I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software
HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list
HERE
Please proceed as follows :-
Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Don`t forget
Combofix must be saved to your desktop.
<--Very important
Ensure you have
disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<---Very important
Please include the
C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
*EXTRA NOTES*
If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)
Step 2
Download Security Check by screen317 from
HERE or
HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
I had to make another account because for reason I can't connect, but it's me.
Thanks for your time.
Here are the logs you asked:
Results of screen317's Security Check version 0.99.5 Windows Vista Service Pack 1 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner Java(TM) 6 Update 7 HP JavaCard for HP ProtectTools Out of date Java installed! Adobe Flash Player Adobe Reader 9.3.3 ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! Windows Defender MSASCui.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
ComboFix 10-09-29.01 - hp 09/29/2010 23:49:53.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2971.1722 [GMT -4:00] Running from: C:\Users\hp\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
Infected copy of C:\Windows\explorer.exe was found and disinfected Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of C:\Windows\System32\wininit.exe was found and disinfected Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
Infected copy of C:\Windows\explorer.exe was found and disinfected Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 ))))))))))))))))))))))))))))))) .
Yep you`ve been well and truly infected for sure, The Combofix log seems to be incomplete, I do need you to check for me and post it again please from here:
C:\Combofix.txt
There is still malware in the log that needs to be dealt with.
Couple questions, any reason you have not updated your OS to SP2 (service pack 2) This needs to be done when we`re finished.
UAC is turned off, not a good idea to keep off constantly..
Your Security setup is mismatched and needs to be sorted. Avast is antvirus plus antispyware, this will run fine with Windows defender. You also have Lavasofts Ad-aware, this is Antivirus plus antispyware and will clash with the others. It can be kept as a stand alone scanner, no realtime protection, but is better uninstalled. Leave it for now, just think what you want to do.
Proceed as follows :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text between the dotted lines below into it:
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3
Run ESET Online Scan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push
You can refer to this animation by neomage if needed. Frequently asked questions available Here
ComboFix 10-09-29.01 - hp 10/01/2010 16:50:36.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2971.1216 [GMT -4:00] Running from: c:\users\hp\Desktop\ComboFix.exe Command switches used :: c:\users\hp\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} .
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) .
c:\program files\Ask.com c:\program files\Ask.com\cb_b596.ico c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\fv_b2c7.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe c:\users\hp\AppData\Roaming\uTorrent c:\users\hp\AppData\Roaming\uTorrent\(500) Days of Summer [Complete with Bonus Soundtracks][2009].torrent c:\users\hp\AppData\Roaming\uTorrent\[1999] The Best Classical Album Of The Millennium Ever - Various Artists - 320kbs.torrent c:\users\hp\AppData\Roaming\uTorrent\Age of Wonders 2 - Wizards Throne + Shadow Magic.torrent c:\users\hp\AppData\Roaming\uTorrent\Antidote HD V3 + Patcher.torrent c:\users\hp\AppData\Roaming\uTorrent\bestOf2009.torrent c:\users\hp\AppData\Roaming\uTorrent\BlackberryPack.torrent c:\users\hp\AppData\Roaming\uTorrent\Brute Force (1947) Burt Lancaster Eng.torrent c:\users\hp\AppData\Roaming\uTorrent\cash.torrent c:\users\hp\AppData\Roaming\uTorrent\dht.dat c:\users\hp\AppData\Roaming\uTorrent\dht.dat.old c:\users\hp\AppData\Roaming\uTorrent\DJ_Papsta_-_The_Best_18_Songs_Youve_Never_Heard-2010.torrent c:\users\hp\AppData\Roaming\uTorrent\Instrumental Music - Best world's hits.torrent c:\users\hp\AppData\Roaming\uTorrent\J S Bach, The Best Of.torrent c:\users\hp\AppData\Roaming\uTorrent\Katy Perry - Teenage Dream 2o1o.torrent c:\users\hp\AppData\Roaming\uTorrent\Magnificat 243 etc [Christophers].torrent c:\users\hp\AppData\Roaming\uTorrent\Marked Woman (1937) DVDRip (SiRiUs sHaRe).torrent c:\users\hp\AppData\Roaming\uTorrent\Marked Woman (Bette Davis, Humphrey Bogart) [1937] @ .avi.torrent c:\users\hp\AppData\Roaming\uTorrent\Microsoft.Office.2003.Professional.SP3.Integrated-ETH0.torrent c:\users\hp\AppData\Roaming\uTorrent\Ousmane Sembene.torrent c:\users\hp\AppData\Roaming\uTorrent\Regina Spektor.torrent c:\users\hp\AppData\Roaming\uTorrent\resume.dat c:\users\hp\AppData\Roaming\uTorrent\resume.dat.old c:\users\hp\AppData\Roaming\uTorrent\rss.dat c:\users\hp\AppData\Roaming\uTorrent\rss.dat.old c:\users\hp\AppData\Roaming\uTorrent\settings.dat c:\users\hp\AppData\Roaming\uTorrent\settings.dat.old c:\users\hp\AppData\Roaming\uTorrent\Shakira - Waka Waka - World Cup 2010 Anthem.torrent c:\users\hp\AppData\Roaming\uTorrent\VA_-_The_Greatest_Songs_Of_2000-2009-(3CD)-2010-ATRium.torrent c:\users\hp\AppData\Roaming\uTorrent\vNes+games.torrent c:\users\hp\AppData\Roaming\uTorrent\Worms.Reloaded-SKIDROW.torrent . ---- Previous Run ------- . c:\users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\enemies-names.txt c:\users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\local.ini
-- Previous Run --
Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
--------
. ((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 ))))))))))))))))))))))))))))))) .
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option ORdownload the toolbar-free or Slim versions instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 24 hours" 3. Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.
4. Click the " Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click " OK" and it will scan and clean your system. 7. Click " exit" when done.
Post the Combofix log, how are things now, improved? same?
BIG problem. After doing the test with combofix windows restarted and now it does not want to boot. Safe mode and "last good configuration" do not work either. There s a BSOD about half a sec each time.
- I tried to repair the startup using windows cd which didnt work
-Then I did a system restore to 7pm, which is before I did your last instructions but after the one before that. It worked but it's windows is very very slow now (maybe it will be ok after a few reboots)
Is there a way to do what you asked me but without risking that to happen again?
Not sure what caused that problem, there is nothing in the CF fix script that would do that. Your system still appears to be infected, CF does make back ups that we can access from outside the OS through the Recovery environment so we always have a way to restore your system. I`d like to back this up even further by using ERUNT to make a full back up of the OS registry as an extra precaution. Please do not run Malwarebytes until I tell you, the executible file is infected as per the CF log. It was included in the fix but may have reverted when you used sys restore.
Removing Malware is never without risk, that is why you are warned to backup any important data. We never intentionally try to kill your system but its always a possibility, especially with some of the newer infections.
Please proceed as follows:-
Step 1
Download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).
Make sure that at least the first two check boxes are ticked
Press OK
Press YES to create the folder.
Registry Modifications
Step 2
Delete your version of Combofix from the Desktop, download a fresh copy from any of the following links:
It could be down to the infection, or it could be down to your on board security clashing with Combofix. It appears that Windows Defender was active during the CF runs. Malwarebytes is infected with Vundo and shows up in the CF log.
You also have some remnant drivers still on your system from an application named Safeboot, i`m not sure if those drivers are giving any conflict.
Proceed as follows please :-
Step 1
Windows Defender
Open Windows Defender.
Click Tools, and then click General Settings.
Under Real-Time Protection options, uncheck the "Real-time protection" check box.
Click Save.
(Once you are clean, you can re-enable Windows Defender by placing a check next to "Turn on real-time protection".)
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button" when VundoFix appears upon rebooting.
It will ask to restart your computer, please allow it to do so very important.
As it boots Tap the F8 key repeatedly until you see the Windows advanced menu.
From the Menu select Safe Mode with Networking and boot to that, accept any alerts and follow prompts as required. Next, install Malwarebytes again and update as follows :- Please download Malwarebytes Anti-Malware and save it to your desktop. Alernative D/L mirror Alternative D/L mirror
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Post the logs from Vundofix and Malwarebytes in your repy please, Any improvements?
I didn't include the two logs because nothing were found.
Here is a new HT log:
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:45:58 PM, on 10/3/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal
I`m not convinced your system is clean, lets run another diagnostic scan and see if it shows us anything untoward, as follows please :-
Step 1
Download TFC to your desktop, from either of the following links Link 1 Link 2
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click "Yes" to reboot.
Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Step 2
Download OTL from any of the following links and save to your Desktop:
OTL Extras logfile created on: 10/3/2010 5:34:53 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\hp\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 61.80 Gb Free Space | 55.28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded
Computer Name: HP-PC Current User Name: hp Logged in as Administrator.
Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found
Error - 10/2/2010 11:21:07 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description =
Error - 10/2/2010 11:40:26 PM | Computer Name = hp-PC | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver
Error - 10/3/2010 12:56:47 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description =
Error - 10/3/2010 2:38:44 PM | Computer Name = hp-PC | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver
Error - 10/3/2010 3:20:45 PM | Computer Name = hp-PC | Source = Google Update | ID = 20 Description =
Error - 10/3/2010 3:25:43 PM | Computer Name = hp-PC | Source = EventSystem | ID = 4609 Description =
Error - 10/3/2010 3:26:07 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description =
Error - 10/3/2010 3:41:10 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description =
Error - 10/3/2010 5:28:18 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10 Description =
[ Credential Manager Events ] Error - 8/21/2010 4:13:32 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317 Description = The system failed to register the user credentials. User: hp@HP-PC Client GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority: HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:32 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:36 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317 Description = The system failed to register the user credentials. User: hp@HP-PC Client GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority: HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:36 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:44 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317 Description = The system failed to register the user credentials. User: hp@HP-PC Client GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority: HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:44 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:48 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317 Description = The system failed to register the user credentials. User: hp@HP-PC Client GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority: HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:48 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect.
Error - 8/23/2010 12:07:22 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: hp@HP-PC Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off.
Error - 8/23/2010 12:07:22 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100811779 Description = The system failed to authenticate the submitted user credentials. User: hp@HP-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP
[ System Events ] Error - 9/1/2010 3:15:00 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385 Description =
Error - 9/1/2010 4:00:30 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516 Description =
Error - 9/1/2010 4:00:30 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385 Description =
Error - 9/1/2010 4:01:08 PM | Computer Name = hp-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 172.20.116.24 for the Network Card with network address 00216B67D81E has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
Error - 9/1/2010 4:09:54 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516 Description =
Error - 9/1/2010 4:09:54 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385 Description =
Error - 9/1/2010 7:11:01 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516 Description =
Error - 9/1/2010 7:11:01 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385 Description =
Error - 9/1/2010 8:29:44 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516 Description =
Error - 9/1/2010 8:29:44 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385 Description =
< End of report >
OLT
OTL logfile created on: 10/3/2010 5:34:53 PM - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\hp\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 61.80 Gb Free Space | 55.28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded
Computer Name: HP-PC Current User Name: hp Logged in as Administrator.
Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard
NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found
kevinf80_1d0ac6
1.1K Posts
0
September 29th, 2010 16:00
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
Please proceed as follows :-
Step 1
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
Combofix
Don`t forget Combofix must be saved to your desktop. <--Very important
Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important
Please include the C:\ComboFix.txt in your next reply for further review.
Examples of how to disable realtime protection available at the following link :-
Disable realtime protection
Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.
*EXTRA NOTES*
Step 2
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
What i`d like in your reply :-
Kevin
lufian
10 Posts
0
September 30th, 2010 15:00
Hi,
I had to make another account because for reason I can't connect, but it's me.
Thanks for your time.
Here are the logs you asked:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 7
HP JavaCard for HP ProtectTools
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
ComboFix 10-09-29.01 - hp 09/29/2010 23:49:53.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2971.1722 [GMT -4:00]
Running from: C:\Users\hp\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66
C:\Users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\enemies-names.txt
C:\Users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\local.ini
Infected copy of C:\Windows\explorer.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of C:\Windows\System32\wininit.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
Infected copy of C:\Windows\explorer.exe was found and disinfected
Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-30 )))))))))))))))))))))))))))))))
.
2010-09-29 15:05:11 . 2010-09-29 15:05:11 77912 ----a-w- C:\Windows\system32\drivers\klmdb.sys
2010-09-28 19:34:24 . 2010-09-28 19:34:24 -------- d-----w- C:\Program Files\ASUS
2010-09-28 17:15:04 . 2009-07-14 17:45:07 38480 ----a-w- C:\Windows\system32\drivers\WdfLdr.sys
2010-09-28 17:15:03 . 2009-07-14 17:45:07 445008 ----a-w- C:\Windows\system32\drivers\Wdf01000.sys
2010-09-28 14:59:55 . 2010-09-28 14:59:55 388096 ----a-r- C:\Users\hp\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 14:59:55 . 2010-09-28 14:59:55 -------- d-----w- C:\Program Files\Trend Micro
2010-09-27 19:38:35 . 2010-09-07 14:47:07 17744 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2010-09-27 19:38:34 . 2010-09-07 14:52:03 165584 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2010-09-27 19:38:33 . 2010-09-07 14:47:46 23376 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2010-09-27 19:38:32 . 2010-09-07 14:52:25 46672 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2010-09-27 19:38:30 . 2010-09-07 14:47:30 50768 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2010-09-27 19:37:56 . 2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr
2010-09-27 19:37:56 . 2010-09-07 15:11:54 167592 ----a-w- C:\Windows\system32\aswBoot.exe
2010-09-27 19:37:51 . 2010-09-27 19:37:51 -------- d-----w- C:\ProgramData\Alwil Software
2010-09-27 19:37:51 . 2010-09-27 19:37:51 -------- d-----w- C:\Program Files\Alwil Software
2010-09-27 16:36:42 . 2010-09-27 16:36:42 95024 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2010-09-27 03:17:45 . 2010-08-12 12:15:20 15880 ----a-w- C:\Windows\system32\lsdelete.exe
2010-09-27 03:14:39 . 2010-09-27 03:14:39 -------- d-----w- C:\Users\hp\AppData\Roaming\Malwarebytes
2010-09-27 03:14:24 . 2010-04-29 19:39:38 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-09-27 03:14:23 . 2010-09-27 03:14:23 -------- d-----w- C:\ProgramData\Malwarebytes
2010-09-27 03:13:28 . 2010-04-29 19:39:26 20952 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-09-27 03:13:27 . 2010-09-27 19:22:24 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-27 03:09:24 . 2010-09-27 03:09:24 -------- d-----w- C:\Users\hp\AppData\Local\Threat Expert
2010-09-27 03:02:43 . 2010-09-27 03:02:43 -------- dc----w- C:\Windows\system32\DRVSTORE
2010-09-27 03:02:43 . 2010-08-12 12:15:20 64288 ----a-w- C:\Windows\system32\drivers\Lbd.sys
2010-09-27 03:02:14 . 2010-08-12 12:16:02 2979848 -c--a-w- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-27 03:02:02 . 2010-09-27 03:02:46 -------- d-----w- C:\ProgramData\Lavasoft
2010-09-27 03:02:02 . 2010-09-27 03:02:02 -------- d-----w- C:\Program Files\Lavasoft
2010-09-27 02:47:25 . 2010-09-27 03:02:14 -------- dc-h--w- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-27 02:38:33 . 2010-09-27 18:29:59 -------- d-----w- C:\Program Files\Common Files\PC Tools
2010-09-26 00:33:05 . 2010-09-26 00:33:05 -------- d-----w- C:\Program Files\hdparm
2010-09-19 18:16:40 . 2010-09-19 18:16:40 -------- d-----w- C:\Users\hp\AppData\Roaming\Foxit Software
2010-09-19 18:15:48 . 2010-09-19 18:15:58 -------- d-----w- C:\Program Files\Ask.com
2010-09-19 18:15:23 . 2010-09-19 18:15:23 -------- d-----w- C:\Program Files\Foxit Software
2010-09-18 20:44:43 . 2010-09-18 20:44:43 -------- d-----w- C:\Users\hp\AppData\Local\Apps
2010-09-15 19:45:50 . 2008-07-31 14:41:54 238088 ----a-w- C:\Windows\system32\xactengine3_2.dll
2010-09-15 19:33:11 . 2010-09-15 19:33:11 -------- d-----w- C:\Program Files\Team17
2010-09-08 23:17:42 . 2010-09-08 23:59:34 -------- d-----w- C:\Users\hp\AppData\Local\Microsoft Games
2010-09-08 01:01:53 . 2010-09-08 01:01:53 -------- d-----w- C:\Windows\Sun
2010-09-07 22:45:33 . 2010-09-07 22:45:33 -------- d-----w- C:\Program Files\MSECache
2010-09-03 15:27:56 . 2010-09-03 15:27:58 -------- d-----w- C:\Program Files\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 04:20:08 . 2010-05-12 19:20:06 -------- d-----w- C:\ProgramData\hpqLog
2010-09-29 16:35:20 . 2010-07-03 19:36:16 -------- d-----w- C:\Users\hp\AppData\Roaming\uTorrent
2010-09-29 15:01:08 . 2008-01-21 02:23:44 34360 ----a-w- C:\Windows\system32\drivers\mouclass.sys
2010-09-28 19:34:24 . 2010-05-12 19:14:37 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-09-28 17:15:52 . 2006-11-02 10:25:05 51200 ----a-w- C:\Windows\Inf\infpub.dat
2010-09-28 17:15:52 . 2006-11-02 10:25:05 143360 ----a-w- C:\Windows\Inf\infstrng.dat
2010-09-28 17:15:43 . 2010-09-28 17:15:43 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-28 17:15:32 . 2010-09-28 17:15:32 0 ---ha-w- C:\Windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-28 17:14:38 . 2006-11-02 10:25:05 86016 ----a-w- C:\Windows\Inf\infstor.dat
2010-09-28 17:05:14 . 2010-06-01 16:03:39 -------- d-----w- C:\Program Files\CCleaner
2010-09-27 16:05:17 . 2010-09-27 03:11:36 112 ----a-w- C:\ProgramData\5V8tDVG.dat
2010-08-29 20:47:56 . 2010-08-29 20:47:56 -------- d-----w- C:\Users\hp\AppData\Roaming\GARMIN
2010-08-29 20:45:34 . 2010-08-29 20:45:34 -------- d-----w- C:\Program Files\DIFX
2010-08-29 20:45:05 . 2010-08-29 20:45:05 -------- d-----w- C:\Program Files\Garmin
2010-08-26 03:29:12 . 2010-05-12 19:09:14 -------- d-----w- C:\Program Files\Hewlett-Packard
2010-08-21 16:55:18 . 2010-08-13 21:10:34 -------- d-----w- C:\ProgramData\NOS
2010-08-13 21:13:00 . 2010-08-13 21:12:37 -------- d-----w- C:\Program Files\Common Files\Adobe
2010-08-13 21:11:32 . 2010-08-13 21:11:32 -------- d-----w- C:\Program Files\Common Files\Adobe AIR
2010-08-13 21:11:29 . 2010-08-13 21:11:33 53632 ----a-w- C:\Users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-13 21:10:42 . 2010-08-13 21:10:42 77184 ----a-w- C:\ProgramData\NOS\Adobe_Downloads\arh.exe
2010-08-12 20:21:12 . 2010-08-12 20:20:14 -------- d-----w- C:\Program Files\Java
2010-08-12 20:19:55 . 2010-08-12 20:19:55 -------- d-----w- C:\Program Files\Common Files\Java
2010-08-06 17:06:36 . 2010-08-06 17:06:36 -------- d-----w- C:\Program Files\HP
2010-08-05 00:26:37 . 2010-08-05 00:26:37 -------- d-----w- C:\Users\hp\AppData\Roaming\Druide
2010-08-05 00:26:13 . 2010-08-05 00:26:13 -------- d-----w- C:\Program Files\Druide
2010-08-05 00:19:33 . 2010-08-04 23:42:05 -------- d-----w- C:\Program Files\Age of Wonders II
2010-07-03 20:09:52 . 2010-05-12 18:27:54 94064 ----a-w- C:\Users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23:06 1385864 ----a-w- C:\Program Files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 19:23:06 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "C:\Program Files\Ask.com\GenericAskToolbar.dll" [2010-05-26 19:23:06 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:59 1008184]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-07-16 10:01:26 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-07-16 10:00:36 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-07-16 10:01:04 145944]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 20:40:08 177456]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 21:03:16 354360]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 06:59:38 24848]
"avast5"="C:\Program Files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 15:12:02 2838912]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-14 15:31:52 1721640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=C:\Windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06:38 976832 ----a-r- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04:47 35760 ----a-w- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16:20 357696 ----a-w- C:\Program Files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2008-06-02 18:38:34 367128 ----a-r- C:\Program Files\Common Files\Intel\Privacy Icon\PRIVACYICONCLIENT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 21:23:22 197904 ----a-w- C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-01 21:54:40 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 12:15:19 15008]
R3 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 12:12:50 1112560]
R4 sptd;sptd;C:\Windows\system32\Drivers\sptd.sys [2010-06-01 22:25:14 691696]
S0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys [2010-08-12 12:15:20 64288]
S0 SafeBoot;SafeBoot;
S0 SbAlg;SbAlg;
S0 SbFsLock;SbFsLock;
S1 aswSP;aswSP;
S1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\System32\drivers\psd.sys [2009-07-20 02:17:36 39712]
S1 RsvLock;RsvLock;
S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 20:16:42 207400]
S2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-21 02:24:10 21504]
S2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-21 02:24:10 21504]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2010-09-07 14:47:30 50768]
S2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\AtService.exe [2009-07-29 16:43:50 1201400]
S2 HP ProtectTools Service;HP ProtectTools Service;C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 20:59:00 45056]
S2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 19:28:44 256544]
S2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe [2008-04-07 22:13:38 24936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-27 16:36:36 1355928]
S2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-02 18:38:36 2058776]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys [2010-03-01 18:56:28 482176]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 15:33:26 193840]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y6032.sys [2008-03-27 11:39:58 224384]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2010-04-05 14:42:44 6630912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder
2010-09-30 C:\Windows\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15:19 . 2010-09-27 16:36:38]
2010-09-30 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-01 21:54:47 . 2010-06-01 21:54:40]
2010-09-30 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-01 21:54:47 . 2010-06-01 21:54:40]
2010-09-30 C:\Windows\Tasks\User_Feed_Synchronization-{F6F2FA59-BFC0-4DA9-B15D-C691B979C54F}.job
- C:\Windows\system32\msfeedssync.exe [2010-06-01 21:06:50 . 2010-02-23 04:54:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
Thank you very much!
kevinf80_1d0ac6
1.1K Posts
0
October 1st, 2010 00:00
Hi lufian,
Yep you`ve been well and truly infected for sure, The Combofix log seems to be incomplete, I do need you to check for me and post it again please from here:
C:\Combofix.txt
There is still malware in the log that needs to be dealt with.
Kevin
lufian
10 Posts
0
October 1st, 2010 08:00
It's really all there is in combofix.txt.
Do you want me to run combofix again?
Btw, the first time i ran combofix it gave me a BSOD, the second time it worked.
Thanks!
kevinf80_1d0ac6
1.1K Posts
0
October 1st, 2010 09:00
Couple questions, any reason you have not updated your OS to SP2 (service pack 2) This needs to be done when we`re finished.
Your Security setup is mismatched and needs to be sorted. Avast is antvirus plus antispyware, this will run fine with Windows defender. You also have Lavasofts Ad-aware, this is Antivirus plus antispyware and will clash with the others. It can be kept as a stand alone scanner, no realtime protection, but is better uninstalled. Leave it for now, just think what you want to do.
Proceed as follows :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text between the dotted lines below into it:
-----------------------------------------------------------------------------------
KillAll::
Folder::
C:\Program Files\Ask.com
C:\Users\hp\AppData\Roaming\uTorrent
RenV::
C:\Program Files\ActivIdentity\ActivClient\accrdsub .exe
C:\Program Files\ActivIdentity\ActivClient\acevents .exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Druide\Antidote 7\Programmes32\agentantidote .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt .exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain .exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched .exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
-----------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Alernative D/L mirror
Alternative D/L mirror
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Step 3
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here
What i`d like in your reply :-
Kevin
lufian
10 Posts
0
October 1st, 2010 16:00
Hi,
Thanks again for what you are doing!
Logs :
COMBOFIX
ComboFix 10-09-29.01 - hp 10/01/2010 16:50:36.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.2971.1216 [GMT -4:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_b596.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_b2c7.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\users\hp\AppData\Roaming\uTorrent
c:\users\hp\AppData\Roaming\uTorrent\(500) Days of Summer [Complete with Bonus Soundtracks][2009].torrent
c:\users\hp\AppData\Roaming\uTorrent\[1999] The Best Classical Album Of The Millennium Ever - Various Artists - 320kbs.torrent
c:\users\hp\AppData\Roaming\uTorrent\Age of Wonders 2 - Wizards Throne + Shadow Magic.torrent
c:\users\hp\AppData\Roaming\uTorrent\Antidote HD V3 + Patcher.torrent
c:\users\hp\AppData\Roaming\uTorrent\bestOf2009.torrent
c:\users\hp\AppData\Roaming\uTorrent\BlackberryPack.torrent
c:\users\hp\AppData\Roaming\uTorrent\Brute Force (1947) Burt Lancaster Eng.torrent
c:\users\hp\AppData\Roaming\uTorrent\cash.torrent
c:\users\hp\AppData\Roaming\uTorrent\dht.dat
c:\users\hp\AppData\Roaming\uTorrent\dht.dat.old
c:\users\hp\AppData\Roaming\uTorrent\DJ_Papsta_-_The_Best_18_Songs_Youve_Never_Heard-2010.torrent
c:\users\hp\AppData\Roaming\uTorrent\Instrumental Music - Best world's hits.torrent
c:\users\hp\AppData\Roaming\uTorrent\J S Bach, The Best Of.torrent
c:\users\hp\AppData\Roaming\uTorrent\Katy Perry - Teenage Dream 2o1o.torrent
c:\users\hp\AppData\Roaming\uTorrent\Magnificat 243 etc [Christophers].torrent
c:\users\hp\AppData\Roaming\uTorrent\Marked Woman (1937) DVDRip (SiRiUs sHaRe).torrent
c:\users\hp\AppData\Roaming\uTorrent\Marked Woman (Bette Davis, Humphrey Bogart) [1937] @ .avi.torrent
c:\users\hp\AppData\Roaming\uTorrent\Microsoft.Office.2003.Professional.SP3.Integrated-ETH0.torrent
c:\users\hp\AppData\Roaming\uTorrent\Ousmane Sembene.torrent
c:\users\hp\AppData\Roaming\uTorrent\Regina Spektor.torrent
c:\users\hp\AppData\Roaming\uTorrent\resume.dat
c:\users\hp\AppData\Roaming\uTorrent\resume.dat.old
c:\users\hp\AppData\Roaming\uTorrent\rss.dat
c:\users\hp\AppData\Roaming\uTorrent\rss.dat.old
c:\users\hp\AppData\Roaming\uTorrent\settings.dat
c:\users\hp\AppData\Roaming\uTorrent\settings.dat.old
c:\users\hp\AppData\Roaming\uTorrent\Shakira - Waka Waka - World Cup 2010 Anthem.torrent
c:\users\hp\AppData\Roaming\uTorrent\VA_-_The_Greatest_Songs_Of_2000-2009-(3CD)-2010-ATRium.torrent
c:\users\hp\AppData\Roaming\uTorrent\vNes+games.torrent
c:\users\hp\AppData\Roaming\uTorrent\Worms.Reloaded-SKIDROW.torrent
.
---- Previous Run -------
.
c:\users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\enemies-names.txt
c:\users\hp\AppData\Roaming\DF0E7B326C8BE91EE532C3640AA63F66\local.ini
-- Previous Run --
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
Infected copy of c:\windows\System32\wininit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
--------
.
((((((((((((((((((((((((( Files Created from 2010-09-01 to 2010-10-01 )))))))))))))))))))))))))))))))
.
2010-10-01 20:57 . 2010-10-01 21:02 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-10-01 20:57 . 2010-10-01 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-29 15:05 . 2010-09-29 15:05 77912 ----a-w- c:\windows\system32\drivers\klmdb.sys
2010-09-28 19:34 . 2010-09-28 19:34 -------- d-----w- c:\program files\ASUS
2010-09-28 17:15 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-09-28 17:15 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-09-28 14:59 . 2010-09-28 14:59 388096 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 14:59 . 2010-09-28 14:59 -------- d-----w- c:\program files\Trend Micro
2010-09-27 19:38 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-27 19:38 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-27 19:38 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-27 19:38 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-27 19:38 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-27 19:37 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-27 19:37 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-27 19:37 . 2010-09-27 19:37 -------- d-----w- c:\programdata\Alwil Software
2010-09-27 19:37 . 2010-09-27 19:37 -------- d-----w- c:\program files\Alwil Software
2010-09-27 16:36 . 2010-09-27 16:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-27 03:17 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-27 03:14 . 2010-09-27 03:14 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-09-27 03:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-27 03:14 . 2010-09-27 03:14 -------- d-----w- c:\programdata\Malwarebytes
2010-09-27 03:13 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-27 03:13 . 2010-09-27 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 03:09 . 2010-09-27 03:09 -------- d-----w- c:\users\hp\AppData\Local\Threat Expert
2010-09-27 03:02 . 2010-09-27 03:02 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-27 03:02 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-27 03:02 . 2010-08-12 12:16 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-27 03:02 . 2010-09-27 03:02 -------- d-----w- c:\programdata\Lavasoft
2010-09-27 03:02 . 2010-09-27 03:02 -------- d-----w- c:\program files\Lavasoft
2010-09-27 02:47 . 2010-09-27 03:02 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-27 02:38 . 2010-09-27 18:29 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-26 00:33 . 2010-09-26 00:33 -------- d-----w- c:\program files\hdparm
2010-09-19 18:16 . 2010-09-19 18:16 -------- d-----w- c:\users\hp\AppData\Roaming\Foxit Software
2010-09-19 18:15 . 2010-09-19 18:15 -------- d-----w- c:\program files\Foxit Software
2010-09-18 20:44 . 2010-09-18 20:44 -------- d-----w- c:\users\hp\AppData\Local\Apps
2010-09-15 19:45 . 2008-07-31 14:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-09-15 19:33 . 2010-09-15 19:33 -------- d-----w- c:\program files\Team17
2010-09-08 23:17 . 2010-09-08 23:59 -------- d-----w- c:\users\hp\AppData\Local\Microsoft Games
2010-09-08 01:01 . 2010-09-08 01:01 -------- d-----w- c:\windows\Sun
2010-09-07 22:45 . 2010-09-07 22:45 -------- d-----w- c:\program files\MSECache
2010-09-03 15:27 . 2010-09-03 15:27 -------- d-----w- c:\program files\Microsoft Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 21:00 . 2010-05-12 19:20 -------- d-----w- c:\programdata\hpqLog
2010-09-29 15:01 . 2008-01-21 02:23 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-09-28 19:34 . 2010-05-12 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-28 17:15 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat
2010-09-28 17:15 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat
2010-09-28 17:15 . 2010-09-28 17:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-28 17:15 . 2010-09-28 17:15 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-28 17:14 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat
2010-09-28 17:05 . 2010-06-01 16:03 -------- d-----w- c:\program files\CCleaner
2010-09-27 16:05 . 2010-09-27 03:11 112 ----a-w- c:\programdata\5V8tDVG.dat
2010-08-29 20:47 . 2010-08-29 20:47 -------- d-----w- c:\users\hp\AppData\Roaming\GARMIN
2010-08-29 20:45 . 2010-08-29 20:45 -------- d-----w- c:\program files\DIFX
2010-08-29 20:45 . 2010-08-29 20:45 -------- d-----w- c:\program files\Garmin
2010-08-26 03:29 . 2010-05-12 19:09 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-21 16:55 . 2010-08-13 21:10 -------- d-----w- c:\programdata\NOS
2010-08-13 21:13 . 2010-08-13 21:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 21:11 . 2010-08-13 21:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-13 21:11 . 2010-08-13 21:11 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-13 21:10 . 2010-08-13 21:10 77184 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-08-12 20:21 . 2010-08-12 20:20 -------- d-----w- c:\program files\Java
2010-08-12 20:19 . 2010-08-12 20:19 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 17:06 . 2010-08-06 17:06 -------- d-----w- c:\program files\HP
2010-08-05 00:26 . 2010-08-05 00:26 -------- d-----w- c:\users\hp\AppData\Roaming\Druide
2010-08-05 00:26 . 2010-08-05 00:26 -------- d-----w- c:\program files\Druide
2010-08-05 00:19 . 2010-08-04 23:42 -------- d-----w- c:\program files\Age of Wonders II
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2009-08-07 354360]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2009-07-28 24848]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2008-06-02 18:38 367128 ----a-r- c:\program files\Common Files\Intel\Privacy Icon\PRIVACYICONCLIENT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-01 21:54 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2008-05-23 21:23 197904 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2010-08-12 15008]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-01 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S0 SafeBoot;SafeBoot;
S0 SbAlg;SbAlg;
S0 SbFsLock;SbFsLock;
S1 aswSP;aswSP;
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2009-07-20 39712]
S1 RsvLock;RsvLock;
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-07-29 1201400]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2009-08-07 45056]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-07-29 256544]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-27 1355928]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-02 2058776]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-03-01 482176]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-04-05 6630912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Cognizance REG_MULTI_SZ ASBroker
Bioscrypt REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder
2010-10-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 16:36]
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 21:54]
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-01 21:54]
2010-10-01 c:\windows\Tasks\User_Feed_Synchronization-{F6F2FA59-BFC0-4DA9-B15D-C691B979C54F}.job
- c:\windows\system32\msfeedssync.exe [2010-06-01 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-01 17:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,e9,a6,8d,1c,d1,5a,42,b9,91,9a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,90,e9,a6,8d,1c,d1,5a,42,b9,91,9a,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\agrsmsvc.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
c:\program files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2010-10-01 17:10:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-01 21:09
Pre-Run: 56,599,306,240 bytes free
Post-Run: 56,551,768,064 bytes free
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - F79542168FEEABD865668F8B9E74AEA4
MBAM :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4729
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904
10/1/2010 5:20:28 PM
mbam-log-2010-10-01 (17-20-28).txt
Scan type: Quick scan
Objects scanned: 142332
Time elapsed: 7 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET
There no log because it found nothing.
There are huge improvements :
- Google does not redirect anymore
- Windows updater seems to work
But I still feel that there s still something because the comp is slower and Cpu usage and physical mem are higher.
What is your opinion?
Regards.
kevinf80_1d0ac6
1.1K Posts
0
October 1st, 2010 17:00
As follows please :-
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text between the dotted lines below into it:
-------------------------------------------------------------------------------------------------------------
KillAll::
File::
c:\programdata\5V8tDVG.dat
RenV::
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
Driver::
SafeBoot
SbAlg
SbFsLock
aswSP
RsvLock
aswFsBlk
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
-------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Download and scan with CCleaner
1. Starting with v 1.27.26 (This version no. will differ), CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK " Only delete files in Windows Temp folder older than 24 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
In the Applications Tab:
4. Click the " Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click " OK" and it will scan and clean your system.
7. Click " exit" when done.
Post the Combofix log, how are things now, improved? same?
Kevin
lufian
10 Posts
0
October 1st, 2010 19:00
Hi Kevin,
BIG problem. After doing the test with combofix windows restarted and now it does not want to boot. Safe mode and "last good configuration" do not work either. There s a BSOD about half a sec each time.
Any idea what to do?
Thanks.
lufian
10 Posts
0
October 1st, 2010 20:00
Sorry I coudn't wait to try something.
- I tried to repair the startup using windows cd which didnt work
-Then I did a system restore to 7pm, which is before I did your last instructions but after the one before that. It worked but it's windows is very very slow now (maybe it will be ok after a few reboots)
Is there a way to do what you asked me but without risking that to happen again?
Thanks!
kevinf80_1d0ac6
1.1K Posts
0
October 2nd, 2010 02:00
Not sure what caused that problem, there is nothing in the CF fix script that would do that. Your system still appears to be infected, CF does make back ups that we can access from outside the OS through the Recovery environment so we always have a way to restore your system.
I`d like to back this up even further by using ERUNT to make a full back up of the OS registry as an extra precaution. Please do not run Malwarebytes until I tell you, the executible file is infected as per the CF log. It was included in the fix but may have reverted when you used sys restore.
Please proceed as follows:-
Step 1
Registry Modifications
Step 2
Delete your version of Combofix from the Desktop, download a fresh copy from any of the following links:
Link 1
Link 2
Ensure that it is saved to the Desktop again, then run as previously instructed. Postthenewlog in your reply please.
Kevin
lufian
10 Posts
0
October 2nd, 2010 21:00
Hi Kevin,
It did the same thing. Had to do a recovery (I created a recovery point before doing the test).
Do you have an idea of what is going on?
Thanks.
kevinf80_1d0ac6
1.1K Posts
0
October 3rd, 2010 01:00
It could be down to the infection, or it could be down to your on board security clashing with Combofix. It appears that Windows Defender was active during the CF runs. Malwarebytes is infected with Vundo and shows up in the CF log.
You also have some remnant drivers still on your system from an application named Safeboot, i`m not sure if those drivers are giving any conflict.
Proceed as follows please :-
Step 1
Windows Defender
Step 2
Please download VundoFix.exe to your desktop
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Step 3
Alernative D/L mirror
Alternative D/L mirror
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Post the logs from Vundofix and Malwarebytes in your repy please, Any improvements?
Kevin
lufian
10 Posts
0
October 3rd, 2010 13:00
Hi Kevin
I didn't include the two logs because nothing were found.
Here is a new HT log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:45:58 PM, on 10/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.K.P100.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.D.P100.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote 7\Texteurs\Internet Explorer\Antidote.InternetExplorer.G.P100.htm (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
--
End of file - 8475 bytes
The computer still feel slow, maybe it has nothing to do with spywares tho.
Luf.
kevinf80_1d0ac6
1.1K Posts
0
October 3rd, 2010 15:00
I`m not convinced your system is clean, lets run another diagnostic scan and see if it shows us anything untoward, as follows please :-
Step 1
Download
Link 1
Link 2
Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Step 2
Download
Link 1
Link 2
Link 3
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Kevin
lufian
10 Posts
0
October 3rd, 2010 15:00
Hi Kevin,
Here are the logs
EXTRAS
OTL Extras logfile created on: 10/3/2010 5:34:53 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\hp\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 61.80 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-701793791-606572309-436402971-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24549A80-A4C1-418C-B7E5-5D3BDB623C11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7CE33976-3A24-452C-9BFA-CF2FBD268A88}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39294AF2-5139-4035-BDDF-A76D23F4F115}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{674CF677-A016-47E7-83FD-B0721EA96564}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8956F15-A3AD-4810-BFE9-18E4E9AB93CA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D4238345-9FC8-415F-B2D8-B48213EA0810}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0CD38CF8-E2AC-41F9-AC5A-98ABD94A1276}" = ESU for Microsoft Vista SP1
"{1626FA93-8BB2-4324-80D2-D176F29BB0CC}" = Embedded Security for HP ProtectTools
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30E1C2E5-F54C-4898-9954-F425AD7C7020}" = HP ProtectTools Security Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Media Driver Ver.1.02.00.09
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{634DB771-B797-4528-82E5-7C42B4123329}" = Credential Manager for HP ProtectTools
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7A7136-1E88-4EB8-985C-1326DCE5612A}" = AuthenTec Fingerprint System
"{BEF99123-C1DC-479B-9445-DE3E026F320E}" = HP JavaCard for HP ProtectTools
"{C4518D5B-C62C-4984-A615-1FC1DD55B86A}" = Drive Encryption for HP ProtectTools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{ED98D6E5-A2B9-46B6-A4C1-07AD4F3D9A97}" = Brother HL-2170W
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hdparm" = hdparm
"HECI" = Intel(R) Management Engine Interface
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Worms Reloaded_is1" = Worms Reloaded
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10/2/2010 10:58:23 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/2/2010 11:21:07 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/2/2010 11:40:26 PM | Computer Name = hp-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 10/3/2010 12:56:47 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/3/2010 2:38:44 PM | Computer Name = hp-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver
Error - 10/3/2010 3:20:45 PM | Computer Name = hp-PC | Source = Google Update | ID = 20
Description =
Error - 10/3/2010 3:25:43 PM | Computer Name = hp-PC | Source = EventSystem | ID = 4609
Description =
Error - 10/3/2010 3:26:07 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/3/2010 3:41:10 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
Error - 10/3/2010 5:28:18 PM | Computer Name = hp-PC | Source = WinMgmt | ID = 10
Description =
[ Credential Manager Events ]
Error - 8/21/2010 4:13:32 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317
Description = The system failed to register the user credentials. User: hp@HP-PC Client
GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority:
HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:32 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:36 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317
Description = The system failed to register the user credentials. User: hp@HP-PC Client
GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority:
HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:36 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:44 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317
Description = The system failed to register the user credentials. User: hp@HP-PC Client
GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority:
HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:44 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.
Error - 8/21/2010 4:13:48 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100877317
Description = The system failed to register the user credentials. User: hp@HP-PC Client
GUID: {Password} Error: 0x8007052B Client Host: localhost Client Address: 127.0.0.1
Authority:
HP Server Host: localhost Protocol: HTTP
Error - 8/21/2010 4:13:48 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
hp@HP-PC Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.
Error - 8/23/2010 12:07:22 PM | Computer Name = hp-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: hp@HP-PC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.
Error - 8/23/2010 12:07:22 PM | Computer Name = hp-PC | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
hp@HP-PC Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client Address:
127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP
[ System Events ]
Error - 9/1/2010 3:15:00 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385
Description =
Error - 9/1/2010 4:00:30 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516
Description =
Error - 9/1/2010 4:00:30 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385
Description =
Error - 9/1/2010 4:01:08 PM | Computer Name = hp-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 172.20.116.24 for the Network Card with network
address 00216B67D81E has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 9/1/2010 4:09:54 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516
Description =
Error - 9/1/2010 4:09:54 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385
Description =
Error - 9/1/2010 7:11:01 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516
Description =
Error - 9/1/2010 7:11:01 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385
Description =
Error - 9/1/2010 8:29:44 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 516
Description =
Error - 9/1/2010 8:29:44 PM | Computer Name = hp-PC | Source = Microsoft-Windows-TBS | ID = 16385
Description =
< End of report >
OLT
OTL logfile created on: 10/3/2010 5:34:53 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\hp\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 61.80 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/10/03 17:34:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/10 10:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/07 17:03:16 | 000,354,360 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2009/08/07 16:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2009/07/29 15:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/07/28 03:06:04 | 000,078,608 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
PRC - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2009/06/11 10:17:38 | 003,618,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/02 14:38:36 | 002,058,776 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE
PRC - [2008/06/02 14:38:30 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.EXE
PRC - [2008/05/29 08:45:50 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/05/20 03:05:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008/04/04 11:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2010/10/03 17:34:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
MOD - [2009/07/28 02:59:28 | 000,089,872 | ---- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/07 16:59:00 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2009/07/29 15:28:44 | 000,256,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2009/07/29 12:43:50 | 001,201,400 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/07/28 02:59:40 | 000,192,784 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2009/07/28 02:59:34 | 000,150,288 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2009/07/19 22:23:38 | 001,107,232 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe -- (IFXSpMgtSrv)
SRV - [2009/07/19 22:18:10 | 000,214,304 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2009/07/19 21:44:36 | 000,984,352 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/06/02 14:38:36 | 002,058,776 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.EXE -- (UNS) Intel(R)
SRV - [2008/06/02 14:38:30 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.EXE -- (LMS) Intel(R)
SRV - [2008/05/20 03:05:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/04/08 08:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 12:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/01 18:25:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/14 11:33:40 | 000,245,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2010/04/05 10:42:44 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2010/03/01 14:56:28 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/07/29 15:30:28 | 000,051,408 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2009/07/29 15:30:20 | 000,012,960 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2009/07/29 15:30:18 | 000,012,528 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\Windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2009/07/29 15:30:16 | 000,109,216 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/19 22:17:36 | 000,039,712 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2008/06/24 15:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/12 14:43:16 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/05/27 09:52:30 | 000,382,976 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/14 14:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/07 18:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 18:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/27 07:39:58 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008/03/26 10:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/29 16:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2010/10/01 17:02:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\HEWLET~1\IAM\Bin\APSHook.dll) - C:\Program Files\Hewlett-Packard\IAM\Bin\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/10/03 17:30:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2010/10/03 17:22:16 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\hp\Desktop\TFC.exe
[2010/10/03 15:29:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/03 15:29:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/03 15:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/03 13:37:14 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\brlmw03a.dll
[2010/10/03 13:37:12 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BROSNMP.DLL
[2010/10/03 13:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2010/10/03 13:37:05 | 000,094,208 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2010/10/03 13:37:05 | 000,024,223 | ---- | C] (brother Industries Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2010/10/03 13:37:04 | 000,196,608 | ---- | C] (brother) -- C:\Windows\System32\Pdrvinst.dll
[2010/10/03 13:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2010/10/03 12:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2010/10/03 10:14:11 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/10/03 10:13:30 | 000,119,808 | ---- | C] (Atribune.org) -- C:\Users\hp\Desktop\VundoFix.exe
[2010/10/02 22:16:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/02 17:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/02 14:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/10/02 14:24:46 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/10/02 14:24:46 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/10/02 14:24:46 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/10/02 14:24:18 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/10/02 14:24:17 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/10/02 14:24:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/10/02 14:24:16 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/10/02 14:24:16 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/10/02 14:24:16 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/10/02 14:24:16 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/10/02 14:24:16 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/10/02 14:24:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/10/02 14:24:16 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/10/02 14:24:16 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/10/02 14:24:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/10/02 14:24:15 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/10/02 14:24:15 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/10/02 14:24:15 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/10/02 14:24:15 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/10/02 14:24:15 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/10/02 14:24:15 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/10/02 14:24:15 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/10/02 14:24:15 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/10/02 14:24:15 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/10/02 14:24:15 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/10/02 14:24:15 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/10/02 14:24:15 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/10/02 14:24:15 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/10/02 14:23:49 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/10/02 14:23:49 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/10/02 14:23:47 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/10/02 14:23:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/10/02 14:23:44 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/10/02 14:23:44 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/10/02 14:23:44 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/02 14:23:44 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/10/02 14:23:44 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/10/02 14:23:44 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/10/02 14:23:44 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/10/02 14:23:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/10/02 14:22:49 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/10/02 14:22:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/10/02 13:46:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/10/02 13:46:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/10/02 13:46:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/10/02 12:28:40 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\uTorrent
[2010/10/02 10:56:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/10/02 10:54:41 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/10/02 10:54:36 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2010/10/02 10:54:34 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010/10/02 10:54:34 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010/10/02 10:54:32 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/10/02 10:54:29 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/10/02 10:54:27 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/10/02 10:54:27 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2010/10/02 10:54:25 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/10/02 10:54:24 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2010/10/02 10:54:23 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2010/10/02 10:54:22 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2010/10/02 10:54:21 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010/10/02 10:54:21 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010/10/02 10:54:19 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/10/02 10:54:18 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2010/10/02 10:54:18 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2010/10/02 10:54:17 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2010/10/02 10:54:17 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2010/10/02 10:54:16 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2010/10/02 10:54:15 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2010/10/02 10:54:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2010/10/02 10:54:13 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/10/02 10:54:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2010/10/02 10:54:12 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/10/02 10:54:12 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/10/02 10:54:11 | 001,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2010/10/02 10:54:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/10/02 10:54:10 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2010/10/02 10:54:10 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010/10/02 10:54:09 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2010/10/02 10:54:09 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/10/02 10:54:08 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2010/10/02 10:54:08 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/02 10:54:08 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2010/10/02 10:54:06 | 000,556,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pmcsnap.dll
[2010/10/02 10:54:05 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2010/10/02 10:54:02 | 001,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2010/10/02 10:54:02 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2010/10/02 10:54:01 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2010/10/02 10:54:01 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2010/10/02 10:54:01 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2010/10/02 10:53:59 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/10/02 10:53:59 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2010/10/02 10:53:59 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/10/02 10:53:59 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/10/02 10:53:59 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2010/10/02 10:53:58 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2010/10/02 10:53:58 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2010/10/02 10:53:58 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2010/10/02 10:53:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010/10/02 10:53:57 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2010/10/02 10:53:56 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2010/10/02 10:53:56 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010/10/02 10:53:56 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2010/10/02 10:53:55 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/10/02 10:53:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2010/10/02 10:53:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2010/10/02 10:53:54 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2010/10/02 10:53:54 | 000,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2010/10/02 10:53:54 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2010/10/02 10:53:54 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2010/10/02 10:53:54 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/10/02 10:53:53 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2010/10/02 10:53:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2010/10/02 10:53:52 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2010/10/02 10:53:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2010/10/02 10:53:51 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2010/10/02 10:53:51 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2010/10/02 10:53:51 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2010/10/02 10:53:51 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/10/02 10:53:51 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2010/10/02 10:53:50 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2010/10/02 10:53:50 | 001,514,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2010/10/02 10:53:49 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2010/10/02 10:53:49 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2010/10/02 10:53:48 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010/10/02 10:53:48 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2010/10/02 10:53:47 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2010/10/02 10:53:47 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/10/02 10:53:47 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/10/02 10:53:46 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/02 10:53:44 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2010/10/02 10:53:44 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2010/10/02 10:53:42 | 001,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2010/10/02 10:53:42 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2010/10/02 10:53:42 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2010/10/02 10:53:41 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2010/10/02 10:53:41 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2010/10/02 10:53:41 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2010/10/02 10:53:40 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2010/10/02 10:53:40 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/10/02 10:53:39 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/10/02 10:53:39 | 000,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2010/10/02 10:53:38 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2010/10/02 10:53:38 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/10/02 10:53:38 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010/10/02 10:53:37 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2010/10/02 10:53:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2010/10/02 10:53:36 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2010/10/02 10:53:36 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/10/02 10:53:35 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2010/10/02 10:53:34 | 001,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2010/10/02 10:53:34 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2010/10/02 10:53:34 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2010/10/02 10:53:34 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2010/10/02 10:53:34 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2010/10/02 10:53:33 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/10/02 10:53:33 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/10/02 10:53:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/10/02 10:53:32 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2010/10/02 10:53:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2010/10/02 10:53:31 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/10/02 10:53:30 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2010/10/02 10:53:28 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2010/10/02 10:53:28 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2010/10/02 10:53:28 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2010/10/02 10:53:28 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2010/10/02 10:53:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010/10/02 10:53:27 | 000,840,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WFS.exe
[2010/10/02 10:53:27 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2010/10/02 10:53:27 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010/10/02 10:53:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/10/02 10:53:26 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2010/10/02 10:53:26 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2010/10/02 10:53:26 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2010/10/02 10:53:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2010/10/02 10:53:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2010/10/02 10:53:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2010/10/02 10:53:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2010/10/02 10:53:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2010/10/02 10:53:24 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2010/10/02 10:53:24 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2010/10/02 10:53:24 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/10/02 10:53:23 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2010/10/02 10:53:23 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2010/10/02 10:53:23 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/02 10:53:23 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2010/10/02 10:53:23 | 000,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2010/10/02 10:53:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2010/10/02 10:53:23 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2010/10/02 10:53:23 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/10/02 10:53:23 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/10/02 10:53:22 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/02 10:53:22 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2010/10/02 10:53:22 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010/10/02 10:53:21 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2010/10/02 10:53:21 | 000,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2010/10/02 10:53:21 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/10/02 10:53:21 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/10/02 10:53:20 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrptadm.dll
[2010/10/02 10:53:20 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2010/10/02 10:53:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2010/10/02 10:53:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/10/02 10:53:20 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2010/10/02 10:53:19 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/10/02 10:53:19 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2010/10/02 10:53:19 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010/10/02 10:53:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2010/10/02 10:53:19 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2010/10/02 10:53:19 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/10/02 10:53:18 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2010/10/02 10:53:18 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2010/10/02 10:53:17 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2010/10/02 10:53:17 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/10/02 10:53:17 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2010/10/02 10:53:17 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2010/10/02 10:53:17 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2010/10/02 10:53:16 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2010/10/02 10:53:16 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2010/10/02 10:53:16 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2010/10/02 10:53:16 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2010/10/02 10:53:16 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2010/10/02 10:53:16 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2010/10/02 10:53:16 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2010/10/02 10:53:16 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2010/10/02 10:53:16 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/10/02 10:53:14 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2010/10/02 10:53:14 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/02 10:53:14 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2010/10/02 10:53:13 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2010/10/02 10:53:11 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2010/10/02 10:53:10 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2010/10/02 10:53:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2010/10/02 10:53:10 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2010/10/02 10:53:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2010/10/02 10:53:10 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2010/10/02 10:53:10 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/10/02 10:53:10 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/10/02 10:53:09 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2010/10/02 10:53:09 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/10/02 10:53:09 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2010/10/02 10:53:09 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2010/10/02 10:53:09 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2010/10/02 10:53:08 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2010/10/02 10:53:08 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2010/10/02 10:53:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2010/10/02 10:53:07 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2010/10/02 10:53:07 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2010/10/02 10:53:07 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2010/10/02 10:53:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/10/02 10:53:07 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2010/10/02 10:53:07 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2010/10/02 10:53:07 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2010/10/02 10:53:07 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2010/10/02 10:53:06 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2010/10/02 10:53:06 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2010/10/02 10:53:06 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2010/10/02 10:53:06 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2010/10/02 10:53:06 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/10/02 10:53:06 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2010/10/02 10:53:06 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2010/10/02 10:53:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2010/10/02 10:53:05 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2010/10/02 10:53:05 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2010/10/02 10:53:05 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2010/10/02 10:53:05 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2010/10/02 10:53:05 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2010/10/02 10:53:05 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2010/10/02 10:53:05 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2010/10/02 10:53:05 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/10/02 10:53:04 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2010/10/02 10:53:04 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2010/10/02 10:53:04 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2010/10/02 10:53:04 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2010/10/02 10:53:04 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2010/10/02 10:53:04 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2010/10/02 10:53:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2010/10/02 10:53:04 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2010/10/02 10:53:04 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2010/10/02 10:53:04 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2010/10/02 10:53:04 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/10/02 10:53:04 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010/10/02 10:53:03 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2010/10/02 10:53:03 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2010/10/02 10:53:03 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2010/10/02 10:53:03 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2010/10/02 10:53:03 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2010/10/02 10:53:03 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2010/10/02 10:53:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2010/10/02 10:53:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2010/10/02 10:53:02 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2010/10/02 10:53:02 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2010/10/02 10:53:02 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2010/10/02 10:53:02 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2010/10/02 10:53:02 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2010/10/02 10:53:02 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/10/02 10:53:02 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2010/10/02 10:53:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2010/10/02 10:53:01 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2010/10/02 10:53:01 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2010/10/02 10:53:01 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2010/10/02 10:53:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2010/10/02 10:53:01 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2010/10/02 10:53:00 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2010/10/02 10:53:00 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2010/10/02 10:53:00 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2010/10/02 10:53:00 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2010/10/02 10:53:00 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010/10/02 10:53:00 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/10/02 10:53:00 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2010/10/02 10:53:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2010/10/02 10:53:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2010/10/02 10:53:00 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/10/02 10:53:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/10/02 10:52:59 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/02 10:52:59 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2010/10/02 10:52:59 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2010/10/02 10:52:59 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/10/02 10:52:59 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2010/10/02 10:52:59 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2010/10/02 10:52:58 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2010/10/02 10:52:58 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2010/10/02 10:52:58 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2010/10/02 10:52:58 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2010/10/02 10:52:58 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010/10/02 10:52:58 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2010/10/02 10:52:58 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsiw.dll
[2010/10/02 10:52:58 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2010/10/02 10:52:57 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2010/10/02 10:52:57 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2010/10/02 10:52:57 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscobj.dll
[2010/10/02 10:52:57 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2010/10/02 10:52:57 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2010/10/02 10:52:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2010/10/02 10:52:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2010/10/02 10:52:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2010/10/02 10:52:56 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2010/10/02 10:52:56 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010/10/02 10:52:56 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2010/10/02 10:52:56 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2010/10/02 10:52:56 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2010/10/02 10:52:56 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2010/10/02 10:52:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/10/02 10:52:56 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/10/02 10:52:56 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2010/10/02 10:52:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2010/10/02 10:52:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2010/10/02 10:52:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2010/10/02 10:52:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2010/10/02 10:52:56 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2010/10/02 10:52:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2010/10/02 10:52:56 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2010/10/02 10:52:55 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2010/10/02 10:52:55 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2010/10/02 10:52:55 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2010/10/02 10:52:55 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2010/10/02 10:52:55 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2010/10/02 10:52:55 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2010/10/02 10:52:55 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/10/02 10:52:55 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2010/10/02 10:52:55 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2010/10/02 10:52:55 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2010/10/02 10:52:55 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2010/10/02 10:52:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2010/10/02 10:52:55 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2010/10/02 10:52:55 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2010/10/02 10:52:55 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2010/10/02 10:52:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2010/10/02 10:52:55 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2010/10/02 10:52:54 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2010/10/02 10:52:54 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2010/10/02 10:52:54 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2010/10/02 10:52:54 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2010/10/02 10:52:54 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/10/02 10:52:54 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/02 10:52:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2010/10/02 10:52:54 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2010/10/02 10:52:54 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2010/10/02 10:52:54 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2010/10/02 10:52:54 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2010/10/02 10:52:54 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2010/10/02 10:52:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2010/10/02 10:52:54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2010/10/02 10:52:54 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2010/10/02 10:52:53 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/10/02 10:52:53 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2010/10/02 10:52:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2010/10/02 10:52:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2010/10/02 10:52:53 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2010/10/02 10:52:53 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2010/10/02 10:52:53 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2010/10/02 10:52:52 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2010/10/02 10:52:52 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2010/10/02 10:52:52 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/02 10:52:52 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2010/10/02 10:52:52 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2010/10/02 10:52:52 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscfgwmi.dll
[2010/10/02 10:52:52 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/10/02 10:52:52 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2010/10/02 10:52:52 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CscMig.dll
[2010/10/02 10:52:52 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2010/10/02 10:52:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/10/02 10:52:51 | 002,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2010/10/02 10:52:51 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2010/10/02 10:52:51 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2010/10/02 10:52:51 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/10/02 10:52:51 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2010/10/02 10:52:51 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2010/10/02 10:52:51 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2010/10/02 10:52:51 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/02 10:52:51 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpclip.exe
[2010/10/02 10:52:51 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2010/10/02 10:52:51 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2010/10/02 10:52:51 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2010/10/02 10:52:51 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2010/10/02 10:52:51 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/02 10:52:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2010/10/02 10:52:51 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2010/10/02 10:52:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2010/10/02 10:52:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2010/10/02 10:52:51 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2010/10/02 10:52:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2010/10/02 10:52:51 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprnext.dll
[2010/10/02 10:52:50 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2010/10/02 10:52:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2010/10/02 10:52:50 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2010/10/02 10:52:50 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2010/10/02 10:52:50 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2010/10/02 10:52:50 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp.dll
[2010/10/02 10:52:50 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/02 10:52:50 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2010/10/02 10:52:50 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2010/10/02 10:52:50 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2010/10/02 10:52:50 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2010/10/02 10:52:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2010/10/02 10:52:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2010/10/02 10:52:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2010/10/02 10:52:50 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2010/10/02 10:52:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2010/10/02 10:52:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2010/10/02 10:52:49 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2010/10/02 10:52:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2010/10/02 10:52:49 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2010/10/02 10:52:49 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2010/10/02 10:52:49 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2010/10/02 10:52:49 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2010/10/02 10:52:49 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2010/10/02 10:52:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010/10/02 10:52:49 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2010/10/02 10:52:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2010/10/02 10:52:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010/10/02 10:52:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2010/10/02 10:52:49 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.exe
[2010/10/02 10:52:49 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2010/10/02 10:52:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2010/10/02 10:52:49 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2010/10/02 10:52:48 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2010/10/02 10:52:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2010/10/02 10:52:48 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2010/10/02 10:52:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2010/10/02 10:52:48 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010/10/02 10:52:48 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2010/10/02 10:52:48 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2010/10/02 10:52:48 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpscript.dll
[2010/10/02 10:52:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qprocess.exe
[2010/10/02 10:52:48 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgport.exe
[2010/10/02 10:52:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2010/10/02 10:52:47 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2010/10/02 10:52:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2010/10/02 10:52:47 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2010/10/02 10:52:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tskill.exe
[2010/10/02 10:52:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscon.exe
[2010/10/02 10:52:47 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qappsrv.exe
[2010/10/02 10:52:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shadow.exe
[2010/10/02 10:52:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rwinsta.exe
[2010/10/02 10:52:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chgusr.exe
[2010/10/02 10:52:47 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chglogon.exe
[2010/10/02 10:52:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logoff.exe
[2010/10/02 10:52:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2010/10/02 10:52:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2010/10/02 10:52:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2010/10/02 10:52:46 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsdiscon.exe
[2010/10/02 10:52:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2010/10/02 10:52:45 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2010/10/02 10:52:45 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2010/10/02 10:52:45 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2010/10/02 10:52:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2010/10/02 10:52:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/02 10:52:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reset.exe
[2010/10/02 10:52:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2010/10/02 10:52:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\change.exe
[2010/10/02 10:52:45 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\query.exe
[2010/10/02 10:52:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/10/02 10:52:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2010/10/02 10:52:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2010/10/02 10:52:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2010/10/02 10:52:32 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2010/10/02 10:52:29 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2010/10/02 10:52:29 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2010/10/02 10:52:21 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2010/10/01 20:52:37 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\temp
[2010/10/01 18:32:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/01 18:32:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/01 18:32:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/01 18:21:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/01 18:20:43 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/01 18:20:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/01 18:20:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/01 18:20:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/01 18:20:41 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/01 18:20:41 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/01 18:20:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/01 18:20:40 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/01 18:20:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/01 18:20:39 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/01 18:20:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/01 18:20:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/01 18:20:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/01 18:20:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/01 18:20:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/01 18:20:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/01 18:20:28 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/01 18:20:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/01 18:20:26 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/01 18:20:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/10/01 18:20:13 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/10/01 18:20:12 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/10/01 18:19:55 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/01 18:19:51 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/01 18:19:49 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/01 18:19:37 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/01 18:19:36 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/01 18:19:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/01 18:19:10 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/10/01 17:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/01 17:08:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/01 16:47:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/29 23:48:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/09/29 23:48:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/09/29 23:48:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/09/29 23:42:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/29 23:40:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/29 11:05:11 | 000,077,912 | ---- | C] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/09/28 15:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/09/28 13:15:04 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010/09/28 10:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/27 15:38:35 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/27 15:38:34 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/27 15:38:33 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/27 15:38:32 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/27 15:38:30 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/27 15:37:56 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/27 15:37:56 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/27 15:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/27 15:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/27 12:36:42 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/09/26 23:14:39 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Malwarebytes
[2010/09/26 23:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/26 23:09:24 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Threat Expert
[2010/09/26 23:02:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/09/26 23:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/26 22:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/26 22:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/26 22:12:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/09/26 22:08:42 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/25 20:33:05 | 000,000,000 | ---D | C] -- C:\Program Files\hdparm
[2010/09/25 20:26:21 | 000,000,000 | ---D | C] -- C:\Users\hp\Desktop\HDDScan-3.3
[2010/09/19 14:16:40 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Foxit Software
[2010/09/19 14:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/09/18 16:44:43 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Apps
[2010/09/15 15:46:28 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010/09/15 15:46:28 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010/09/15 15:46:28 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010/09/15 15:46:27 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010/09/15 15:46:27 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010/09/15 15:46:27 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010/09/15 15:46:27 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010/09/15 15:46:26 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010/09/15 15:46:26 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010/09/15 15:46:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010/09/15 15:46:26 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010/09/15 15:46:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010/09/15 15:46:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010/09/15 15:46:25 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010/09/15 15:46:25 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010/09/15 15:46:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010/09/15 15:46:24 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010/09/15 15:46:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010/09/15 15:46:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010/09/15 15:46:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010/09/15 15:46:24 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010/09/15 15:46:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010/09/15 15:46:17 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010/09/15 15:46:17 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010/09/15 15:46:17 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010/09/15 15:46:17 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010/09/15 15:46:12 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010/09/15 15:46:12 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010/09/15 15:46:11 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010/09/15 15:46:11 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010/09/15 15:46:11 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010/09/15 15:46:11 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010/09/15 15:46:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010/09/15 15:45:50 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010/09/15 15:45:50 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010/09/15 15:45:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010/09/15 15:45:50 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010/09/15 15:45:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010/09/15 15:45:50 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010/09/15 15:45:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010/09/15 15:45:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010/09/15 15:45:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010/09/15 15:45:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010/09/15 15:45:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010/09/15 15:45:49 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010/09/15 15:45:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010/09/15 15:45:48 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010/09/15 15:45:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/09/15 15:45:45 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/09/15 15:45:45 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/09/15 15:45:45 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010/09/15 15:45:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010/09/15 15:45:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010/09/15 15:45:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010/09/15 15:45:44 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010/09/15 15:45:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010/09/15 15:45:43 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010/09/15 15:45:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010/09/15 15:45:43 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010/09/15 15:45:41 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010/09/15 15:45:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010/09/15 15:45:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010/09/15 15:45:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010/09/15 15:45:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010/09/15 15:45:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010/09/15 15:45:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010/09/15 15:45:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010/09/15 15:45:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010/09/15 15:44:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010/09/15 15:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\Team17
[2010/09/08 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Local\Microsoft Games
[2010/09/07 21:01:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/09/07 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
========== Files - Modified Within 30 Days ==========
[2010/10/03 17:39:17 | 003,145,728 | -HS- | M] () -- C:\Users\hp\ntuser.dat
[2010/10/03 17:34:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\OTL.exe
[2010/10/03 17:34:04 | 000,759,570 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/03 17:34:04 | 000,642,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/03 17:34:04 | 000,120,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/03 17:28:22 | 000,000,285 | ---- | M] () -- C:\Windows\Brownie.ini
[2010/10/03 17:28:01 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/03 17:27:56 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 17:27:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/03 17:27:55 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/03 17:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/03 17:27:42 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/03 17:26:20 | 000,524,288 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{ffa4f24c-a642-11df-bf3a-002622b35022}.TMContainer00000000000000000001.regtrans-ms
[2010/10/03 17:26:20 | 000,065,536 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{ffa4f24c-a642-11df-bf3a-002622b35022}.TM.blf
[2010/10/03 17:22:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\TFC.exe
[2010/10/03 16:59:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/03 15:51:37 | 000,002,517 | ---- | M] () -- C:\Users\hp\Desktop\HiJackThis.lnk
[2010/10/03 15:29:36 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 13:37:57 | 000,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/10/03 13:37:55 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2170W.DAT
[2010/10/03 13:37:51 | 000,009,868 | ---- | M] () -- C:\Windows\HL-2170W.INI
[2010/10/03 13:37:51 | 000,000,146 | ---- | M] () -- C:\Windows\BRVIDEO.INI
[2010/10/03 13:37:51 | 000,000,000 | ---- | M] () -- C:\Windows\brmx2001.ini
[2010/10/03 13:01:20 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6F2FA59-BFC0-4DA9-B15D-C691B979C54F}.job
[2010/10/03 10:13:33 | 000,119,808 | ---- | M] (Atribune.org) -- C:\Users\hp\Desktop\VundoFix.exe
[2010/10/02 17:48:35 | 003,859,570 | ---- | M] () -- C:\Users\hp\Desktop\ComboFix.exe
[2010/10/02 17:43:10 | 000,000,714 | ---- | M] () -- C:\Users\hp\Desktop\ERUNT.lnk
[2010/10/02 14:27:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/02 14:27:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/02 13:51:19 | 000,364,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/02 13:42:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/10/01 22:42:41 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/10/01 19:09:40 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/10/01 17:03:00 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/10/01 17:02:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/30 19:34:39 | 000,015,872 | ---- | M] () -- C:\Users\hp\Desktop\Book1.xls
[2010/09/30 19:10:59 | 000,000,162 | -H-- | M] () -- C:\Users\hp\Desktop\~$leursmobilières.docx.doc
[2010/09/30 13:29:59 | 000,067,072 | ---- | M] () -- C:\Users\hp\Desktop\Valeursmobilières.docx.doc
[2010/09/30 00:30:30 | 000,869,051 | ---- | M] () -- C:\Users\hp\Desktop\SecurityCheck.exe
[2010/09/29 11:05:11 | 000,077,912 | ---- | M] (Kaspersky Lab, SLA) -- C:\Windows\System32\drivers\klmdb.sys
[2010/09/28 17:51:19 | 004,936,024 | ---- | M] () -- C:\Users\hp\Desktop\Guidetech_FR.unlocked[1].pdf
[2010/09/28 17:29:32 | 004,941,564 | ---- | M] () -- C:\Users\hp\Desktop\Guidetech_FR.pdf
[2010/09/28 15:34:24 | 000,001,553 | ---- | M] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/09/28 13:15:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/09/28 13:15:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/09/28 13:06:10 | 000,032,962 | ---- | M] () -- C:\Users\hp\Documents\cc_20100928_130606.reg
[2010/09/28 13:05:14 | 000,000,804 | ---- | M] () -- C:\Users\hp\Desktop\CCleaner.lnk
[2010/09/27 15:38:38 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/27 15:38:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/09/27 12:36:42 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/09/27 09:05:20 | 000,006,272 | ---- | M] () -- C:\Users\hp\Documents\cc_20100927_090329.reg
[2010/09/25 20:38:16 | 000,000,064 | ---- | M] () -- C:\Users\hp\Desktop\click.bat
[2010/09/25 20:26:28 | 000,015,360 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/21 18:58:13 | 000,069,194 | ---- | M] () -- C:\Users\hp\Desktop\***.html
[2010/09/20 14:49:24 | 000,041,738 | ---- | M] () -- C:\Users\hp\Desktop\Hydro-Qué...pdf
[2010/09/20 14:49:15 | 000,079,970 | ---- | M] () -- C:\Users\hp\Desktop\McGill 2007csc4.pdf
[2010/09/20 14:49:10 | 000,071,448 | ---- | M] () -- C:\Users\hp\Desktop\Sears 1985.pdf
[2010/09/19 14:16:00 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/09/18 19:24:45 | 000,027,648 | ---- | M] () -- C:\Users\hp\Desktop\Questions en litige (Giacomo, Louis-Philippe)(3) .doc
[2010/09/17 19:24:31 | 000,028,672 | ---- | M] () -- C:\Users\hp\Desktop\Questions en litige.doc
[2010/09/15 15:35:31 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/15 14:39:29 | 000,014,602 | ---- | M] () -- C:\Users\hp\Desktop\Worms_Reloaded_SKiDROW_O-Demonoid.com-O_6594004.6982.torrent
[2010/09/14 00:15:27 | 000,027,174 | ---- | M] () -- C:\Users\hp\Desktop\Actualite financiere - SHORT (3) [1]+ CORRECTION.docx
[2010/09/13 15:12:12 | 000,083,504 | ---- | M] () -- C:\Users\hp\Desktop\L.docx
[2010/09/09 12:21:26 | 1467,602,944 | ---- | M] () -- C:\Users\hp\Desktop\Ousmane Sembene - Ceddo.avi
[2010/09/07 21:06:47 | 003,216,247 | ---- | M] () -- C:\Users\hp\Desktop\L. Raynault-Ollu 2.mp3
[2010/09/07 21:06:22 | 001,702,537 | ---- | M] () -- C:\Users\hp\Desktop\L. Raynault-Ollu .mp3
[2010/09/07 21:02:09 | 000,007,685 | ---- | M] () -- C:\Users\hp\Desktop\Lola.mid
[2010/09/07 11:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/09/07 11:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/09/06 16:20:24 | 000,011,264 | ---- | M] () -- C:\Users\hp\Desktop\New Microsoft Word Document.doc
========== Files Created - No Company Name ==========
[2010/10/03 15:40:20 | 3116,646,400 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/03 15:29:36 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/03 13:37:57 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/03 13:37:55 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2170W.DAT
[2010/10/03 13:37:51 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/10/03 13:37:51 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/10/03 13:37:14 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2010/10/03 13:37:12 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/10/03 13:35:28 | 000,000,285 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/10/02 17:48:29 | 003,859,570 | ---- | C] () -- C:\Users\hp\Desktop\ComboFix.exe
[2010/10/02 17:43:10 | 000,000,714 | ---- | C] () -- C:\Users\hp\Desktop\ERUNT.lnk
[2010/10/02 14:27:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/10/02 14:27:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/10/02 13:42:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
[2010/10/02 10:53:58 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2010/10/02 10:53:55 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2010/10/02 10:53:47 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2010/10/02 10:53:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/02 10:53:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/10/02 10:53:39 | 003,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2010/10/02 10:53:38 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2010/10/02 10:53:34 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2010/10/02 10:53:18 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2010/10/02 10:53:16 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2010/10/02 10:52:49 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/10/02 10:52:45 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2010/10/02 10:52:42 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2010/10/01 22:42:41 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/30 19:34:39 | 000,015,872 | ---- | C] () -- C:\Users\hp\Desktop\Book1.xls
[2010/09/30 19:10:59 | 000,000,162 | -H-- | C] () -- C:\Users\hp\Desktop\~$leursmobilières.docx.doc
[2010/09/30 13:29:57 | 000,067,072 | ---- | C] () -- C:\Users\hp\Desktop\Valeursmobilières.docx.doc
[2010/09/30 00:30:10 | 000,869,051 | ---- | C] () -- C:\Users\hp\Desktop\SecurityCheck.exe
[2010/09/29 23:48:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/09/29 23:48:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/09/29 23:48:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/09/29 23:48:32 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/09/29 23:48:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/28 17:52:43 | 004,936,024 | ---- | C] () -- C:\Users\hp\Desktop\Guidetech_FR.unlocked[1].pdf
[2010/09/28 17:41:04 | 004,941,564 | ---- | C] () -- C:\Users\hp\Desktop\Guidetech_FR.pdf
[2010/09/28 15:34:24 | 000,001,553 | ---- | C] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2010/09/28 13:15:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/09/28 13:15:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/09/28 13:15:08 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/09/28 13:06:08 | 000,032,962 | ---- | C] () -- C:\Users\hp\Documents\cc_20100928_130606.reg
[2010/09/28 10:59:55 | 000,002,517 | ---- | C] () -- C:\Users\hp\Desktop\HiJackThis.lnk
[2010/09/27 22:50:25 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/09/27 15:38:38 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/27 09:03:33 | 000,006,272 | ---- | C] () -- C:\Users\hp\Documents\cc_20100927_090329.reg
[2010/09/25 20:37:53 | 000,000,064 | ---- | C] () -- C:\Users\hp\Desktop\click.bat
[2010/09/21 18:58:12 | 000,069,194 | ---- | C] () -- C:\Users\hp\Desktop\***.html
[2010/09/20 14:49:25 | 000,041,738 | ---- | C] () -- C:\Users\hp\Desktop\Hydro-Qué...pdf
[2010/09/20 14:49:17 | 000,079,970 | ---- | C] () -- C:\Users\hp\Desktop\McGill 2007csc4.pdf
[2010/09/20 14:49:10 | 000,071,448 | ---- | C] () -- C:\Users\hp\Desktop\Sears 1985.pdf
[2010/09/20 14:04:28 | 000,000,416 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6F2FA59-BFC0-4DA9-B15D-C691B979C54F}.job
[2010/09/19 14:16:00 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/09/18 16:03:16 | 000,027,648 | ---- | C] () -- C:\Users\hp\Desktop\Questions en litige (Giacomo, Louis-Philippe)(3) .doc
[2010/09/17 16:19:17 | 000,028,672 | ---- | C] () -- C:\Users\hp\Desktop\Questions en litige.doc
[2010/09/15 15:35:31 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Worms Reloaded.lnk
[2010/09/15 14:39:29 | 000,014,602 | ---- | C] () -- C:\Users\hp\Desktop\Worms_Reloaded_SKiDROW_O-Demonoid.com-O_6594004.6982.torrent
[2010/09/14 00:15:27 | 000,027,174 | ---- | C] () -- C:\Users\hp\Desktop\Actualite financiere - SHORT (3) [1]+ CORRECTION.docx
[2010/09/13 15:03:51 | 000,083,504 | ---- | C] () -- C:\Users\hp\Desktop\L.docx
[2010/09/07 21:06:42 | 003,216,247 | ---- | C] () -- C:\Users\hp\Desktop\L. Raynault-Ollu 2.mp3
[2010/09/07 21:06:19 | 001,702,537 | ---- | C] () -- C:\Users\hp\Desktop\L. Raynault-Ollu .mp3
[2010/09/07 21:02:32 | 000,007,685 | ---- | C] () -- C:\Users\hp\Desktop\Lola.mid
[2010/09/07 18:27:34 | 1467,602,944 | ---- | C] () -- C:\Users\hp\Desktop\Ousmane Sembene - Ceddo.avi
[2010/09/06 16:20:24 | 000,011,264 | ---- | C] () -- C:\Users\hp\Desktop\New Microsoft Word Document.doc
[2010/08/26 16:23:22 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\FnF4.txt
[2010/08/12 17:05:34 | 000,015,360 | ---- | C] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 20:27:16 | 000,000,093 | ---- | C] () -- C:\Windows\Antidote7.ini
[2010/07/03 16:05:40 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/12 15:52:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2010/05/12 15:52:15 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2010/05/12 15:52:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2010/05/12 15:52:15 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2010/05/12 15:52:15 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2010/05/12 15:52:15 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2010/05/12 15:37:57 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\QSwitch.txt
[2010/05/12 15:37:57 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\DSwitch.txt
[2010/05/12 15:37:57 | 000,000,000 | ---- | C] () -- C:\Users\hp\AppData\Local\AtStart.txt
[2010/05/12 15:13:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1502.dll
[2010/05/12 14:27:36 | 000,000,680 | ---- | C] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2009/07/29 15:30:16 | 000,109,216 | ---- | C] () -- C:\Windows\System32\drivers\SafeBoot.sys
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
========== LOP Check ==========
[2010/10/01 19:09:40 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/10/03 17:26:21 | 000,025,454 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/03 13:01:20 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6F2FA59-BFC0-4DA9-B15D-C691B979C54F}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/10/01 17:00:14 | 000,005,243 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/05/12 15:19:59 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/05/12 18:15:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/05/12 15:17:36 | 000,000,086 | ---- | M] () -- C:\chicony.log
[2010/10/02 23:04:10 | 000,017,985 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/03 17:27:42 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 15:16:22 | 000,054,176 | ---- | M] () -- C:\intel_chipset.log
[2010/09/01 11:37:44 | 000,087,671 | ---- | M] () -- C:\M1319.log
[2010/10/03 17:27:40 | 3430,174,720 | -HS- | M] () -- C:\pagefile.sys
[2010/05/12 15:52:45 | 000,000,163 | ---- | M] () -- C:\Setup.log
[2010/05/12 15:13:01 | 000,000,083 | ---- | M] () -- C:\SYNTPAD.LOG
[2010/09/29 11:00:06 | 000,062,278 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_29.09.2010_10.58.56_log.txt
[2010/09/29 11:05:22 | 000,062,518 | ---- | M] () -- C:\TDSSKiller.2.4.3.0_29.09.2010_11.03.07_log.txt
[2010/10/03 10:47:30 | 000,000,137 | ---- | M] () -- C:\VundoFix.txt
[2010/05/12 15:49:36 | 000,000,086 | ---- | M] () -- C:\webcam.log
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2008/01/20 23:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-02 18:25:18
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Thanks a lot, again...
Luf.