptdll.dll
12/8/2011 10:47:47 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:47 PM OK svchost.exe\apphelp.dll
12/8/2011 10:47:47 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:47 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:47 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:47 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:47 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:47 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:47 PM OK svchost.exe\devobj.dll
12/8/2011 10:47:47 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:47 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:47 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:47 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:47 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:47 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:47 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:47 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:47 PM OK svchost.exe\user32.dll
12/8/2011 10:47:47 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:47 PM OK svchost.exe\psapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\shell32.dll
12/8/2011 10:47:47 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:47 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:47 PM OK svchost.exe\setupapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:47 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:47 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:47 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:47 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:47 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:47 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:47 PM OK C:\Windows\System32\uxsms.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\kerberos.dll
12/8/2011 10:47:48 PM OK svchost.exe\services.exe
12/8/2011 10:47:48 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:48 PM OK svchost.exe\winlogon.exe
12/8/2011 10:47:48 PM OK svchost.exe\winlogon.exe
12/8/2011 10:47:48 PM OK svchost.exe\wuapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\cabinet.dll
12/8/2011 10:47:48 PM OK svchost.exe\dbghelp.dll
12/8/2011 10:47:48 PM OK svchost.exe\wscsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\wbemsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\WinMgmtR.dll
12/8/2011 10:47:48 PM OK svchost.exe\wbemprox.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntdsapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\fastprox.dll
12/8/2011 10:47:48 PM OK svchost.exe\wbemcomn.dll
12/8/2011 10:47:48 PM OK svchost.exe\dhcpcsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\dhcpcsvc6.dll
12/8/2011 10:47:48 PM OK svchost.exe\dhcpcore6.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\services.exe
12/8/2011 10:47:48 PM OK svchost.exe\dhcpcore.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\winlogon.exe
12/8/2011 10:47:48 PM OK svchost.exe\nrpsrv.dll
12/8/2011 10:47:48 PM OK svchost.exe\lmhsvc.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\wscsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\winnsi.dll
12/8/2011 10:47:48 PM OK svchost.exe\IPHLPAPI.DLL
12/8/2011 10:47:48 PM OK svchost.exe\AudioSes.dll
12/8/2011 10:47:48 PM OK svchost.exe\wkscli.dll
12/8/2011 10:47:48 PM OK svchost.exe\netutils.dll
12/8/2011 10:47:48 PM OK svchost.exe\avrt.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:48 PM OK svchost.exe\powrprof.dll
12/8/2011 10:47:48 PM OK svchost.exe\audiosrv.dll
12/8/2011 10:47:48 PM OK svchost.exe\wevtsvc.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\wbem\WinMgmtR.dll
12/8/2011 10:47:48 PM OK svchost.exe\MMDevAPI.dll
12/8/2011 10:47:48 PM OK svchost.exe\propsys.dll
12/8/2011 10:47:48 PM OK svchost.exe\version.dll
12/8/2011 10:47:48 PM OK svchost.exe\FirewallAPI.dll
12/8/2011 10:47:48 PM OK svchost.exe\WSHTCPIP.DLL
12/8/2011 10:47:48 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:48 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:48 PM OK svchost.exe\dnsapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\wship6.dll
12/8/2011 10:47:48 PM OK svchost.exe\mswsock.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:48 PM OK svchost.exe\netjoin.dll
12/8/2011 10:47:48 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:48 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:48 PM OK svchost.exe\wevtapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:48 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:48 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:48 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:48 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:48 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:48 PM OK svchost.exe\devobj.dll
12/8/2011 10:47:48 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:48 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:48 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:48 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\dhcpcore6.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\dhcpcore.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\nrpsrv.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\lmhsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:48 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:48 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\wevtsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:48 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\user32.dll
12/8/2011 10:47:48 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:48 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:48 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:48 PM OK svchost.exe\setupapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:48 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:48 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:48 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:48 PM OK svchost.exe\shlwapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\wuapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:48 PM OK svchost.exe\FWPUCLNT.DLL
12/8/2011 10:47:48 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\version.dll
12/8/2011 10:47:48 PM OK svchost.exe\FirewallAPI.dll
12/8/2011 10:47:48 PM OK svchost.exe\WSHTCPIP.DLL
12/8/2011 10:47:48 PM OK svchost.exe\RpcEpMap.dll
12/8/2011 10:47:48 PM OK svchost.exe\rpcss.dll
12/8/2011 10:47:48 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:48 PM OK svchost.exe\wship6.dll
12/8/2011 10:47:48 PM OK svchost.exe\mswsock.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:48 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:48 PM OK svchost.exe\secur32.dll
12/8/2011 10:47:48 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:48 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:48 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:48 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:48 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:48 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:48 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:48 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:48 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:48 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\user32.dll
12/8/2011 10:47:48 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:48 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:48 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:48 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:48 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:48 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:48 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\RpcEpMap.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\rpcss.dll
12/8/2011 10:47:48 PM OK svchost.exe\svchost.exe
12/8/2011 10:47:48 PM OK svchost.exe\wbemsvc.dll
12/8/2011 10:47:48 PM OK svchost.exe\wmiutils.dll
12/8/2011 10:47:48 PM OK svchost.exe\wbemprox.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntdsapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\fastprox.dll
12/8/2011 10:47:48 PM OK svchost.exe\WmiDcPrv.dll
12/8/2011 10:47:48 PM OK svchost.exe\wbemcomn.dll
12/8/2011 10:47:48 PM OK svchost.exe\wtsapi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntmarta.dll
12/8/2011 10:47:48 PM OK svchost.exe\rpcss.dll
12/8/2011 10:47:48 PM OK svchost.exe\umpo.dll
12/8/2011 10:47:48 PM OK svchost.exe\gpapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\userenv.dll
12/8/2011 10:47:48 PM OK svchost.exe\SPInf.dll
12/8/2011 10:47:48 PM OK svchost.exe\umpnpmgr.dll
12/8/2011 10:47:48 PM OK svchost.exe\pcwum.dll
12/8/2011 10:47:48 PM OK svchost.exe\rsaenh.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptsp.dll
12/8/2011 10:47:48 PM OK svchost.exe\devrtl.dll
12/8/2011 10:47:48 PM OK svchost.exe\credssp.dll
12/8/2011 10:47:48 PM OK svchost.exe\sspicli.dll
12/8/2011 10:47:48 PM OK svchost.exe\apphelp.dll
12/8/2011 10:47:48 PM OK svchost.exe\cryptbase.dll
12/8/2011 10:47:48 PM OK svchost.exe\winsta.dll
12/8/2011 10:47:48 PM OK svchost.exe\RpcRtRemote.dll
12/8/2011 10:47:48 PM OK svchost.exe\profapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\msasn1.dll
12/8/2011 10:47:48 PM OK svchost.exe\cfgmgr32.dll
12/8/2011 10:47:48 PM OK svchost.exe\wintrust.dll
12/8/2011 10:47:48 PM OK svchost.exe\devobj.dll
12/8/2011 10:47:48 PM OK svchost.exe\crypt32.dll
12/8/2011 10:47:48 PM OK svchost.exe\KernelBase.dll
12/8/2011 10:47:48 PM OK svchost.exe\usp10.dll
12/8/2011 10:47:48 PM OK svchost.exe\imm32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ws2_32.dll
12/8/2011 10:47:48 PM OK svchost.exe\advapi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\msvcrt.dll
12/8/2011 10:47:48 PM OK svchost.exe\oleaut32.dll
12/8/2011 10:47:48 PM OK svchost.exe\clbcatq.dll
12/8/2011 10:47:48 PM OK svchost.exe\gdi32.dll
12/8/2011 10:47:48 PM OK svchost.exe\user32.dll
12/8/2011 10:47:48 PM OK svchost.exe\Wldap32.dll
12/8/2011 10:47:48 PM OK svchost.exe\lpk.dll
12/8/2011 10:47:48 PM OK svchost.exe\rpcrt4.dll
12/8/2011 10:47:48 PM OK svchost.exe\setupapi.dll
12/8/2011 10:47:48 PM OK svchost.exe\msctf.dll
12/8/2011 10:47:48 PM OK svchost.exe\kernel32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ole32.dll
12/8/2011 10:47:48 PM OK svchost.exe\ntdll.dll
12/8/2011 10:47:48 PM OK svchost.exe\sechost.dll
12/8/2011 10:47:48 PM OK svchost.exe\nsi.dll
12/8/2011 10:47:48 PM OK svchost.exe\apisetschema.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\wbem\WmiDcPrv.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\umpo.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\umpnpmgr.dll
12/8/2011 10:47:48 PM OK lsm.exe\lsm.exe
12/8/2011 10:47:48 PM OK lsm.exe\pcwum.dll
12/8/2011 10:47:48 PM OK lsm.exe\credssp.dll
12/8/2011 10:47:48 PM OK lsm.exe\wmsgapi.dll
12/8/2011 10:47:48 PM OK lsm.exe\sysntfy.dll
12/8/2011 10:47:48 PM OK lsm.exe\secur32.dll
12/8/2011 10:47:48 PM OK lsm.exe\sspicli.dll
12/8/2011 10:47:48 PM OK lsm.exe\cryptbase.dll
12/8/2011 10:47:48 PM OK lsm.exe\RpcRtRemote.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\lsm.exe
12/8/2011 10:47:48 PM OK lsm.exe\KernelBase.dll
12/8/2011 10:47:48 PM OK lsm.exe\advapi32.dll
12/8/2011 10:47:48 PM OK lsm.exe\msvcrt.dll
12/8/2011 10:47:48 PM OK lsm.exe\rpcrt4.dll
12/8/2011 10:47:48 PM OK lsm.exe\kernel32.dll
12/8/2011 10:47:48 PM OK lsm.exe\ntdll.dll
12/8/2011 10:47:48 PM OK lsm.exe\sechost.dll
12/8/2011 10:47:48 PM OK lsm.exe\apisetschema.dll
12/8/2011 10:47:48 PM OK lsass.exe\lsass.exe
12/8/2011 10:47:48 PM OK lsass.exe\dssenh.dll
12/8/2011 10:47:48 PM OK lsass.exe\keyiso.dll
12/8/2011 10:47:48 PM OK lsass.exe\winnsi.dll
12/8/2011 10:47:48 PM OK lsass.exe\IPHLPAPI.DLL
12/8/2011 10:47:48 PM OK lsass.exe\netutils.dll
12/8/2011 10:47:48 PM OK lsass.exe\WSHTCPIP.DLL
12/8/2011 10:47:48 PM OK lsass.exe\gpapi.dll
12/8/2011 10:47:48 PM OK lsass.exe\userenv.dll
12/8/2011 10:47:48 PM OK lsass.exe\scecli.dll
12/8/2011 10:47:48 PM OK lsass.exe\bcryptprimitives.dll
12/8/2011 10:47:48 PM OK lsass.exe\LIVESSP.DLL
12/8/2011 10:47:48 PM OK C:\Windows\System32\lsass.exe
12/8/2011 10:47:48 PM OK lsass.exe\pku2u.dll
12/8/2011 10:47:48 PM OK lsass.exe\TSpkg.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\dssenh.dll
12/8/2011 10:47:48 PM OK C:\Windows\System32\keyiso.dll
12/8/2011 10:47:48 PM OK lsass.exe\efslsaext.dll
12/8/2011 10:47:49 PM OK lsass.exe\rsaenh.dll
12/8/2011 10:47:49 PM OK lsass.exe\wdigest.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\LIVESSP.DLL
12/8/2011 10:47:49 PM OK C:\Windows\System32\pku2u.dll
12/8/2011 10:47:49 PM OK lsass.exe\schannel.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\TSpkg.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\efslsaext.dll
12/8/2011 10:47:49 PM OK lsass.exe\logoncli.dll
12/8/2011 10:47:49 PM OK lsass.exe\dnsapi.dll
12/8/2011 10:47:49 PM OK lsass.exe\netlogon.dll
12/8/2011 10:47:49 PM OK lsass.exe\msv1_0.dll
12/8/2011 10:47:49 PM OK lsass.exe\wship6.dll
12/8/2011 10:47:49 PM OK lsass.exe\mswsock.dll
12/8/2011 10:47:49 PM OK lsass.exe\cryptsp.dll
12/8/2011 10:47:49 PM OK lsass.exe\kerberos.dll
12/8/2011 10:47:49 PM OK lsass.exe\negoexts.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\wdigest.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\schannel.dll
12/8/2011 10:47:49 PM OK lsass.exe\netjoin.dll
12/8/2011 10:47:49 PM OK lsass.exe\msprivs.dll
12/8/2011 10:47:49 PM OK lsass.exe\credssp.dll
12/8/2011 10:47:49 PM OK lsass.exe\secur32.dll
12/8/2011 10:47:49 PM OK lsass.exe\bcrypt.dll
12/8/2011 10:47:49 PM OK lsass.exe\ncrypt.dll
12/8/2011 10:47:49 PM OK lsass.exe\authz.dll
12/8/2011 10:47:49 PM OK lsass.exe\cngaudit.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\netlogon.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\negoexts.dll
12/8/2011 10:47:49 PM OK lsass.exe\wevtapi.dll
12/8/2011 10:47:49 PM OK lsass.exe\cryptdll.dll
12/8/2011 10:47:49 PM OK lsass.exe\samsrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\msprivs.dll
12/8/2011 10:47:49 PM OK lsass.exe\lsasrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\cngaudit.dll
12/8/2011 10:47:49 PM OK lsass.exe\sspisrv.dll
12/8/2011 10:47:49 PM OK lsass.exe\sspicli.dll
12/8/2011 10:47:49 PM OK lsass.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK lsass.exe\winsta.dll
12/8/2011 10:47:49 PM OK lsass.exe\RpcRtRemote.dll
12/8/2011 10:47:49 PM OK lsass.exe\profapi.dll
12/8/2011 10:47:49 PM OK lsass.exe\msasn1.dll
12/8/2011 10:47:49 PM OK lsass.exe\crypt32.dll
12/8/2011 10:47:49 PM OK lsass.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK lsass.exe\usp10.dll
12/8/2011 10:47:49 PM OK lsass.exe\imm32.dll
12/8/2011 10:47:49 PM OK lsass.exe\ws2_32.dll
12/8/2011 10:47:49 PM OK lsass.exe\advapi32.dll
12/8/2011 10:47:49 PM OK lsass.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK lsass.exe\gdi32.dll
12/8/2011 10:47:49 PM OK lsass.exe\user32.dll
12/8/2011 10:47:49 PM OK lsass.exe\psapi.dll
12/8/2011 10:47:49 PM OK lsass.exe\lpk.dll
12/8/2011 10:47:49 PM OK lsass.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK lsass.exe\msctf.dll
12/8/2011 10:47:49 PM OK lsass.exe\kernel32.dll
12/8/2011 10:47:49 PM OK lsass.exe\ntdll.dll
12/8/2011 10:47:49 PM OK lsass.exe\sechost.dll
12/8/2011 10:47:49 PM OK lsass.exe\nsi.dll
12/8/2011 10:47:49 PM OK lsass.exe\shlwapi.dll
12/8/2011 10:47:49 PM OK lsass.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\sspisrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\samsrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\lsasrv.dll
12/8/2011 10:47:49 PM OK services.exe\services.exe
12/8/2011 10:47:49 PM OK services.exe\wtsapi32.dll
12/8/2011 10:47:49 PM OK services.exe\WSHTCPIP.DLL
12/8/2011 10:47:49 PM OK services.exe\ubpm.dll
12/8/2011 10:47:49 PM OK services.exe\wship6.dll
12/8/2011 10:47:49 PM OK services.exe\mswsock.dll
12/8/2011 10:47:49 PM OK services.exe\credssp.dll
12/8/2011 10:47:49 PM OK services.exe\srvcli.dll
12/8/2011 10:47:49 PM OK services.exe\scesrv.dll
12/8/2011 10:47:49 PM OK services.exe\secur32.dll
12/8/2011 10:47:49 PM OK services.exe\scext.dll
12/8/2011 10:47:49 PM OK services.exe\authz.dll
12/8/2011 10:47:49 PM OK services.exe\sspicli.dll
12/8/2011 10:47:49 PM OK services.exe\apphelp.dll
12/8/2011 10:47:49 PM OK services.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK services.exe\winsta.dll
12/8/2011 10:47:49 PM OK services.exe\RpcRtRemote.dll
12/8/2011 10:47:49 PM OK services.exe\profapi.dll
12/8/2011 10:47:49 PM OK services.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK services.exe\usp10.dll
12/8/2011 10:47:49 PM OK services.exe\imm32.dll
12/8/2011 10:47:49 PM OK services.exe\ws2_32.dll
12/8/2011 10:47:49 PM OK services.exe\advapi32.dll
12/8/2011 10:47:49 PM OK services.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK services.exe\gdi32.dll
12/8/2011 10:47:49 PM OK services.exe\user32.dll
12/8/2011 10:47:49 PM OK services.exe\lpk.dll
12/8/2011 10:47:49 PM OK services.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK services.exe\msctf.dll
12/8/2011 10:47:49 PM OK services.exe\kernel32.dll
12/8/2011 10:47:49 PM OK services.exe\ntdll.dll
12/8/2011 10:47:49 PM OK services.exe\sechost.dll
12/8/2011 10:47:49 PM OK services.exe\nsi.dll
12/8/2011 10:47:49 PM OK services.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\scesrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\scext.dll
12/8/2011 10:47:49 PM OK winlogon.exe\winlogon.exe
12/8/2011 10:47:49 PM OK winlogon.exe\mpr.dll
12/8/2011 10:47:49 PM OK winlogon.exe\UXInit.dll
12/8/2011 10:47:49 PM OK winlogon.exe\slc.dll
12/8/2011 10:47:49 PM OK winlogon.exe\wkscli.dll
12/8/2011 10:47:49 PM OK winlogon.exe\netutils.dll
12/8/2011 10:47:49 PM OK winlogon.exe\WindowsCodecs.dll
12/8/2011 10:47:49 PM OK winlogon.exe\uxtheme.dll
12/8/2011 10:47:49 PM OK winlogon.exe\rsaenh.dll
12/8/2011 10:47:49 PM OK winlogon.exe\cryptsp.dll
12/8/2011 10:47:49 PM OK winlogon.exe\netjoin.dll
12/8/2011 10:47:49 PM OK winlogon.exe\sspicli.dll
12/8/2011 10:47:49 PM OK winlogon.exe\apphelp.dll
12/8/2011 10:47:49 PM OK winlogon.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK winlogon.exe\winsta.dll
12/8/2011 10:47:49 PM OK winlogon.exe\RpcRtRemote.dll
12/8/2011 10:47:49 PM OK winlogon.exe\profapi.dll
12/8/2011 10:47:49 PM OK winlogon.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK winlogon.exe\usp10.dll
12/8/2011 10:47:49 PM OK winlogon.exe\imm32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\advapi32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK winlogon.exe\gdi32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\user32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\lpk.dll
12/8/2011 10:47:49 PM OK winlogon.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK winlogon.exe\msctf.dll
12/8/2011 10:47:49 PM OK winlogon.exe\kernel32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\ole32.dll
12/8/2011 10:47:49 PM OK winlogon.exe\ntdll.dll
12/8/2011 10:47:49 PM OK winlogon.exe\sechost.dll
12/8/2011 10:47:49 PM OK winlogon.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\UXInit.dll
12/8/2011 10:47:49 PM OK csrss.exe\csrss.exe
12/8/2011 10:47:49 PM OK csrss.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK csrss.exe\sxs.dll
12/8/2011 10:47:49 PM OK csrss.exe\sxssrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\winsrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\basesrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\csrss.exe
12/8/2011 10:47:49 PM OK C:\Windows\System32\sxssrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\csrsrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\winsrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK csrss.exe\usp10.dll
12/8/2011 10:47:49 PM OK csrss.exe\advapi32.dll
12/8/2011 10:47:49 PM OK csrss.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK csrss.exe\gdi32.dll
12/8/2011 10:47:49 PM OK csrss.exe\user32.dll
12/8/2011 10:47:49 PM OK csrss.exe\lpk.dll
12/8/2011 10:47:49 PM OK csrss.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK csrss.exe\kernel32.dll
12/8/2011 10:47:49 PM OK csrss.exe\ntdll.dll
12/8/2011 10:47:49 PM OK csrss.exe\sechost.dll
12/8/2011 10:47:49 PM OK csrss.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\csrsrv.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\basesrv.dll
12/8/2011 10:47:49 PM OK wininit.exe\wininit.exe
12/8/2011 10:47:49 PM OK wininit.exe\WSHTCPIP.DLL
12/8/2011 10:47:49 PM OK wininit.exe\wship6.dll
12/8/2011 10:47:49 PM OK wininit.exe\mswsock.dll
12/8/2011 10:47:49 PM OK wininit.exe\credssp.dll
12/8/2011 10:47:49 PM OK wininit.exe\secur32.dll
12/8/2011 10:47:49 PM OK wininit.exe\sspicli.dll
12/8/2011 10:47:49 PM OK wininit.exe\apphelp.dll
12/8/2011 10:47:49 PM OK wininit.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK wininit.exe\RpcRtRemote.dll
12/8/2011 10:47:49 PM OK wininit.exe\profapi.dll
12/8/2011 10:47:49 PM OK wininit.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK wininit.exe\usp10.dll
12/8/2011 10:47:49 PM OK wininit.exe\imm32.dll
12/8/2011 10:47:49 PM OK wininit.exe\ws2_32.dll
12/8/2011 10:47:49 PM OK wininit.exe\advapi32.dll
12/8/2011 10:47:49 PM OK wininit.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK wininit.exe\gdi32.dll
12/8/2011 10:47:49 PM OK wininit.exe\user32.dll
12/8/2011 10:47:49 PM OK wininit.exe\lpk.dll
12/8/2011 10:47:49 PM OK wininit.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK wininit.exe\msctf.dll
12/8/2011 10:47:49 PM OK wininit.exe\kernel32.dll
12/8/2011 10:47:49 PM OK wininit.exe\ntdll.dll
12/8/2011 10:47:49 PM OK wininit.exe\sechost.dll
12/8/2011 10:47:49 PM OK wininit.exe\nsi.dll
12/8/2011 10:47:49 PM OK wininit.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\wininit.exe
12/8/2011 10:47:49 PM OK csrss.exe\csrss.exe
12/8/2011 10:47:49 PM OK csrss.exe\cryptbase.dll
12/8/2011 10:47:49 PM OK csrss.exe\sxs.dll
12/8/2011 10:47:49 PM OK csrss.exe\sxssrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\winsrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\basesrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\csrsrv.dll
12/8/2011 10:47:49 PM OK csrss.exe\KernelBase.dll
12/8/2011 10:47:49 PM OK csrss.exe\usp10.dll
12/8/2011 10:47:49 PM OK csrss.exe\msvcrt.dll
12/8/2011 10:47:49 PM OK csrss.exe\gdi32.dll
12/8/2011 10:47:49 PM OK csrss.exe\user32.dll
12/8/2011 10:47:49 PM OK csrss.exe\lpk.dll
12/8/2011 10:47:49 PM OK csrss.exe\rpcrt4.dll
12/8/2011 10:47:49 PM OK csrss.exe\kernel32.dll
12/8/2011 10:47:49 PM OK csrss.exe\ntdll.dll
12/8/2011 10:47:49 PM OK csrss.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK smss.exe\smss.exe
12/8/2011 10:47:49 PM OK smss.exe\ntdll.dll
12/8/2011 10:47:49 PM OK smss.exe\apisetschema.dll
12/8/2011 10:47:49 PM OK C:\Windows\System32\smss.exe
12/8/2011 10:47:49 PM OK pid:4\ntdll.dll
12/8/2011 10:47:55 PM OK C:\Windows\System32\ntvdm.exe
12/8/2011 10:47:55 PM OK C:\autoexec.bat
12/8/2011 10:47:55 PM OK C:\config.sys
12/8/2011 10:47:55 PM OK C:\Windows\win.ini
12/8/2011 10:47:55 PM OK C:\Windows\system.ini
12/8/2011 10:47:55 PM OK C:\Windows\System32\TIMER.DRV
12/8/2011 10:47:57 PM OK C:\Windows\explorer.exe
12/8/2011 10:47:57 PM OK C:\Windows\System32\userinit.exe
12/8/2011 10:48:00 PM OK C:\Windows\System32\mctadmin.exe
12/8/2011 10:48:01 PM OK C:\Windows\System32\aelupsvc.dll
12/8/2011 10:48:01 PM OK C:\Windows\System32\appidsvc.dll
12/8/2011 10:48:01 PM OK C:\Windows\System32\appinfo.dll
12/8/2011 10:48:01 PM OK C:\Windows\System32\appmgmts.dll
12/8/2011 10:48:01 PM OK C:\Windows\System32\audiosrv.dll
12/8/2011 10:48:02 PM OK C:\Windows\System32\AxInstSv.dll
12/8/2011 10:48:02 PM OK C:\Windows\System32\bdesvc.dll
12/8/2011 10:48:02 PM OK C:\Windows\System32\BFE.DLL
12/8/2011 10:48:03 PM OK C:\Windows\System32\qmgr.dll
12/8/2011 10:48:03 PM OK C:\Windows\System32\browser.dll
12/8/2011 10:48:03 PM OK C:\Windows\System32\bthserv.dll
12/8/2011 10:48:03 PM OK C:\Windows\System32\certprop.dll
12/8/2011 10:48:03 PM OK C:\Windows\System32\cryptsvc.dll
12/8/2011 10:48:03 PM OK C:\Windows\System32\cscsvc.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\rpcss.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\defragsvc.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\dhcpcore.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\dnsrslvr.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\dot3svc.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\dps.dll
12/8/2011 10:48:04 PM OK C:\Windows\System32\eapsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\es.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\fdPHost.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\FDResPub.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\FntCache.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\gpsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\hidserv.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\KMSVC.DLL
12/8/2011 10:48:05 PM OK C:\Windows\System32\ListSvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\provsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\IKEEXT.DLL
12/8/2011 10:48:05 PM OK C:\Windows\System32\IPBusEnum.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\iphlpsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\msdtckrm.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\srvsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\wkssvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\lltdsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\lmhsvc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\Mcx2Svc.dll
12/8/2011 10:48:05 PM OK C:\Windows\System32\mmcss.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\MPSSVC.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\iscsiexe.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\QAGENTRT.DLL
12/8/2011 10:48:06 PM OK C:\Windows\System32\netman.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\netprofm.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\nlasvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\nsisvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\pnrpsvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\p2psvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\pcasvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\PeerDistSvc.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\pla.dll
12/8/2011 10:48:06 PM OK C:\Windows\System32\umpnpmgr.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\pnrpauto.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\IPSECSVC.DLL
12/8/2011 10:48:07 PM OK C:\Windows\System32\umpo.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\profsvc.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\qwave.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\rasauto.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\rasmans.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\mprdim.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\regsvc.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\RpcEpMap.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\SCardSvr.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\schedsvc.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\sdrsvc.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\seclogon.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\Sens.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\sensrsvc.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\SessEnv.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\ipnathlp.dll
12/8/2011 10:48:07 PM OK C:\Windows\System32\shsvcs.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\sppuinotify.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\ssdpsrv.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\sstpsvc.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\wiaservc.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\swprv.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\sysmain.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\TabSvc.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\tapisrv.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\tbssvc.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\termsrv.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\themeservice.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\trkwks.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\umrdp.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\upnphost.dll
12/8/2011 10:48:08 PM OK C:\Windows\System32\uxsms.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\w32time.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wbiosrvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wcncsvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\WcsPlugInService.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wdi.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\WebClnt.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wecsvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wercplsupport.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wersvc.dll
12/8/2011 10:48:09 PM OK C:\Program Files\Windows Defender\MpSvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\winhttp.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wbem\WMIsvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\WsmSvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wlansvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wpcsvc.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wpdbusenum.dll
12/8/2011 10:48:09 PM OK C:\Windows\System32\wscsvc.dll
12/8/2011 10:48:10 PM OK C:\Windows\System32\wuaueng.dll
12/8/2011 10:48:10 PM OK C:\Windows\System32\WUDFSvc.dll
12/8/2011 10:48:10 PM OK C:\Windows\System32\wwansvc.dll
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\1394ohci.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\61883.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\86923134.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\acpi.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\acpipmi.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\adp94xx.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\adpahci.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\adpu320.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\svchost.exe
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\afd.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\AGP440.sys
12/8/2011 10:48:11 PM Packed: PE_Patch C:\Windows\System32\drivers\djsvs.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\djsvs.sys/PE_Patch
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\djsvs.sys
12/8/2011 10:48:11 PM OK C:\Windows\System32\alg.exe
12/8/2011 10:48:11 PM OK C:\Windows\System32\drivers\aliide.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\AMDAGP.SYS
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdide.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdk8.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdppm.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdsata.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdsbs.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\amdxata.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\appid.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\arc.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\arcsas.sys
12/8/2011 10:48:12 PM OK C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\asyncmac.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\atapi.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\avc.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\bxvbdx.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\b57nd60x.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\beep.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\blbdrive.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\bowser.sys
12/8/2011 10:48:12 PM Packed: PE_Patch C:\Windows\System32\drivers\BrFiltLo.sys
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\BrFiltLo.sys/PE_Patch
12/8/2011 10:48:12 PM OK C:\Windows\System32\drivers\BrFiltLo.sys
12/8/2011 10:48:12 PM Packed: PE_Patch C:\Windows\System32\drivers\BrFiltUp.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrFiltUp.sys/PE_Patch
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrFiltUp.sys
12/8/2011 10:48:13 PM Packed: PE_Patch C:\Windows\System32\drivers\BrSerId.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrSerId.sys/PE_Patch
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrSerId.sys
12/8/2011 10:48:13 PM Packed: PE_Patch C:\Windows\System32\drivers\BrSerWdm.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrSerWdm.sys/PE_Patch
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrSerWdm.sys
12/8/2011 10:48:13 PM Packed: PE_Patch C:\Windows\System32\drivers\BrUsbMdm.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrUsbMdm.sys/PE_Patch
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrUsbMdm.sys
12/8/2011 10:48:13 PM Packed: PE_Patch C:\Windows\System32\drivers\BrUsbSer.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrUsbSer.sys/PE_Patch
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\BrUsbSer.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\bthmodem.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\cdfs.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\cdrom.sys
12/8/2011 10:48:13 PM OK C:\Users\mog\Desktop\tempp\cg.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\circlass.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\clfs.sys
12/8/2011 10:48:13 PM OK C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12/8/2011 10:48:13 PM OK C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\CmBatt.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\cmdide.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\cng.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\compbatt.sys
12/8/2011 10:48:13 PM OK C:\Windows\System32\drivers\CompositeBus.sys
12/8/2011 10:48:14 PM OK C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\cpuz135_x32.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\crcdisk.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\csc.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\dc3d.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\dfsc.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\discache.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\disk.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\drmkaud.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\dxgkrnl.sys
12/8/2011 10:48:14 PM OK C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\evbdx.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\drivers\echo1394.sys
12/8/2011 10:48:14 PM OK C:\Windows\System32\lsass.exe
12/8/2011 10:48:14 PM OK C:\Windows\ehome\ehrecvr.exe
12/8/2011 10:48:14 PM OK C:\Windows\ehome\ehsched.exe
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\elxstor.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\errdev.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\eubakup.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\EUBKMON.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\eudskacs.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\EuFdDisk.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\exfat.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fastfat.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fdc.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fileinfo.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\filetrace.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\flpydisk.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fltMgr.sys
12/8/2011 10:48:15 PM OK C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fsdepends.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\fvevol.sys
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\GAGP30KX.SYS
12/8/2011 10:48:15 PM OK C:\Windows\System32\drivers\GEARAspiWDM.sys
12/8/2011 10:48:15 PM OK C:\Program Files\GFI\GFI Backup Administration Console\apache\bin\httpd.exe
12/8/2011 10:48:16 PM OK C:\Program Files\GFI\GFI Backup\GFIBInst.exe
12/8/2011 10:48:17 PM OK C:\Program Files\GFI\GFI Backup\GFIBSched.exe
12/8/2011 10:48:17 PM OK C:\Program Files\GFI\GFI Backup\DiskImage\Win32\oodiag.exe
12/8/2011 10:48:17 PM OK C:\Program Files\GFI\GFI Backup Administration Console\backupmcs.exe/#
12/8/2011 10:48:17 PM OK C:\Program Files\GFI\GFI Backup Administration Console\backupmcs.exe/#
12/8/2011 10:48:17 PM OK C:\Program Files\GFI\GFI Backup Administration Console\backupmcs.exe
12/8/2011 10:48:17 PM OK C:\Windows\System32\giveio.sys
12/8/2011 10:48:17 PM OK C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hcmon.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hcw85cir.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hdaudbus.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hidbatt.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hidbth.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hidir.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hidusb.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\HpSAMD.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\http.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\hwpolicy.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\i8042prt.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\iaStorV.sys
12/8/2011 10:48:18 PM OK C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12/8/2011 10:48:18 PM Packed: PE_Patch C:\Windows\System32\drivers\iirsp.sys
12/8/2011 10:48:18 PM Packed: PE_Patch C:\Windows\System32\drivers\iirsp.sys/PE_Patch
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\iirsp.sys/PE_Patch/PE_Patch
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\iirsp.sys/PE_Patch
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\iirsp.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\intelide.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\intelppm.sys
12/8/2011 10:48:18 PM OK C:\Windows\System32\drivers\ipfltdrv.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\IPMIDrv.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\ipnat.sys
12/8/2011 10:48:19 PM OK C:\Program Files\iPod\bin\iPodService.exe
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\irenum.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\isapnp.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\msiscsi.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\kbdclass.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\kbdhid.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\ksecdd.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\ksecpkg.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\lltdio.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\lsi_fc.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\lsi_sas.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\lsi_sas2.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\lsi_scsi.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\luafv.sys
12/8/2011 10:48:19 PM OK C:\Windows\System32\drivers\ManyCam.sys
12/8/2011 10:48:20 PM OK C:\Windows\System32\drivers\mcdbus.sys
12/8/2011 10:48:20 PM OK C:\Windows\System32\drivers\megasas.sys
12/8/2011 10:48:20 PM OK C:\Windows\System32\drivers\MegaSR.sys
12/8/2011 10:48:21 PM OK C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
12/8/2011 10:48:21 PM OK C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\modem.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\monitor.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mouclass.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mouhid.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mountmgr.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mpio.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mpsdrv.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mrxdav.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mrxsmb.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mrxsmb10.sys
12/8/2011 10:48:21 PM OK C:\Windows\System32\drivers\mrxsmb20.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\msahci.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\msdsm.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\msdtc.exe
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\msfs.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mshidkmdf.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\nx6000.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\msisadrv.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\msiexec.exe
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mskssrv.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mspclock.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mspqm.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\msrpc.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mssmbios.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mstee.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\MTConfig.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\mup.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\nwifi.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndis.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndiscap.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndistapi.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndisuio.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndiswan.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\ndproxy.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\netbios.sys
12/8/2011 10:48:22 PM OK C:\Windows\System32\drivers\netbt.sys
12/8/2011 10:48:22 PM OK C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\netr28.sys
12/8/2011 10:48:23 PM Packed: PE_Patch C:\Windows\System32\drivers\nfrd960.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nfrd960.sys/PE_Patch
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nfrd960.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\npf.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\npfs.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nsiproxy.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\ntfs.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nuidfltr.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\null.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvax.sys
12/8/2011 10:48:23 PM Packed: PE_Patch C:\Windows\System32\drivers\nvm60x32.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvm60x32.sys/PE_Patch
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvm60x32.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvlddmkm.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvapu.sys
12/8/2011 10:48:23 PM OK C:\Windows\System32\drivers\nvraid.sys
12/8/2011 10:48:24 PM OK C:\Windows\System32\drivers\nvstor.sys
12/8/2011 10:48:24 PM OK C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
12/8/2011 10:48:24 PM OK C:\Windows\System32\drivers\NV_AGP.SYS
12/8/2011 10:48:24 PM OK C:\Windows\System32\drivers\ohci1394.sys
12/8/2011 10:48:24 PM OK C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
12/8/2011 10:48:25 PM OK C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\parport.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\partmgr.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\parvdm.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pci.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pciide.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pcmcia.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pcw.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\PEAuth.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\PeerDist.dll
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\point32.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\raspptp.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\processr.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pacer.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\pxhelp20.sys
12/8/2011 10:48:25 PM OK C:\Windows\System32\drivers\ql2300.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\ql40xx.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\qwavedrv.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rasacd.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\agilevpn.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rasl2tp.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\raspppoe.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rassstp.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdbss.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdpbus.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\RDPCDD.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdpdr.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\RDPENCDD.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\RDPREFMP.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdpvideominiport.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdpwd.sys
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rdyboost.sys
12/8/2011 10:48:26 PM OK C:\Program Files\WinPcap\rpcapd.exe
12/8/2011 10:48:26 PM OK C:\Windows\System32\Locator.exe
12/8/2011 10:48:26 PM OK C:\Windows\System32\drivers\rspndr.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\rt61.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\WMP54Gv41x86.sys
12/8/2011 10:48:27 PM OK C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\vms3cap.sys
12/8/2011 10:48:27 PM OK C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\WNt500x86\sandra.sys
12/8/2011 10:48:27 PM OK C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP5\RpcAgentSrv.exe
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\sbp2port.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\scfilter.sys
12/8/2011 10:48:27 PM Packed: PE_Patch C:\Windows\System32\drivers\secdrv.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\secdrv.sys/PE_Patch
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\secdrv.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\serenum.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\serial.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\sermouse.sys
12/8/2011 10:48:27 PM OK C:\Windows\System32\drivers\sffdisk.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\sffp_mmc.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\sffp_sd.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\sfloppy.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\SISAGP.SYS
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\sisraid2.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\sisraid4.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\smb.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\snmptrap.exe
12/8/2011 10:48:28 PM OK C:\Windows\System32\speedfan.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\spldr.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\spoolsv.exe
12/8/2011 10:48:28 PM OK C:\Windows\System32\sppsvc.exe
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\srv.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\srv2.sys
12/8/2011 10:48:28 PM OK C:\Windows\System32\drivers\srvnet.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\stexstor.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\vmstorfl.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\storvsc.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\swenum.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tcpip.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tcpipreg.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tdpipe.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tdtcp.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tdx.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\termdd.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\truecrypt.sys
12/8/2011 10:48:29 PM OK C:\Windows\servicing\TrustedInstaller.exe
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tssecsrv.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\TsUsbFlt.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\tunnel.sys
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\UAGP35.SYS
12/8/2011 10:48:29 PM OK C:\Windows\System32\drivers\udfs.sys
12/8/2011 10:48:30 PM OK C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
12/8/2011 10:48:30 PM OK C:\Windows\System32\UI0Detect.exe
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\ULIAGPKX.SYS
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\umbus.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\umpass.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbaapl.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\USBAUDIO.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbccgp.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbcir.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbehci.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbhub.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbohci.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbprint.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\USBSTOR.SYS
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbuhci.sys
12/8/2011 10:48:30 PM OK C:\Windows\System32\drivers\usbvideo.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VBoxDrv.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VBoxNetAdp.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VBoxUSBMon.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vdrvroot.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\vds.exe
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vgapnp.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vga.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vhdmp.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VIAAGP.SYS
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\viac7.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\viaide.sys
12/8/2011 10:48:31 PM OK C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmbus.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VMBusHID.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmci.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\VMkbd.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmnetadapter.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmnetbridge.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\vmnetdhcp.exe
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmnetuserif.sys
12/8/2011 10:48:31 PM OK C:\Windows\System32\drivers\vmparport.sys
12/8/2011 10:48:32 PM OK C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
12/8/2011 10:48:32 PM OK C:\Windows\System32\vmnat.exe
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\vmx86.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\volmgr.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\volmgrx.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\volsnap.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\vsmraid.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\VSSVC.exe
12/8/2011 10:48:32 PM Packed: PE_Patch C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
12/8/2011 10:48:32 PM OK C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys/PE_Patch
12/8/2011 10:48:32 PM OK C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\vwifibus.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\wacompen.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\drivers\wanarp.sys
12/8/2011 10:48:32 PM OK C:\Windows\System32\wbengine.exe
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\wd.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\Wdf01000.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\wfplwf.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\wimmount.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\winusb.sys
12/8/2011 10:48:33 PM OK C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\wmiacpi.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\wbem\WmiApSrv.exe
12/8/2011 10:48:33 PM OK C:\Program Files\Windows Media Player\wmpnetwk.exe
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\ws2ifsl.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\SearchIndexer.exe
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\WUDFPf.sys
12/8/2011 10:48:33 PM OK C:\Windows\System32\drivers\WUDFRd.sys
12/8/2011 10:48:35 PM OK C:\Windows\System32\autochk.exe
12/8/2011 10:48:35 PM OK C:\Windows\System32\scecli.dll
12/8/2011 10:48:35 PM OK C:\Windows\System32\unregmp2.exe
12/8/2011 10:48:35 PM OK C:\Windows\System32\ie4uinit.exe
12/8/2011 10:48:35 PM OK C:\Windows\System32\rundll32.exe
12/8/2011 10:48:35 PM OK C:\Windows\System32\iedkcs32.dll
12/8/2011 10:48:35 PM OK C:\Windows\System32\regsvr32.exe
12/8/2011 10:48:35 PM OK C:\Windows\System32\themeui.dll
12/8/2011 10:48:35 PM OK C:\Program Files\Windows Mail\WinMail.exe
12/8/2011 10:48:36 PM OK C:\Windows\System32\shell32.dll
12/8/2011 10:48:36 PM OK C:\Windows\System32\mscories.dll
12/8/2011 10:48:36 PM OK C:\Windows\System32\COMM.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\vga.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\MMSYSTEM.DLL
12/8/2011 10:48:36 PM OK C:\Windows\System32\keyboard.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\mouse.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\WFWNET.DRV
12/8/2011 10:48:36 PM OK C:\Windows\System32\sound.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\system.drv
12/8/2011 10:48:36 PM OK C:\Windows\System32\msrle32.dll
12/8/2011 10:48:36 PM OK C:\Windows\System32\msvidc32.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\imaadp32.acm
12/8/2011 10:48:37 PM OK C:\Windows\System32\msg711.acm
12/8/2011 10:48:37 PM OK C:\Windows\System32\msgsm32.acm
12/8/2011 10:48:37 PM OK C:\Windows\System32\msadp32.acm
12/8/2011 10:48:37 PM OK C:\Windows\System32\midimap.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\msacm32.drv
12/8/2011 10:48:37 PM OK C:\Windows\System32\msyuv.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\iyuv_32.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\tsbyuv.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\l3codeca.acm
12/8/2011 10:48:37 PM OK C:\Windows\System32\iccvid.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\wdmaud.drv
12/8/2011 10:48:37 PM OK C:\Windows\System32\vfwwdm32.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\sirenacm.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\ir50_32.dll
12/8/2011 10:48:37 PM OK C:\Windows\System32\vmnc.dll
12/8/2011 10:48:39 PM OK C:\Windows\System32\webcheck.dll
12/8/2011 10:48:39 PM OK C:\Windows\System32\shdocvw.dll
12/8/2011 10:48:40 PM OK C:\Windows\System32\mf.dll
12/8/2011 10:48:40 PM OK C:\Program Files\NVIDIA Corporation\Display\nvui.dll
12/8/2011 10:48:40 PM OK C:\Windows\System32\nvshext.dll
12/8/2011 10:48:40 PM OK C:\Windows\System32\SHELL.DLL
12/8/2011 10:48:40 PM OK C:\Program Files\Microsoft Office\Office14\MLSHEXT.DLL
12/8/2011 10:48:40 PM OK C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
12/8/2011 10:48:40 PM OK C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
12/8/2011 10:48:40 PM OK C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
12/8/2011 10:48:41 PM OK C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
12/8/2011 10:48:41 PM OK C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
12/8/2011 10:48:41 PM OK C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
12/8/2011 10:48:41 PM OK C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
12/8/2011 10:48:41 PM OK C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
12/8/2011 10:48:41 PM OK C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
12/8/2011 10:48:42 PM OK C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
12/8/2011 10:48:43 PM OK C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll
12/8/2011 10:48:43 PM OK C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
12/8/2011 10:48:43 PM OK C:\Program Files\Common Files\microsoft shared\OFFICE14\msoshext.dll
12/8/2011 10:48:43 PM OK C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
12/8/2011 10:48:43 PM OK C:\Program Files\TeraCopy\TeraCopy.dll
12/8/2011 10:48:43 PM OK C:\Program Files\TeraCopy\TeraCopyExt.dll
12/8/2011 10:48:43 PM OK C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
12/8/2011 10:48:44 PM OK C:\Program Files\izarc\izarccm.dll
12/8/2011 10:48:44 PM OK C:\Program Files\IconViewer\iconview.dll
12/8/2011 10:48:44 PM OK C:\Program Files\Microsoft IntelliType Pro\itcplKey.dll
12/8/2011 10:48:44 PM OK C:\Windows\System32\cryptext.dll
12/8/2011 10:48:45 PM OK C:\Program Files\WinRAR\RarExt.dll
12/8/2011 10:48:45 PM OK C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll
12/8/2011 10:48:45 PM OK C:\Program Files\iTunes\iTunesMiniPlayer.dll
12/8/2011 10:48:45 PM OK C:\Program Files\Defraggler\DefragglerShell.dll
12/8/2011 10:48:45 PM OK C:\Program Files\WinArchiver\WASHELL.DLL Object was not changed (iChecker)
12/8/2011 10:48:46 PM OK C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
12/8/2011 10:48:46 PM OK C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
12/8/2011 10:48:46 PM OK C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
12/8/2011 10:48:46 PM OK C:\Program Files\Java\jre1.6.0_22\bin\jp2ssv.dll
12/8/2011 10:48:47 PM OK C:\Program Files\CCleaner\CCleaner.exe
12/8/2011 10:48:47 PM OK C:\Windows\System32\cmcfg32.dll
12/8/2011 10:48:47 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe
12/8/2011 10:48:47 PM Archive: NSIS C:\Users\mog\Desktop\ComboFix.exe/UPX
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0001
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0002
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0003
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0004
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0005
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0006
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0007
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0008
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0009
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0010
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0011
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0012
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0013
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0014
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0015
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0016
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0017
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0018
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0019
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0020
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0021
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0022
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0023
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0024
12/8/2011 10:48:47 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0025
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0026
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0027
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0028
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0029
12/8/2011 10:48:48 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/UPX/data0030
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0030/UPX
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0030
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0031
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0032
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0033
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0034
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0035
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0036
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0037
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0038
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0039
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0040
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0041
12/8/2011 10:48:48 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/UPX/data0042
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0042/UPX
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0042
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0043
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0044
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0045
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0046
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0047
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0048
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0049
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0050
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0051
12/8/2011 10:48:48 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0052
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0053
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0054
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0055
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0056
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0057
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0058
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0059
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0060
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0061
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0062
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0063
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0064
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0065
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0066
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0067
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0068
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0069
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0070
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0071
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0072
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0073
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0074
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0075
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0076
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0077
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0078
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0079
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0080
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0081
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0082
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0083
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0084
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0085
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0086
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0087
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0088
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0089
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0090
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0091
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0092
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0093
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0094
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0095/JIM
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0095
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0096
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0097
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0098
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0099
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0100
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0101
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0102
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0103
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0104
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0105
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0106
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0107
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0108
12/8/2011 10:48:49 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0109
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0110
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0111
12/8/2011 10:48:50 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/UPX/data0112
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0112/UPX
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0112
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0113
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0114
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0115
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0116
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0117
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0118
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0119
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0120
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0121
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0122
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0123
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0124/data0000.res/data0001.res
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0124/data0000.res
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0124/data0002.res
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0124/data0003.res
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0124
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0125
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0126
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0127
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0128
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0129
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0130/JIM
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0130
12/8/2011 10:48:50 PM Packed: PE_Patch C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/data0000.res
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/data0000.res/PE_Patch
12/8/2011 10:48:50 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/data0000.res
12/8/2011 10:48:51 PM Packed: PE_Patch C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/#
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/#/PE_Patch
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131/#
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0131
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0132
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0133
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0134
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0135
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0137
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0138
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0139
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0140
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0141
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0142
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0143
12/8/2011 10:48:51 PM Packed: PE_Patch.PECompact C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144
12/8/2011 10:48:51 PM Packed: PecBundle C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144/PE_Patch.PECompact
12/8/2011 10:48:51 PM Packed: PECompact C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144/PE_Patch.PECompact/PecBundle/PECompact
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144/PE_Patch.PECompact
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0144
12/8/2011 10:48:51 PM Packed: PE_Patch.PECompact C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145
12/8/2011 10:48:51 PM Packed: PecBundle C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145/PE_Patch.PECompact
12/8/2011 10:48:51 PM Packed: PECompact C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145/PE_Patch.PECompact/PecBundle/PECompact
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145/PE_Patch.PECompact
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0145
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0146
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0147
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0148
12/8/2011 10:48:51 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0149
12/8/2011 10:48:52 PM Packed: PE_Patch C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/data0000.res
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/data0000.res/PE_Patch
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/data0000.res
12/8/2011 10:48:52 PM Packed: PE_Patch C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/#
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/#/PE_Patch
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150/#
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0150
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0151
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0152
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0153
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0154
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0155
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0156
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0157
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0158
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0159
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0160
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0161
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0162
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0163
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0164
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0165
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0166
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0167
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0168
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0169
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0170
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0171
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0172
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0173
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0174
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0175
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0176
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0177
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0178
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0179
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0180
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0181
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0182
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0183
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0184
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0185
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0186
12/8/2011 10:48:52 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0187
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0188
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0189
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0190
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0191
12/8/2011 10:48:53 PM Archive: ZIP C:\Users\mog\Desktop\ComboFix.exe/UPX/data0192
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0192/pv.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0192/pv.txt
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0192
12/8/2011 10:48:53 PM Archive: ZIP C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/FS.bat
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/RS.bat
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/CS.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/DS.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/LS.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/readme.txt
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/SF.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193/SFs.bat
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0193
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0194
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0195
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX/data0196
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/UPX
12/8/2011 10:48:53 PM Archive: NSIS C:\Users\mog\Desktop\ComboFix.exe
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0001
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0002
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0003
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0004
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0005
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0006
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0007
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0008
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0009
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0010
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0011
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0012
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0013
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0014
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0015
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0016
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0017
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0018
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0019
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0020
12/8/2011 10:48:53 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0021
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0022
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0023
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0024
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0025
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0026
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0027
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0028
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0029
12/8/2011 10:48:54 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/data0030
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0030/UPX
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0030
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0031
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0032
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0033
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0034
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0035
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0036
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0037
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0038
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0039
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0040
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0041
12/8/2011 10:48:54 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/data0042
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0042/UPX
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0042
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0043
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0044
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0045
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0046
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0047
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0048
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0049
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0050
12/8/2011 10:48:54 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0051
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0052
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0053
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0054
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0055
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0056
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0057
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0058
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0059
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0060
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0061
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0062
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0063
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0064
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0065
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0066
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0067
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0068
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0069
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0070
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0071
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0072
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0073
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0074
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0075
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0076
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0077
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0078
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0079
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0080
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0081
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0082
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0083
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0084
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0085
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0086
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0087
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0088
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0089
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0090
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0091
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0092
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0093
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0094
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0095/JIM
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0095
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0096
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0097
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0098
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0099
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0100
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0101
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0102
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0103
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0104
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0105
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0106
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0107
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0108
12/8/2011 10:48:55 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0109
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0110
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0111
12/8/2011 10:48:56 PM Packed: UPX C:\Users\mog\Desktop\ComboFix.exe/data0112
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0112/UPX
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0112
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0113
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0114
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0115
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0116
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0117
12/8/2011 10:48:56 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0118
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0119
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0120
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0121
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0122
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0123
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0124/data0000.res Object was not changed (iChecker)
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0124/data0002.res Object was not changed (iChecker)
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0124/data0003.res Object was not changed (iChecker)
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0124
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0125
12/8/2011 10:48:57 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0126
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0127
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0128
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0129
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0130/JIM
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0130
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0131/data0000.res Object was not changed (iChecker)
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0131/# Object was not changed (iChecker)
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0131
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0132
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0133
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0134
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0135
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0137
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0138
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0139
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0140
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0141
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0142
12/8/2011 10:48:58 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0143
12/8/2011 10:48:58 PM Packed: PE_Patch.PECompact C:\Users\mog\Desktop\ComboFix.exe/data0144
12/8/2011 10:48:58 PM Packed: PecBundle C:\Users\mog\Desktop\ComboFix.exe/data0144/PE_Patch.PECompact
12/8/2011 10:48:58 PM Packed: PECompact C:\Users\mog\Desktop\ComboFix.exe/data0144/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0144/PE_Patch.PECompact/PecBundle/PECompact
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0144/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0144/PE_Patch.PECompact
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0144
12/8/2011 10:48:59 PM Packed: PE_Patch.PECompact C:\Users\mog\Desktop\ComboFix.exe/data0145
12/8/2011 10:48:59 PM Packed: PecBundle C:\Users\mog\Desktop\ComboFix.exe/data0145/PE_Patch.PECompact
12/8/2011 10:48:59 PM Packed: PECompact C:\Users\mog\Desktop\ComboFix.exe/data0145/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0145/PE_Patch.PECompact/PecBundle/PECompact
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0145/PE_Patch.PECompact/PecBundle
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0145/PE_Patch.PECompact
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0145
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0146
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0147
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0148
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0149
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0150/data0000.res Object was not changed (iChecker)
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0150/# Object was not changed (iChecker)
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0150
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0151
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0152
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0153
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0154
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0155
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0156
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0157
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0158
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0159
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0160
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0161
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0162
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0163
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0164
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0165
12/8/2011 10:48:59 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0166
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0167
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0168
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0169
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0170
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0171
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0172
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0173
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0174
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0175
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0176
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0177
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0178
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0179
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0180
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0181
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0182
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0183
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0184
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0185
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0186
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0187
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0188
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0189
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0190
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0191
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0192
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0193
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0194
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0195
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe/data0196
12/8/2011 10:49:00 PM OK C:\Users\mog\Desktop\ComboFix.exe
12/8/2011 10:49:00 PM OK C:\Program Files\Defraggler\Defraggler.exe/data0110.res
12/8/2011 10:49:01 PM OK C:\Program Files\Defraggler\Defraggler.exe/#
12/8/2011 10:49:01 PM OK C:\Program Files\Defraggler\Defraggler.exe
12/8/2011 10:49:01 PM OK C:\Program Files\DVD Maker\DVDMaker.exe
12/8/2011 10:49:01 PM OK C:\Program Files\Exact Audio Copy\EAC.exe
12/8/2011 10:49:01 PM OK C:\Program Files\NeoSmart Technologies\EasyBCD\EasyBCD.exe
12/8/2011 10:49:01 PM OK C:\Program Files\eraser\Eraser.exe
12/8/2011 10:49:01 PM OK C:\Program Files\Mozilla Firefox\firefox.exe
12/8/2011 10:49:02 PM OK C:\Program Files\FreeDNS Update\FreeDNSUpdate.exe
12/8/2011 10:49:02 PM OK C:\Program Files\GIMP-2.0\bin\gimp-2.6.exe
12/8/2011 10:49:02 PM OK C:\Program Files\Microsoft Office\Office14\INFOPATH.EXE
12/8/2011 10:49:02 PM OK C:\Program Files\iTunes\iTunes.exe
12/8/2011 10:49:06 PM OK C:\Program Files\izarc\IZArc.exe
12/8/2011 10:49:06 PM OK C:\Program Files\Java\jre1.6.0_22\bin\javaws.exe
12/8/2011 10:49:06 PM OK C:\Program Files\Windows Live\Installer\LangSelector.exe
12/8/2011 10:49:06 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
12/8/2011 10:49:06 PM OK C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
12/8/2011 10:49:06 PM OK C:\Program Files\Windows Media Player\wmplayer.exe
12/8/2011 10:49:07 PM OK C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE
12/8/2011 10:49:07 PM OK C:\Program Files\Microsoft IntelliType Pro\mskey.exe
12/8/2011 10:49:07 PM OK C:\Program Files\Windows Live\Messenger\msnmsgr.exe
12/8/2011 10:49:07 PM OK C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE
12/8/2011 10:49:07 PM OK C:\Program Files\Microsoft Office\Office14\MSPUB.EXE
12/8/2011 10:49:08 PM OK C:\Program Files\Microsoft Office\Office14\OIS.EXE
12/8/2011 10:49:08 PM OK C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE
12/8/2011 10:49:08 PM OK C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
12/8/2011 10:49:08 PM OK C:\Program Files\Pale Moon\palemoon.exe
12/8/2011 10:49:08 PM OK C:\Windows\System32\mspaint.exe
12/8/2011 10:49:08 PM OK C:\Program Files\QuickTime\PictureViewer.exe
12/8/2011 10:49:08 PM OK C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
12/8/2011 10:49:09 PM OK C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
12/8/2011 10:49:09 PM OK C:\Program Files\QuickTime\QuickTimePlayer.exe
12/8/2011 10:49:09 PM OK C:\Program Files\Recuva\Recuva.exe/#
12/8/2011 10:49:09 PM OK C:\Program Files\Recuva\Recuva.exe
12/8/2011 10:49:09 PM OK C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\sbase.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\scalc.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\sdraw.exe
12/8/2011 10:49:10 PM OK C:\Program Files\SeaMonkey\seamonkey.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\simpress.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\smath.exe
12/8/2011 10:49:10 PM OK C:\Windows\System32\SnippingTool.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\soffice.exe
12/8/2011 10:49:10 PM OK C:\Program Files\OpenOffice.org 3\program\swriter.exe
12/8/2011 10:49:10 PM OK C:\Program Files\Sylpheed\sylpheed.exe
12/8/2011 10:49:11 PM OK C:\Program Files\Mozilla Thunderbird\thunderbird.exe
12/8/2011 10:49:11 PM OK C:\Program Files\OpenOffice.org 3\program\unopkg.exe
12/8/2011 10:49:11 PM OK C:\Program Files\VMware\VMware Workstation\vmplayer.exe
12/8/2011 10:49:11 PM OK C:\Program Files\VMware\VMware Workstation\vmware.exe
12/8/2011 10:49:11 PM OK C:\Program Files\Windows Mail\wab.exe
12/8/2011 10:49:11 PM OK C:\Program Files\Windows Mail\wabmig.exe
12/8/2011 10:49:11 PM OK C:\Program Files\Winamp\winamp.exe
12/8/2011 10:49:12 PM OK C:\Program Files\Windows Live\Photo Gallery\WindowsLivePhotoViewer.exe
12/8/2011 10:49:12 PM OK C:\Program Files\WinRAR\WinRAR.exe/#
12/8/2011 10:49:12 PM OK C:\Program Files\WinRAR\WinRAR.exe
12/8/2011 10:49:12 PM OK C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
12/8/2011 10:49:13 PM OK C:\Program Files\Wireshark\wireshark.exe
12/8/2011 10:49:13 PM OK C:\Program Files\Windows Live\Installer\wlarp.exe
12/8/2011 10:49:13 PM OK C:\Program Files\Windows Live\Installer\wlsettings.exe
12/8/2011 10:49:13 PM OK C:\Program Files\Windows Live\Installer\wlstartup.exe
12/8/2011 10:49:13 PM OK C:\Program Files\Windows Live\Photo Gallery\WLXAlbumDownloadWizard.exe
12/8/2011 10:49:13 PM OK C:\Program Files\Windows NT\Accessories\wordpad.exe
12/8/2011 10:49:13 PM OK C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
12/8/2011 10:49:13 PM OK C:\Program Files\Java\jre1.6.0_22\bin\jp2iexp.dll
12/8/2011 10:49:14 PM OK C:\Program Files\Java\jre1.6.0_22\bin\npjpi160_22.dll
12/8/2011 10:49:14 PM OK C:\Windows\System32\prnfldr.dll
12/8/2011 10:49:14 PM OK C:\Windows\System32\ieframe.dll
12/8/2011 10:49:14 PM OK C:\Windows\System32\rdpclip.exe
12/8/2011 10:49:15 PM OK C:\Windows\System32\mscoree.dll
12/8/2011 10:49:15 PM OK C:\Windows\System32\urlmon.dll
12/8/2011 10:49:15 PM OK C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
12/8/2011 10:49:15 PM OK C:\Windows\System32\mshtml.dll
12/8/2011 10:49:15 PM OK C:\Windows\System32\MSVidCtl.dll
12/8/2011 10:49:15 PM OK C:\Windows\System32\itss.dll
12/8/2011 10:49:16 PM OK C:\Program Files\Windows Live\Messenger\msgrapp.dll
12/8/2011 10:49:16 PM OK C:\Windows\System32\inetcomm.dll
12/8/2011 10:49:16 PM OK C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
12/8/2011 10:49:16 PM OK C:\Program Files\Common Files\Skype\Skype4COM.dll
12/8/2011 10:49:17 PM OK C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
12/8/2011 10:49:17 PM OK C:\Windows\System32\EhStorShell.dll
12/8/2011 10:49:17 PM OK C:\Windows\System32\cscui.dll
12/8/2011 10:49:17 PM OK C:\Windows\System32\ntshrui.dll
12/8/2011 10:49:17 PM OK C:\Windows\System32\SystemPropertiesPerformance.exe
12/8/2011 10:49:17 PM OK C:\Windows\System32\cmd.exe
12/8/2011 10:49:17 PM OK C:\Windows\System32\wlgpclnt.dll
12/8/2011 10:49:17 PM OK C:\Windows\System32\gpprefcl.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\fdeploy.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\dskquota.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\gptext.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\gpscript.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\srchadmin.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\gpprnext.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\dot3gpclnt.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\cscobj.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\polstore.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\auditcse.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\iprtrmgr.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\KBDUS.DLL
12/8/2011 10:49:18 PM OK C:\Windows\System32\csrss.exe
12/8/2011 10:49:18 PM OK C:\Windows\System32\basesrv.dll
12/8/2011 10:49:18 PM OK C:\Windows\System32\winsrv.dll
12/8/2011 10:49:19 PM OK C:\Windows\System32\sxssrv.dll
12/8/2011 10:49:19 PM OK C:\Windows\System32\syncui.dll
12/8/2011 10:49:19 PM OK C:\Program Files\eraser\eraser.shell.dll
12/8/2011 10:49:19 PM Packed: UPX C:\Program Files\MagicISO\misosh.dll
12/8/2011 10:49:19 PM OK C:\Program Files\MagicISO\misosh.dll/UPX
12/8/2011 10:49:19 PM OK C:\Program Files\MagicISO\misosh.dll
12/8/2011 10:49:20 PM OK C:\Windows\System32\rshx32.dll
12/8/2011 10:49:20 PM OK C:\Windows\System32\docprop.dll
12/8/2011 10:49:20 PM OK C:\Windows\System32\twext.dll
12/8/2011 10:49:20 PM OK C:\Windows\System32\mydocs.dll
12/8/2011 10:49:20 PM OK C:\Windows\System32\DfsShlEx.dll
12/8/2011 10:49:20 PM OK C:\Program Files\FileZilla FTP Client\fzshellext.dll
12/8/2011 10:49:21 PM OK C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
12/8/2011 10:49:21 PM OK C:\Windows\System32\zipfldr.dll
12/8/2011 10:49:21 PM OK C:\Program Files\VMware\VMware Workstation\vmdkShellExt.dll
12/8/2011 10:49:21 PM OK C:\Windows\System32\diskcopy.dll
12/8/2011 10:49:21 PM OK C:\Windows\System32\wpdshext.dll
12/8/2011 10:49:22 PM OK C:\Windows\System32\dskquoui.dll
12/8/2011 10:49:22 PM OK C:\Windows\System32\mshta.exe
12/8/2011 10:49:23 PM OK C:\Windows\System32\notepad.exe
12/8/2011 10:49:23 PM OK C:\Windows\regedit.exe
12/8/2011 10:49:23 PM OK C:\Program Files\Sheep Friends\Billy\Billy.exe
12/8/2011 10:49:24 PM OK C:\Windows\System32\url.dll
12/8/2011 10:49:24 PM OK C:\Program Files\Windows Photo Viewer\PhotoViewer.dll
12/8/2011 10:49:25 PM OK C:\Program Files\VideoLAN\VLC\vlc.exe
12/8/2011 10:49:25 PM OK C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
12/8/2011 10:49:26 PM OK C:\Windows\System32\clbcatq.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\ole32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\advapi32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\comdlg32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\gdi32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\iertutil.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\imagehlp.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\imm32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\kernel32.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\lpk.dll
12/8/2011 10:49:26 PM OK C:\Windows\System32\msctf.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\msvcrt.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\normaliz.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\nsi.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\oleaut32.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\psapi.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\rpcrt4.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\sechost.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\setupapi.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\shlwapi.dll
12/8/2011 10:49:27 PM OK C:\Windows\System32\user32.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\usp10.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\wininet.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\Wldap32.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\ws2_32.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\difxapi.dll
12/8/2011 10:49:28 PM OK C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
12/8/2011 10:49:28 PM OK C:\Windows\System32\pcalua.exe
12/8/2011 10:49:29 PM Packed: UPX C:\Users\mog\Documents\Downloads\Programs\palemoon-websetup.exe
12/8/2011 10:49:29 PM OK C:\Users\mog\Documents\Downloads\Programs\palemoon-websetup.exe/UPX
12/8/2011 10:49:30 PM OK C:\Users\mog\Documents\Downloads\Programs\palemoon-websetup.exe
12/8/2011 10:49:31 PM Archive: CAB C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/files.dat
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/file_id.diz
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/iconview.chm
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/iconview.dll
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/IconVwLC.DLL
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/IVGdip.dll
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/license.txt
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/readme.txt
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/Setup.exe
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/SetupLC.dll
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/# Object was not changed (iChecker)
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe/#
12/8/2011 10:49:31 PM OK C:\Users\mog\Downloads\IconViewer3.02-Setup-x86.exe
12/8/2011 10:49:31 PM Archive: NSIS e:\non sys\Drivers etc\SetupAudioFire_4.8.exe
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0001
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0002
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0003
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0004
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0005
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0006
12/8/2011 10:49:31 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0007
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0008
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0009
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0010
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0011
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0012/#
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0012
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0013
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0014
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0015
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0016
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0017
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0018
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0019
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0020
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0021
12/8/2011 10:49:32 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0022
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0023
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0024
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0025
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0026
12/8/2011 10:49:33 PM Archive: NSIS e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0027
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0027/data0001
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0027/data0002 Object was not changed (iChecker)
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/data0027
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:33 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:34 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:34 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe/#
12/8/2011 10:49:34 PM OK e:\non sys\Drivers etc\SetupAudioFire_4.8.exe
12/8/2011 10:49:34 PM OK C:\Windows\System32\msfeedssync.exe
12/8/2011 10:49:34 PM OK C:\Windows\System32\sc.exe
12/8/2011 10:49:34 PM OK C:\Program Files\Windows Live\SOXE\wlsoxe.dll
12/8/2011 10:49:34 PM OK C:\Program Files\Windows Defender\MpCmdRun.exe
12/8/2011 10:49:34 PM OK C:\Windows\System32\mscms.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\sdclt.exe
12/8/2011 10:49:35 PM OK C:\Windows\System32\sdengin2.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\wermgr.exe
12/8/2011 10:49:35 PM OK C:\Program Files\Windows Media Player\wmpnscfg.exe
12/8/2011 10:49:35 PM OK C:\Windows\System32\MsCtfMonitor.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\ndfapi.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\wdc.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\srrstr.dll
12/8/2011 10:49:35 PM OK C:\Windows\System32\AuxiliaryDisplayServices.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\wpcmig.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\wpcumi.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\raserver.exe
12/8/2011 10:49:36 PM OK C:\Windows\System32\regidle.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\rasmbmgr.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\RacEngn.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\powercfg.exe
12/8/2011 10:49:36 PM OK C:\Windows\System32\energy.dll
12/8/2011 10:49:36 PM OK C:\Windows\System32\perftrack.dll
12/8/2011 10:49:37 PM OK C:\Windows\System32\gatherNetworkInfo.vbs/JIM
12/8/2011 10:49:37 PM OK C:\Windows\System32\gatherNetworkInfo.vbs/JIM
12/8/2011 10:49:37 PM OK C:\Windows\System32\gatherNetworkInfo.vbs/JIM
12/8/2011 10:49:37 PM OK C:\Windows\System32\gatherNetworkInfo.vbs/JIM
12/8/2011 10:49:37 PM OK C:\Windows\System32\gatherNetworkInfo.vbs
12/8/2011 10:49:37 PM OK C:\Windows\System32\PlaySndSrv.dll
12/8/2011 10:49:37 PM OK C:\Windows\System32\lpremove.exe
12/8/2011 10:49:37 PM OK C:\Windows\System32\HotStartUserAgent.dll
12/8/2011 10:49:37 PM OK C:\Windows\System32\memdiag.dll
12/8/2011 10:49:37 PM OK C:\Windows\ehome\ehprivjob.exe
12/8/2011 10:49:37 PM OK C:\Windows\ehome\ehrec.exe
12/8/2011 10:49:37 PM OK C:\Windows\ehome\mcupdate.exe
12/8/2011 10:49:37 PM OK C:\Windows\ehome\ehtrace.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\WinSATAPI.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\LocationNotifications.exe
12/8/2011 10:49:38 PM OK C:\Windows\System32\DFDWiz.exe
12/8/2011 10:49:38 PM OK C:\Windows\System32\dfdts.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\sdiagschd.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\Defrag.exe
12/8/2011 10:49:38 PM OK C:\Windows\System32\usbceip.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\kernelceip.dll
12/8/2011 10:49:38 PM OK C:\Windows\System32\wsqmcons.exe
12/8/2011 10:49:38 PM OK C:\Windows\System32\dimsjob.dll
12/8/2011 10:49:39 PM OK C:\Windows\System32\bthudtask.exe
12/8/2011 10:49:39 PM OK C:\Windows\System32\acproxy.dll
12/8/2011 10:49:39 PM OK C:\Windows\System32\aepdu.dll
12/8/2011 10:49:39 PM OK C:\Windows\System32\aitagent.exe
12/8/2011 10:49:39 PM OK C:\Windows\System32\appidcertstorecheck.exe
12/8/2011 10:49:39 PM OK C:\Windows\System32\appidpolicyconverter.exe
12/8/2011 10:49:39 PM OK C:\Windows\System32\msdrm.dll
12/8/2011 10:49:39 PM OK C:\Users\mog\AppData\Local\Google\Update\GoogleUpdate.exe
12/8/2011 10:49:39 PM OK C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe/#
12/8/2011 10:49:39 PM OK C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe/#
12/8/2011 10:49:39 PM OK C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe/#
12/8/2011 10:49:39 PM OK C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
12/8/2011 10:49:40 PM OK C:\Windows\System32\mode.com
12/8/2011 10:49:40 PM OK C:\Program Files\VMware\VMware Workstation\vsocklib.dll
12/8/2011 10:49:40 PM OK C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
12/8/2011 10:49:40 PM OK C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\1484453\6150270.exe
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_86923134.lnk
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\_uninst_86923134.bat
12/8/2011 10:49:41 PM OK C:\ProgramData\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
12/8/2011 10:49:41 PM OK C:\Windows\System32\drivers\etc\hosts
12/8/2011 10:49:41 PM OK C:\Windows\System32\logoncli.dll
12/8/2011 10:49:41 PM OK C:\Windows\System32\RpcRtRemote.dll
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\1484453\avlib.ppl
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\1484453\avpgui.ppl
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\1484453\avs.ppl
12/8/2011 10:49:41 PM OK C:\Users\mog\AppData\Local\temp\1484453\avspm.ppl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\avzkrnl.dll
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\basegui.ppl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\avpcure.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\kavbase.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\kavsys.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\kjim.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\klavemu.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\mark.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\pbs.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\qscan.kdl
12/8/2011 10:49:42 PM OK C:\Users\mog\AppData\Local\temp\1484453\bases\vlns.kdl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\bl.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\btdisk.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\clldr.dll
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\clldr.dll
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\crpthlpr.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\diffs.dll
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\dmap.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\dtreg.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\filemap.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\fsdrvplg.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\fssync.dll
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\hashmd5.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\icheck3.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\inflate.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\klsrlsvc.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\mailmsg.ppl
12/8/2011 10:49:43 PM OK C:\Users\mog\AppData\Local\temp\1484453\mdb.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\memmng.dll
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\memmng.dll
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\memmodsc.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\memscan.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\minizip.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\mkavio.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\msoe.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\ndetect.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\nfio.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\ods.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\params.ppl
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\prloader.dll
12/8/2011 10:49:44 PM OK C:\Users\mog\AppData\Local\temp\1484453\procmon.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\propmap.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\proxydet.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\prremote.dll
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\prseqio.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\prtransp.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\pxstub.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\qb.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\regmap.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\report.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\reportdb.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\schedule.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\sfdb.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\thpimpl.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\timer.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\tm.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\uniarc.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\updater.dll
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\ushata.dll
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\volenum.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\wdiskio.ppl
12/8/2011 10:49:45 PM OK C:\Users\mog\AppData\Local\temp\1484453\winreg.ppl
12/8/2011 10:49:46 PM OK C:\Users\mog\AppData\Local\temp\1484453\wmihlpr.ppl
12/8/2011 10:49:46 PM OK C:\Users\mog\AppData\Local\temp\RarSFX0\6150270rar.exe
12/8/2011 10:49:46 PM OK C:\Windows\AppPatch\AcLayers.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\AudioSes.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\cryptbase.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\FWPUCLNT.DLL
12/8/2011 10:49:46 PM OK C:\Windows\System32\IPHLPAPI.DLL
12/8/2011 10:49:46 PM OK C:\Windows\System32\MMDevAPI.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\NapiNSP.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\SensApi.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\WSHTCPIP.DLL
12/8/2011 10:49:46 PM OK C:\Windows\System32\apphelp.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\avrt.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\bcrypt.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\bcryptprimitives.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\browcli.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\cabinet.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\conhost.exe
12/8/2011 10:49:46 PM OK C:\Windows\System32\cryptnet.dll
12/8/2011 10:49:46 PM OK C:\Windows\System32\cryptsp.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\cscapi.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dbgeng.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\devrtl.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dhcpcsvc.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dhcpcsvc6.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dnsapi.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dsrole.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\dwmapi.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\fltLib.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\gpapi.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\grpconv.exe
12/8/2011 10:49:47 PM OK C:\Windows\System32\ksuser.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\linkinfo.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\mapi32.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\mpr.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\msacm32.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\msftedit.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\msi.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\msimg32.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\mswsock.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\ncrypt.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\net.exe
12/8/2011 10:49:47 PM OK C:\Windows\System32\net1.exe
12/8/2011 10:49:47 PM OK C:\Windows\System32\netapi32.dll
12/8/2011 10:49:47 PM OK C:\Windows\System32\netmsg.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\netutils.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\nlaapi.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\ntdsapi.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\ntmarta.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\pnrpnsp.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\profapi.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\propsys.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\rasadhlp.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\riched20.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\riched32.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\rsaenh.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\runonce.exe
12/8/2011 10:49:48 PM OK C:\Windows\System32\samcli.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\samlib.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\secur32.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\shfolder.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\slc.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\srvcli.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\sspicli.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\userenv.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\uxtheme.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\version.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\wbem\wbemprox.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\winmm.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\winnsi.dll
12/8/2011 10:49:48 PM OK C:\Windows\System32\winrnr.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\winspool.drv
12/8/2011 10:49:49 PM OK C:\Windows\System32\winsta.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wkscli.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wscisvif.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wscproxystub.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wship6.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wsock32.dll
12/8/2011 10:49:49 PM OK C:\Windows\System32\wtsapi32.dll
12/8/2011 10:49:50 PM OK C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
12/8/2011 10:49:50 PM OK C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
12/8/2011 10:49:50 PM OK C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
12/8/2011 10:49:50 PM OK C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
12/8/2011 10:49:50 PM OK Unknown application
12/8/2011 10:49:50 PM OK C
12/8/2011 10:49:51 PM OK E
12/8/2011 10:49:51 PM OK \Device\HarddiskVolume2
12/8/2011 10:49:51 PM OK \Device\HarddiskVolume3
12/8/2011 10:49:51 PM OK \Device\HarddiskVolume1
12/8/2011 10:49:52 PM OK \Device\Harddisk0\DR0
12/8/2011 10:49:52 PM Task completed
Automatic Scan: running (events: 208, objects: 209, time: Unknown)
12/8/2011 10:51:09 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\javaws.jar
12/8/2011 10:51:08 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\deploy.jar
12/8/2011 10:51:08 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin/msi_stage/AdobeARM.exe
12/8/2011 10:51:08 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\17368\AdobeExtractFiles.dll
12/8/2011 10:51:07 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\javaws.jar
12/8/2011 10:51:07 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\17368\AdobeARM.exe
12/8/2011 10:51:06 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\17368\AcrobatUpdater.exe
12/8/2011 10:51:04 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AcrobatUpd1011.msp
12/8/2011 10:51:04 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin/msi_stage/AcrobatUpdater.exe
12/8/2011 10:51:04 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\charsets.jar
12/8/2011 10:51:03 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi
12/8/2011 10:51:03 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin
12/8/2011 10:51:03 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin/msi_stage/AdobeExtractFiles.dll
12/8/2011 10:51:02 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin/msi_stage/ReaderUpdater.exe
12/8/2011 10:51:01 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\charsets.jar
12/8/2011 10:51:01 PM Archive: 7-Zip C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin
12/8/2011 10:51:01 PM OK C:\Documents and Settings\All Users\Adobe\AIR\Updater\updatePingback
12/8/2011 10:51:01 PM OK C:\Documents and Settings\All Users\Adobe\AIR\Updater\initialPingback
12/8/2011 10:51:00 PM OK C:\Documents and Settings\All Users\Adobe\AIR\eulaAccepted
12/8/2011 10:51:00 PM OK C:\Documents and Settings\All Users\ntuser.pol
12/8/2011 10:51:00 PM OK C:\BOOT\EASLINUX.KNL
12/8/2011 10:51:00 PM OK C:\Documents and Settings\desktop.ini
12/8/2011 10:51:00 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin/msi_stage/AdobeARM.exe
12/8/2011 10:50:59 PM OK C:\Config.Msi\2a1c23.rbf
12/8/2011 10:50:59 PM OK C:\Config.Msi\2a1be1.rbf
12/8/2011 10:50:57 PM Archive: GZIP C:\BOOT\EASLINUX.IRD
12/8/2011 10:50:57 PM OK C:\$RECYCLE.BIN\S-1-5-21-1175243136-2182879396-1685703000-1001\desktop.ini
12/8/2011 10:50:57 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin/msi_stage/AcrobatUpdater.exe
12/8/2011 10:50:57 PM OK C:\BOOT\EASEUSBT.IDX
12/8/2011 10:50:57 PM OK C:\{8077A6DE-82C9-402E-9BEB-B4741C0A2AFF}.CBM
12/8/2011 10:50:57 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_11.58.04_log.txt
12/8/2011 10:50:57 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_12.00.14_log.txt
12/8/2011 10:50:57 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_08.45.42_log.txt
12/8/2011 10:50:56 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_09.02.02_log.txt
12/8/2011 10:50:56 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_07.21.43_log.txt
12/8/2011 10:50:56 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_08.44.17_log.txt
12/8/2011 10:50:56 PM OK C:\TDSSKiller.2.6.22.0_08.12.2011_08.15.31_log.txt
12/8/2011 10:50:56 PM OK C:\Retainer Letter.pdf
12/8/2011 10:50:56 PM OK C:\SAVEDBCD.LOG2
12/8/2011 10:50:56 PM OK C:\SAVEDBCD.LOG1
12/8/2011 10:50:55 PM OK C:\Retainer Letter.pdf/data0000
12/8/2011 10:50:55 PM OK C:\SAVEDBCD.LOG
12/8/2011 10:50:55 PM Archive: 7-Zip C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi/AdobeARM.bin
12/8/2011 10:50:55 PM Archive: Embedded C:\Retainer Letter.pdf
12/8/2011 10:50:55 PM OK C:\SAVEDBCD
12/8/2011 10:50:55 PM OK C:\REMOVE_THIS_FILE.livecd.swap
12/8/2011 10:50:55 PM Archive: Embedded C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\ARM.msi
12/8/2011 10:50:55 PM OK C:\MOG-PEECEE
12/8/2011 10:50:55 PM OK C:\Hardware.txt
12/8/2011 10:50:55 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\Acrobat10Manifest.msi
12/8/2011 10:50:55 PM OK C:\MSDOS.SYS Object was not changed (iChecker)
12/8/2011 10:50:55 PM OK C:\IO.SYS
12/8/2011 10:50:54 PM OK C:\EUMONBMP.SYS
12/8/2011 10:50:54 PM OK C:\config.sys
12/8/2011 10:50:54 PM OK C:\.rnd
12/8/2011 10:50:54 PM OK C:\ComboFix.txt
12/8/2011 10:50:54 PM OK C:\autoexec.bat
12/8/2011 10:50:53 PM Not processed C:\pagefile.sys Object is locked
12/8/2011 10:50:53 PM OK \Device\Harddisk0\DR0
12/8/2011 10:50:52 PM OK \Device\HarddiskVolume1
12/8/2011 10:50:50 PM OK \Device\HarddiskVolume3
12/8/2011 10:50:47 PM OK \Device\HarddiskVolume2
12/8/2011 10:50:46 PM OK C
12/8/2011 10:50:45 PM Task started
12/8/2011 10:51:10 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin/msi_stage/ReaderUpdater.exe
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/META-INF/MANIFEST.MF
12/8/2011 10:51:11 PM OK C:\BOOT\EASLINUX.IRD/initrd.img
12/8/2011 10:51:11 PM OK C:\BOOT\EASLINUX.IRD
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\deploy.jar
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\20679\ReaderUpdater.exe Object was not changed (iChecker)
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\20679\AdobeExtractFiles.dll Object was not changed (iChecker)
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\20679\AdobeARM.exe Object was not changed (iChecker)
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\20679\AcrobatUpdater.exe Object was not changed (iChecker)
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\17368\ReaderUpdater.exe
12/8/2011 10:51:11 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\COPYRIGHT
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/META-INF/JCE_RSA.SF
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin/msi_stage/AdobeExtractFiles.dll
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE.rtf
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/META-INF/JCE_RSA.RSA
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\ARM\Acrobat_10.0.0\AdobeARM.bin
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_de.rtf
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_es.rtf
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_it.rtf
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/interfaces/DHKey.class
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/interfaces/DHPublicKey.class
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_ko.rtf
12/8/2011 10:51:12 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_fr.rtf
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_sv.rtf
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/interfaces/DHPrivateKey.class
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_ja.rtf
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/interfaces/PBEKey.class
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_zh_CN.rtf
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SecretKey.class
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\README.txt
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\LICENSE_zh_TW.rtf
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DHParameterSpec.class
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\THIRDPARTYLICENSEREADME.txt
12/8/2011 10:51:13 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\Welcome.html
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DESKeySpec.class
12/8/2011 10:51:13 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jsse.jar
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\awt.dll
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/IvParameterSpec.class
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\cmm.dll
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/RC2ParameterSpec.class
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\axbridge.dll
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\dcpr.dll
12/8/2011 10:51:14 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jsse.jar
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/RC5ParameterSpec.class
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DESedeKeySpec.class
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\dt_shmem.dll
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\deploy.dll
12/8/2011 10:51:15 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\management-agent.jar
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\deploytk.dll
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\fontmanager.dll
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\management-agent.jar/META-INF/MANIFEST.MF
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\dt_socket.dll
12/8/2011 10:51:15 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DHGenParameterSpec.class
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\management-agent.jar
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\eula.dll
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DHPrivateKeySpec.class
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\hprof.dll
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/DHPublicKeySpec.class
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/PBEKeySpec.class
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\hpi.dll
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\ioser12.dll
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\j2pcsc.dll
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/PBEParameterSpec.class
12/8/2011 10:51:16 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\instrument.dll
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/SecretKeySpec.class
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\j2pkcs11.dll
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/PSource$PSpecified.class
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\java-rmi.exe
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jaas_nt.dll
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/PSource.class
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\java.dll
12/8/2011 10:51:17 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\javacpl.cpl
12/8/2011 10:51:18 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\java.exe
12/8/2011 10:51:18 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/spec/OAEPParameterSpec.class
12/8/2011 10:51:18 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\javacpl.exe
12/8/2011 10:51:18 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/Cipher.class
12/8/2011 10:51:19 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\javaw.exe
12/8/2011 10:51:19 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_b.class
12/8/2011 10:51:19 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_b$2.class
12/8/2011 10:51:19 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jawt.dll
12/8/2011 10:51:19 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\javaws.exe
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\java_crw_demo.dll
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jbroker.exe
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_c.class
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\JdbcOdbc.dll
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jdwp.dll
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_c$1.class
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jli.dll
12/8/2011 10:51:20 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jkernel.dll
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jp2iexp.dll
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jp2launcher.exe
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jp2native.dll
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_d.class
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_e.class
12/8/2011 10:51:21 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\plugin.jar
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpeg.dll
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jp2ssv.dll
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpicom.dll
12/8/2011 10:51:21 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_e$o.class
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_e$p.class
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpiexp.dll
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpioji.dll
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_e$q.class
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpinscp.dll
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jpishare.dll
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_f.class
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_g.class
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jqsnotify.exe
12/8/2011 10:51:22 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jqs.exe
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/Cipher$r.class
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jsound.dll
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/CipherSpi.class
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jsoundds.dll
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jucheck.exe
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jureg.exe
12/8/2011 10:51:23 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/SunJCE_h.class
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\kinit.exe
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jusched.exe/#
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\klist.exe
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\keytool.exe
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\plugin.jar
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/ExemptionMechanism.class
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jusched.exe/#
12/8/2011 10:51:24 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/ShortBufferException.class
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/NoSuchPaddingException.class
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\ktab.exe
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\management.dll
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/ExemptionMechanismException.class
12/8/2011 10:51:25 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\mlib_image.dll
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/CipherInputStream.class
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jusched.exe/#
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\msvcr71.dll
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/CipherOutputStream.class
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\msvcrt.dll
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/KeyAgreement.class
12/8/2011 10:51:26 PM Archive: ZIP C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\resources.jar
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\jusched.exe/#
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\net.dll
12/8/2011 10:51:27 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/KeyGenerator.class
12/8/2011 10:51:26 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/KeyAgreementSpi.class
12/8/2011 10:51:27 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\bin\nio.dll
12/8/2011 10:51:27 PM OK C:\Documents and Settings\All Users\Adobe\CS5\jre\lib\jce.jar/javax/crypto/KeyGeneratorSpi.class
  • 0

#19 bummerman

bummerman

    TEG Forum Member

  • Members
  • 14 posts

Posted 09 December 2011 - 02:07 AM

HitMan Log:


<Log computer="MOG-PEECEE" scan="Normal" version="3.5.9.131" date="2011-12-08T19:42:36" timeSpentInSecs="537" filesProcessed="39259"><Item type="Malware" malwareName="Trojan" score="112.0" status="Deleted"><Scanners><Scanner id="Ikarus" name="Trojan-Dropper!IK" /></Scanners><File path="C:\Program Files\GridinSoft Trojan Killer\gridinsoft.trojan.killer.v2.xxx-loader.installer.exe" hash="892D7E70AF1D9BF650DE482B83AD89F2AF44FE185E5362691363902851A3764B" /></Item><Item type="Malware" malwareName="Trojan" score="108.0" status="Deleted"><Scanners><Scanner id="a-Squared" name="Trojan.Win32.Patcher.AMN!A2" /></Scanners><File path="C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" hash="72329C4403EDD9EE97CCFBC6649104EEB7AE0DF89FBB6F15BEE80F13F19B730D" /><References><File path="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft\Trojan Killer.lnk" /><File path="C:\Users\Public\Desktop\Trojan Killer.lnk" /></References></Item><Item type="Repair" score="0.0" status="Deleted"><File path="C:\Users\mog\AppData\Roaming\Microsoft\Windows\Cookies\mog@eset.122.2o7[1].txt" /></Item><Item type="Repair" score="0.0" status="Deleted"><File path="C:\Users\mog\AppData\Roaming\Microsoft\Windows\Cookies\mog@invitemedia[2].txt" /></Item><Item type="Repair" score="0.0" status="Deleted"><File path="C:\Users\mog\AppData\Roaming\Microsoft\Windows\Cookies\mog@statcounter[1].txt" /></Item><Item type="Malware" malwareName="Malware" score="103.0" status="Deleted"><Scanners><Scanner id="DrWeb" name="Infected" /></Scanners><File path="C:\Users\mog\DoctorWeb\Quarantine\cnet2_md5_zip.exe" hash="68F3BE3E44FE2B591084F348E9DE40DC1E24054E37C597F2C8D54D81BB0060FD" /></Item><Item type="Malware" malwareName="Malware" score="103.0" status="Deleted"><Scanners><Scanner id="DrWeb" name="Infected" /></Scanners><File path="C:\Users\mog\DoctorWeb\Quarantine\cnet2_winamp5622_lite_all_exe.exe" hash="E91D7C5F0AF5A4B0B1E62CC3E72EB8476626CF4F52B96D05636B751AAF188600" /></Item><Item type="Malware" malwareName="Trojan" score="110.0" status="Deleted"><Scanners><Scanner id="DrWeb" name="Trojan.StartPage.32434" /><Scanner id="Ikarus" name="Gen.Trojan!IK" /></Scanners><File path="C:\Users\mog\DoctorWeb\Quarantine\slwc.exe" hash="BDECBDDA4B5E990D27B43D3B06E1B78363F6D9CBD1BF164E220A127E07A2BAE8" /></Item><Item type="Suspicious" score="29.0" status="Quarantiend"><File path="C:\Users\mog\Documents\Downloads\Programs\startdelay_v3.0b315.exe" hash="47F1983BE6215E1DC41BF6130177D4BCE4843CD4CED529B73B71EF2B13A6224B" /></Item><Item type="Malware" malwareName="Malware" score="103.0" status="Deleted"><Scanners><Scanner id="DrWeb" name="Infected" /></Scanners><File path="C:\Users\mog\Downloads\cnet2_md5_zip.exe" hash="68F3BE3E44FE2B591084F348E9DE40DC1E24054E37C597F2C8D54D81BB0060FD" /></Item><Item type="Malware" malwareName="Trojan" score="110.0" status="Deleted"><Scanners><Scanner id="Ikarus" name="Trojan.Crypt!IK" /></Scanners><File path="C:\Users\mog\Downloads\PremiumSoft Navicat Premium Enterprise Edition v9 1 8\keygen.exe" hash="5767D6F280FF06DA031020F6D5A6A8A14C4B2B05E0FD28D96394E9A37733CAD1" /></Item><Item type="Malware" malwareName="Trojan" score="116.0" status="Deleted"><Scanners><Scanner id="G Data" name="Gen:Trojan.Heur.JP.gqW@aysQ1PlO (Engine A)" /><Scanner id="DrWeb" name="Infected" /></Scanners><File path="C:\Users\mog\Downloads\Recuva\Recuva.exe" hash="7E3F5A5597513C5385EF66486CA21E45B6E3543F93C3E955F6EB9A62B2A54A3B" /></Item><Item type="Suspicious" score="48.0" status="Deleted"><File path="C:\Users\mog\Downloads\Trojan Killer v2.1.1.2 {H33T}{projectmyskills}\Your Software Here\trojankiller2112-setup.exe" hash="9B70D63D5B97D1366BD745AD39B8AAD99B9EA8EA87CD6BF8504A71B8FEE3B7FF" /></Item></Log>
  • 0

#20 quietman7

quietman7

    Elder Janitor & Bug Exterminator

  • Admin
  • 11,401 posts
  • Gender:Male
  • Location:Virginia, USA

Posted 09 December 2011 - 07:31 AM


I ran Combofix again, and it restarted the PC, finished, and reported that the comres.dll file was infected, and replaced it with the one directly below it as shown in the last log file.

That is what I would have had you do next since the file failed File Signature Verification. Files which fail signature verification are those which do not appear to be original and may have been altered by malware infection so CF flags them.

Is it time to give up and wipe?

Your decision as to what action to take should be made by reading and asking yourself the questions presented in these articles:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned, repaired or trusted especially if you are dealing with backdoor Trojans, Botnets, IRCBots and rootkits. These types of infections are very dangerous because they compromise system integrity. Rootkits are used by backdoor Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker.

Security vendors that claim to be able to remove rootkits and backdoor Trojans cannot guarantee that all traces of it will be removed as they may not find all the remnants. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore with a vendor-specific Recovery Disk or Recovery Partition removes everything and is the safest action but I cannot make that decision for you.

  • 0
Microsoft MVP - Consumer Security 2007-2014 Posted Image

Member of UNITE, Unified Network of Instructors and Trusted Eliminators