Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible keylogger or spyware.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible keylogger or spyware.

Unread postby blackion » January 12th, 2010, 5:36 am

I believe I may have spyware or a keylogger on my pc.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:53 AM, on 1/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 3299 bytes

Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
AIM Lite 0.33
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner
Conexant HD Audio
GOM Player
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Easy Setup - Core
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Update
HP User Guide 0049
HPAsset component for HP Active Support Library
Intel(R) Network Connections Drivers
iTunes
Java(TM) 6 Update 13
Java(TM) SE Runtime Environment 6
League of Legends
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenOffice.org 3.1
QuickTime
Sonic Activation Module
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warcraft III
WC3Banlist
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR archiver
World of Warcraft

blackion
Active Member
 
Posts: 4
Joined: January 12th, 2010, 5:10 am
Advertisement
Register to Remove

Re: Possible keylogger or spyware.

Unread postby peku006 » January 19th, 2010, 4:57 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Possible keylogger or spyware.

Unread postby blackion » January 21st, 2010, 11:32 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brandon at 2010-01-21 22:23:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 107 GB (73%) free of 146 GB
Total RAM: 2045 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:08 PM, on 1/21/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Brandon\Documents\RSIT.exe
C:\Program Files\trend micro\Brandon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 3589 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-28 46704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-01-21 22:23:35 ----D---- C:\Program Files\trend micro
2010-01-21 22:23:33 ----D---- C:\rsit
2010-01-21 13:00:31 ----D---- C:\ProgramData\vsosdk
2010-01-21 12:23:48 ----D---- C:\Users\Brandon\AppData\Roaming\Vso
2010-01-21 12:22:53 ----D---- C:\Program Files\ConvertX
2010-01-19 19:27:00 ----D---- C:\Windows\system32\?j???j?j?j?j?j?j
2010-01-19 13:42:58 ----A---- C:\Windows\IsUninst.exe
2010-01-18 00:14:29 ----A---- C:\Windows\system32\t2embed.dll
2010-01-18 00:14:29 ----A---- C:\Windows\system32\fontsub.dll
2010-01-07 02:56:56 ----D---- C:\Users\Brandon\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2010-01-07 02:23:03 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-01-07 02:23:03 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-01-07 02:23:02 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-01-07 02:23:02 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-01-07 02:23:01 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-01-07 02:22:53 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-07 02:20:05 ----D---- C:\Program Files\Riot Games
2010-01-04 21:30:35 ----D---- C:\Users\Brandon\AppData\Roaming\TeamViewer
2009-12-30 21:49:33 ----A---- C:\Windows\system32\lssexp.dll
2009-12-23 14:52:34 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-23 14:52:33 ----A---- C:\Windows\system32\httpapi.dll
2009-12-23 14:51:04 ----A---- C:\Windows\system32\mshtml.dll
2009-12-23 14:51:04 ----A---- C:\Windows\system32\ieframe.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\wininet.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\urlmon.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\occache.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\iertutil.dll
2009-12-23 14:51:02 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-23 14:51:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-23 14:51:01 ----A---- C:\Windows\system32\ieui.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\iesetup.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\iernonce.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\iepeers.dll
2009-12-23 14:51:01 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-23 14:51:00 ----A---- C:\Windows\system32\winhttp.dll
2009-12-23 14:50:00 ----A---- C:\Windows\system32\rastls.dll
2009-12-23 14:41:48 ----D---- C:\Program Files\CCleaner
2009-12-11 22:48:05 ----D---- C:\Windows\system32\ErrorLogs
2009-12-11 21:35:57 ----D---- C:\Users\Brandon\AppData\Roaming\Uniblue
2009-12-04 22:59:33 ----A---- C:\Windows\system32\tzres.dll
2009-12-04 22:59:08 ----A---- C:\Windows\system32\msxml6.dll
2009-12-04 22:59:07 ----A---- C:\Windows\system32\msxml3.dll
2009-12-02 14:52:54 ----D---- C:\Users\Brandon\AppData\Roaming\Mozilla
2009-11-25 17:38:29 ----D---- C:\ProgramData\Avira
2009-11-25 17:38:29 ----D---- C:\Program Files\Avira
2009-11-21 15:43:25 ----D---- C:\Users\Brandon\AppData\Roaming\LAIM
2009-11-21 15:43:20 ----D---- C:\Program Files\AIM Lite
2009-11-16 19:50:43 ----D---- C:\Windows\Minidump
2009-11-15 10:01:50 ----D---- C:\ProgramData\TuneUp Software
2009-11-15 10:01:41 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-14 14:52:48 ----A---- C:\Windows\system32\wups2.dll
2009-11-14 14:52:48 ----A---- C:\Windows\system32\wucltux.dll
2009-11-14 14:52:48 ----A---- C:\Windows\system32\wuaueng.dll
2009-11-14 14:52:48 ----A---- C:\Windows\system32\wuauclt.exe
2009-11-14 14:52:33 ----A---- C:\Windows\system32\wups.dll
2009-11-14 14:52:33 ----A---- C:\Windows\system32\wudriver.dll
2009-11-14 14:52:33 ----A---- C:\Windows\system32\wuapi.dll
2009-11-14 14:52:26 ----A---- C:\Windows\system32\wuwebv.dll
2009-11-14 14:52:26 ----A---- C:\Windows\system32\wuapp.exe
2009-11-11 11:09:54 ----D---- C:\Program Files\Windows Portable Devices
2009-11-11 11:09:34 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-11 11:09:33 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-11 11:09:33 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-11 11:09:19 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-11 11:09:19 ----A---- C:\Windows\system32\cdd.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-11 11:09:18 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\FntCache.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-11 11:09:18 ----A---- C:\Windows\system32\DWrite.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-11 11:09:18 ----A---- C:\Windows\system32\d2d1.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\dxgi.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d11.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-11 11:09:17 ----A---- C:\Windows\system32\d3d10.dll
2009-11-11 11:09:04 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-11 11:09:04 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-11 11:09:04 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-11 11:09:03 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-11 11:09:02 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-11 11:08:30 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-11 11:08:30 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-11 11:08:30 ----A---- C:\Windows\system32\oleacc.dll
2009-11-11 10:58:04 ----D---- C:\Windows\system32\eu-ES
2009-11-11 10:58:04 ----D---- C:\Windows\system32\ca-ES
2009-11-11 10:58:03 ----D---- C:\Windows\system32\vi-VN
2009-11-11 10:11:41 ----D---- C:\Windows\system32\EventProviders
2009-11-11 10:11:19 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-11-11 10:11:16 ----A---- C:\Windows\system32\SLsvc.exe
2009-11-11 10:11:16 ----A---- C:\Windows\system32\SLCExt.dll
2009-11-11 10:11:14 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-11-11 10:11:14 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-11-11 10:11:13 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-11-11 10:11:11 ----A---- C:\Windows\system32\mssrch.dll
2009-11-11 10:11:09 ----A---- C:\Windows\system32\tquery.dll
2009-11-11 10:11:08 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-11-11 10:11:08 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-11-11 10:11:07 ----A---- C:\Windows\system32\scavenge.dll
2009-11-11 10:11:07 ----A---- C:\Windows\system32\RMActivate.exe
2009-11-11 10:11:06 ----A---- C:\Windows\system32\msi.dll
2009-11-11 10:11:06 ----A---- C:\Windows\system32\imapi2fs.dll
2009-11-11 10:11:05 ----A---- C:\Windows\system32\WscEapPr.dll
2009-11-11 10:11:05 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-11-11 10:11:05 ----A---- C:\Windows\system32\sysmain.dll
2009-11-11 10:11:05 ----A---- C:\Windows\system32\secproc_isv.dll
2009-11-11 10:11:03 ----A---- C:\Windows\system32\icardagt.exe
2009-11-11 10:11:03 ----A---- C:\Windows\system32\EhStorShell.dll
2009-11-11 10:11:03 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-11-11 10:11:02 ----A---- C:\Windows\system32\spreview.exe
2009-11-11 10:11:01 ----A---- C:\Windows\system32\spwizui.dll
2009-11-11 10:11:01 ----A---- C:\Windows\system32\spinstall.exe
2009-11-11 10:11:01 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-11-11 10:11:01 ----A---- C:\Windows\system32\drmv2clt.dll
2009-11-11 10:11:00 ----A---- C:\Windows\system32\shell32.dll
2009-11-11 10:11:00 ----A---- C:\Windows\system32\secproc.dll
2009-11-11 10:10:59 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-11-11 10:10:59 ----A---- C:\Windows\system32\p2psvc.dll
2009-11-11 10:10:59 ----A---- C:\Windows\system32\mssvp.dll
2009-11-11 10:10:58 ----A---- C:\Windows\system32\mssphtb.dll
2009-11-11 10:10:58 ----A---- C:\Windows\system32\mssph.dll
2009-11-11 10:10:58 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-11-11 10:10:58 ----A---- C:\Windows\system32\mscoree.dll
2009-11-11 10:10:58 ----A---- C:\Windows\system32\imapi2.dll
2009-11-11 10:10:57 ----A---- C:\Windows\system32\sdohlp.dll
2009-11-11 10:10:57 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-11-11 10:10:57 ----A---- C:\Windows\system32\esent.dll
2009-11-11 10:10:57 ----A---- C:\Windows\system32\DevicePairing.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\wevtsvc.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\sperror.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\SLC.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-11-11 10:10:56 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-11-11 10:10:56 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\korwbrkr.dll
2009-11-11 10:10:56 ----A---- C:\Windows\system32\IasMigReader.exe
2009-11-11 10:10:55 ----A---- C:\Windows\system32\msshsq.dll
2009-11-11 10:10:54 ----A---- C:\Windows\system32\msjet40.dll
2009-11-11 10:10:54 ----A---- C:\Windows\system32\MPSSVC.dll
2009-11-11 10:10:53 ----A---- C:\Windows\system32\Query.dll
2009-11-11 10:10:53 ----A---- C:\Windows\system32\qmgr.dll
2009-11-11 10:10:52 ----A---- C:\Windows\system32\P2PGraph.dll
2009-11-11 10:10:52 ----A---- C:\Windows\system32\ole32.dll
2009-11-11 10:10:52 ----A---- C:\Windows\system32\ntdll.dll
2009-11-11 10:10:52 ----A---- C:\Windows\system32\msexch40.dll
2009-11-11 10:10:52 ----A---- C:\Windows\system32\diagperf.dll
2009-11-11 10:10:51 ----A---- C:\Windows\system32\winload.exe
2009-11-11 10:10:51 ----A---- C:\Windows\system32\srchadmin.dll
2009-11-11 10:10:51 ----A---- C:\Windows\system32\mblctr.exe
2009-11-11 10:10:51 ----A---- C:\Windows\system32\EncDec.dll
2009-11-11 10:10:50 ----A---- C:\Windows\system32\uDWM.dll
2009-11-11 10:10:50 ----A---- C:\Windows\system32\riched20.dll
2009-11-11 10:10:50 ----A---- C:\Windows\system32\mmc.exe
2009-11-11 10:10:50 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-11-11 10:10:49 ----A---- C:\Windows\system32\RacEngn.dll
2009-11-11 10:10:49 ----A---- C:\Windows\system32\kernel32.dll
2009-11-11 10:10:49 ----A---- C:\Windows\system32\fdBth.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\spoolss.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-11-11 10:10:48 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-11-11 10:10:48 ----A---- C:\Windows\system32\schedsvc.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\milcore.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-11-11 10:10:48 ----A---- C:\Windows\system32\CertEnroll.dll
2009-11-11 10:10:47 ----A---- C:\Windows\system32\msvcp60.dll
2009-11-11 10:10:47 ----A---- C:\Windows\system32\msjtes40.dll
2009-11-11 10:10:47 ----A---- C:\Windows\system32\infocardapi.dll
2009-11-11 10:10:47 ----A---- C:\Windows\system32\gpedit.dll
2009-11-11 10:10:47 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-11-11 10:10:46 ----A---- C:\Windows\system32\WinSAT.exe
2009-11-11 10:10:46 ----A---- C:\Windows\system32\es.dll
2009-11-11 10:10:45 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-11-11 10:10:45 ----A---- C:\Windows\system32\mstext40.dll
2009-11-11 10:10:45 ----A---- C:\Windows\system32\Magnify.exe
2009-11-11 10:10:45 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-11-11 10:10:45 ----A---- C:\Windows\system32\advapi32.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\WebClnt.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\vssapi.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\slwmi.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\msxbde40.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\msexcl40.dll
2009-11-11 10:10:44 ----A---- C:\Windows\system32\comsvcs.dll
2009-11-11 10:10:43 ----A---- C:\Windows\system32\PresentationHost.exe
2009-11-11 10:10:43 ----A---- C:\Windows\system32\NetProjW.dll
2009-11-11 10:10:43 ----A---- C:\Windows\system32\msrepl40.dll
2009-11-11 10:10:43 ----A---- C:\Windows\system32\authui.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\propsys.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\newdev.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\iasrecst.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\gpsvc.dll
2009-11-11 10:10:42 ----A---- C:\Windows\system32\eudcedit.exe
2009-11-11 10:10:42 ----A---- C:\Windows\system32\crypt32.dll
2009-11-11 10:10:42 ----A---- C:\Windows\explorer.exe
2009-11-11 10:10:41 ----A---- C:\Windows\system32\setupapi.dll
2009-11-11 10:10:41 ----A---- C:\Windows\system32\rpcss.dll
2009-11-11 10:10:41 ----A---- C:\Windows\system32\mspbde40.dll
2009-11-11 10:10:41 ----A---- C:\Windows\system32\davclnt.dll
2009-11-11 10:10:41 ----A---- C:\Windows\system32\d3d9.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\shlwapi.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\msrd3x40.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\msltus40.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\msdtctm.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\mfc42.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-11-11 10:10:40 ----A---- C:\Windows\system32\browseui.dll
2009-11-11 10:10:39 ----A---- C:\Windows\system32\wevtapi.dll
2009-11-11 10:10:39 ----A---- C:\Windows\system32\user32.dll
2009-11-11 10:10:39 ----A---- C:\Windows\system32\photowiz.dll
2009-11-11 10:10:39 ----A---- C:\Windows\system32\nlhtml.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\win32spl.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\samsrv.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\quartz.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\oleaut32.dll
2009-11-11 10:10:38 ----A---- C:\Windows\system32\ci.dll
2009-11-11 10:10:37 ----A---- C:\Windows\system32\netshell.dll
2009-11-11 10:10:37 ----A---- C:\Windows\system32\mswstr10.dll
2009-11-11 10:10:37 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-11-11 10:10:37 ----A---- C:\Windows\system32\compcln.exe
2009-11-11 10:10:37 ----A---- C:\Windows\system32\apds.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\xmlfilter.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-11-11 10:10:36 ----A---- C:\Windows\system32\msvcrt.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\msctf.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\gdi32.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\emdmgmt.dll
2009-11-11 10:10:36 ----A---- C:\Windows\system32\audiosrv.dll
2009-11-11 10:10:35 ----A---- C:\Windows\system32\VSSVC.exe
2009-11-11 10:10:35 ----A---- C:\Windows\system32\mfc42u.dll
2009-11-11 10:10:35 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-11-11 10:10:34 ----A---- C:\Windows\system32\SLUI.exe
2009-11-11 10:10:34 ----A---- C:\Windows\system32\eapphost.dll
2009-11-11 10:10:33 ----A---- C:\Windows\system32\winresume.exe
2009-11-11 10:10:33 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-11-11 10:10:33 ----A---- C:\Windows\system32\shdocvw.dll
2009-11-11 10:10:33 ----A---- C:\Windows\system32\propdefs.dll
2009-11-11 10:10:33 ----A---- C:\Windows\system32\odbc32.dll
2009-11-11 10:10:33 ----A---- C:\Windows\system32\msrd2x40.dll
2009-11-11 10:10:32 ----A---- C:\Windows\system32\wevtutil.exe
2009-11-11 10:10:32 ----A---- C:\Windows\system32\mssitlb.dll
2009-11-11 10:10:32 ----A---- C:\Windows\system32\dbgeng.dll
2009-11-11 10:10:31 ----A---- C:\Windows\system32\WsmSvc.dll
2009-11-11 10:10:31 ----A---- C:\Windows\system32\swprv.dll
2009-11-11 10:10:31 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-11-11 10:10:30 ----A---- C:\Windows\system32\vds.exe
2009-11-11 10:10:30 ----A---- C:\Windows\system32\usp10.dll
2009-11-11 10:10:30 ----A---- C:\Windows\system32\netlogon.dll
2009-11-11 10:10:30 ----A---- C:\Windows\system32\msctfp.dll
2009-11-11 10:10:30 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-11-11 10:10:30 ----A---- C:\Windows\system32\drvinst.exe
2009-11-11 10:10:30 ----A---- C:\Windows\system32\devmgr.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\Wldap32.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\wcnwiz.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\msscb.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\evr.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-11-11 10:10:29 ----A---- C:\Windows\system32\BFE.DLL
2009-11-11 10:10:29 ----A---- C:\Windows\system32\adsldpc.dll
2009-11-11 10:10:28 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-11-11 10:10:28 ----A---- C:\Windows\system32\wercon.exe
2009-11-11 10:10:28 ----A---- C:\Windows\system32\wcncsvc.dll
2009-11-11 10:10:28 ----A---- C:\Windows\system32\services.exe
2009-11-11 10:10:28 ----A---- C:\Windows\system32\mimefilt.dll
2009-11-11 10:10:28 ----A---- C:\Windows\system32\comdlg32.dll
2009-11-11 10:10:28 ----A---- C:\Windows\system32\adtschema.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\w32time.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\taskeng.exe
2009-11-11 10:10:27 ----A---- C:\Windows\system32\rtffilt.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\reg.exe
2009-11-11 10:10:27 ----A---- C:\Windows\system32\mswdat10.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\msshooks.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\msscntrs.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\msjter40.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\msdtcprx.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\msdrm.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-11-11 10:10:27 ----A---- C:\Windows\system32\dnsapi.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\certutil.exe
2009-11-11 10:10:27 ----A---- C:\Windows\system32\certcli.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\bthserv.dll
2009-11-11 10:10:27 ----A---- C:\Windows\system32\bcrypt.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-11-11 10:10:26 ----A---- C:\Windows\system32\rsaenh.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\netapi32.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\mtxclu.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\msstrc.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\msihnd.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\mscories.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\inetpp.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\inetcomm.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\hidserv.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\fundisc.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\dfshim.dll
2009-11-11 10:10:26 ----A---- C:\Windows\system32\cryptsvc.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\wdc.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\termsrv.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\shsvcs.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\rasmans.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\profsvc.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\msiexec.exe
2009-11-11 10:10:25 ----A---- C:\Windows\system32\imapi.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\iassdo.dll
2009-11-11 10:10:25 ----A---- C:\Windows\system32\chsbrkr.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\wersvc.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\spoolsv.exe
2009-11-11 10:10:24 ----A---- C:\Windows\system32\slmgr.vbs
2009-11-11 10:10:24 ----A---- C:\Windows\system32\scrrun.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\PSHED.DLL
2009-11-11 10:10:24 ----A---- C:\Windows\system32\pnidui.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\pdh.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\icardres.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\azroles.dll
2009-11-11 10:10:24 ----A---- C:\Windows\system32\autofmt.exe
2009-11-11 10:10:23 ----A---- C:\Windows\system32\wmpmde.dll
2009-11-11 10:10:23 ----A---- C:\Windows\system32\winlogon.exe
2009-11-11 10:10:23 ----A---- C:\Windows\system32\SyncCenter.dll
2009-11-11 10:10:23 ----A---- C:\Windows\system32\pidgenx.dll
2009-11-11 10:10:22 ----A---- C:\Windows\system32\SLUINotify.dll
2009-11-11 10:10:22 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-11-11 10:10:22 ----A---- C:\Windows\system32\comuid.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\wisptis.exe
2009-11-11 10:10:21 ----A---- C:\Windows\system32\untfs.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\taskcomp.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\spp.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\sethc.exe
2009-11-11 10:10:21 ----A---- C:\Windows\system32\scrobj.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\rtutils.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\ncrypt.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\kd1394.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\iassam.dll
2009-11-11 10:10:21 ----A---- C:\Windows\system32\dwm.exe
2009-11-11 10:10:21 ----A---- C:\Windows\system32\certmgr.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\winsrv.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\printui.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\onex.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\kdcom.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\iasnap.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\cscript.exe
2009-11-11 10:10:20 ----A---- C:\Windows\system32\basecsp.dll
2009-11-11 10:10:20 ----A---- C:\Windows\system32\autoconv.exe
2009-11-11 10:10:20 ----A---- C:\Windows\system32\autochk.exe
2009-11-11 10:10:19 ----A---- C:\Windows\system32\wow32.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\WinSCard.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\winmm.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-11-11 10:10:19 ----A---- C:\Windows\system32\userenv.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\spcmsg.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\RelMon.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\rdpencom.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\osk.exe
2009-11-11 10:10:19 ----A---- C:\Windows\system32\offfilt.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\mswsock.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\msftedit.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\kdusb.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-11-11 10:10:19 ----A---- C:\Windows\system32\audiodg.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\wsepno.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\wscript.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\wiaservc.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\WerFault.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\Utilman.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\ulib.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\sysclass.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\stobject.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\SndVol.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\prnntfy.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\odbccp32.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\msnetobj.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\mscms.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\mfplat.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\mcmde.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\iasdatastore.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\dsound.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\diskraid.exe
2009-11-11 10:10:17 ----A---- C:\Windows\system32\apphelp.dll
2009-11-11 10:10:17 ----A---- C:\Windows\system32\adsmsext.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\wscsvc.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\wscntfy.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-11-11 10:10:16 ----A---- C:\Windows\system32\wlangpui.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\vdsdyn.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\regsvc.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\rastapi.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\rasapi32.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\pnpsetup.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\ntprint.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\logman.exe
2009-11-11 10:10:16 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-11-11 10:10:16 ----A---- C:\Windows\system32\iashlpr.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\gpapi.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\fdProxy.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\diskpart.exe
2009-11-11 10:10:16 ----A---- C:\Windows\system32\cryptui.dll
2009-11-11 10:10:16 ----A---- C:\Windows\system32\brcpl.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\zipfldr.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\wusa.exe
2009-11-11 10:10:15 ----A---- C:\Windows\system32\wsnmp32.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\wshext.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\wpccpl.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\wer.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\themecpl.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\rasdlg.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\netcenter.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\mscorier.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\iassvcs.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\iasrad.dll
2009-11-11 10:10:15 ----A---- C:\Windows\system32\findstr.exe
2009-11-11 10:10:14 ----A---- C:\Windows\system32\uxsms.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\tsbyuv.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\srvsvc.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\slcc.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\scansetting.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\powrprof.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\ntmarta.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\msutb.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\mstsc.exe
2009-11-11 10:10:14 ----A---- C:\Windows\system32\mstlsapi.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\mssprxy.dll
2009-11-11 10:10:14 ----A---- C:\Windows\system32\iasads.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\sud.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\powercpl.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\newdev.exe
2009-11-11 10:10:13 ----A---- C:\Windows\system32\networkmap.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\iasacct.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\dot3svc.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\connect.dll
2009-11-11 10:10:13 ----A---- C:\Windows\system32\authz.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\wlanpref.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\usercpl.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\themeui.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\systemcpl.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\samlib.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\rpchttp.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\qdvd.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\pcaui.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\mmci.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\autoplay.dll
2009-11-11 10:10:12 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\wscisvif.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\wpcao.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\vdsutil.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\tapisrv.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\sdclt.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\scksp.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\scesrv.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\scecli.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\rekeywiz.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\regapi.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\rasgcw.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\qedit.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\psisdecd.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\pnpui.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\perfdisk.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\oleprn.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\ncryptui.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\msinfo32.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\mpr.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\imm32.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\iaspolcy.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\hdwwiz.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\feclient.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\Faultrep.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\dpapimig.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\dot3msm.dll
2009-11-11 10:10:11 ----A---- C:\Windows\system32\DeviceEject.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\certreq.exe
2009-11-11 10:10:11 ----A---- C:\Windows\system32\AudioSes.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\whealogr.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\TSTheme.exe
2009-11-11 10:10:10 ----A---- C:\Windows\system32\tcpmon.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\spwinsat.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\rasplap.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-11-11 10:10:10 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-11-11 10:10:10 ----A---- C:\Windows\system32\fdWSD.dll
2009-11-11 10:10:10 ----A---- C:\Windows\system32\cmmon32.exe
2009-11-11 10:10:09 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-11-11 10:10:09 ----A---- C:\Windows\system32\wlanui.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\wiaaut.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\srcore.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\SnippingTool.exe
2009-11-11 10:10:09 ----A---- C:\Windows\system32\shwebsvc.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\shsetup.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\SCardSvr.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\rasppp.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\rasmontr.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\raschap.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\PnPutil.exe
2009-11-11 10:10:09 ----A---- C:\Windows\system32\oobefldr.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\mscandui.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\modemui.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\fontext.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\dsprop.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\dimsroam.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\conime.exe
2009-11-11 10:10:09 ----A---- C:\Windows\system32\cmdial32.dll
2009-11-11 10:10:09 ----A---- C:\Windows\system32\chtbrkr.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\WSDMon.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\wscapi.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\wpcsvc.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\wmpeffects.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\smss.exe
2009-11-11 10:10:08 ----A---- C:\Windows\system32\rdpwsx.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\networkexplorer.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\netplwiz.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\msscp.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\msimtf.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\logagent.exe
2009-11-11 10:10:08 ----A---- C:\Windows\system32\InkEd.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\ifmon.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\gpresult.exe
2009-11-11 10:10:08 ----A---- C:\Windows\system32\dataclen.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\credui.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\cipher.exe
2009-11-11 10:10:08 ----A---- C:\Windows\system32\certprop.dll
2009-11-11 10:10:08 ----A---- C:\Windows\system32\blackbox.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\wshbth.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\version.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\thawbrkr.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\softkbd.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\SLLUA.exe
2009-11-11 10:10:07 ----A---- C:\Windows\system32\sendmail.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\puiapi.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\olepro32.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\msjint40.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\msisip.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\msctfui.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\mprapi.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\l2nacp.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\input.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\fdSSDP.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\fc.exe
2009-11-11 10:10:07 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\eapp3hst.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\dmusic.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\dmsynth.dll
2009-11-11 10:10:07 ----A---- C:\Windows\system32\cscapi.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\wsdchngr.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\winrnr.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\vdmdbg.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\tscupgrd.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\Storprop.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\slwga.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\slcinst.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\rasdial.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\rasdiag.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\odbcconf.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\ocsetup.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\nslookup.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\NcdProp.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\mmcico.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\midimap.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\iscsilog.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\ipconfig.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\inetppui.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\hbaapi.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\gpupdate.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\ftp.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\fdWCN.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\fdeploy.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\eappgnui.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\eappcfg.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\dot3cfg.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\csrstub.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\cscdll.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\cbsra.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\bthudtask.exe
2009-11-11 10:10:06 ----A---- C:\Windows\system32\bthci.dll
2009-11-11 10:10:06 ----A---- C:\Windows\system32\bitsigd.dll
2009-11-11 10:10:05 ----A---- C:\Windows\system32\msimsg.dll
2009-11-11 10:10:05 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-11-11 10:09:58 ----A---- C:\Windows\system32\SmiEngine.dll
2009-11-11 10:09:57 ----A---- C:\Windows\system32\wdscore.dll
2009-11-11 10:09:57 ----A---- C:\Windows\system32\PkgMgr.exe
2009-11-11 10:09:56 ----A---- C:\Windows\system32\drvstore.dll
2009-11-11 09:46:30 ----A---- C:\Windows\system32\wmp.dll
2009-11-11 09:46:26 ----A---- C:\Windows\system32\unregmp2.exe
2009-11-11 09:46:25 ----A---- C:\Windows\system32\wmploc.DLL
2009-11-11 09:46:11 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 21:22:43 ----A---- C:\Windows\system32\GEARAspi.dll
2009-11-06 21:22:16 ----D---- C:\Program Files\iPod
2009-11-06 21:22:12 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-06 21:21:01 ----D---- C:\Program Files\QuickTime
2009-10-23 02:24:20 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-23 02:24:19 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-23 02:24:18 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-23 02:23:42 ----A---- C:\Windows\system32\msasn1.dll
2009-10-23 02:23:31 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 3 months======

2010-01-21 22:23:58 ----D---- C:\Windows\Prefetch
2010-01-21 22:23:35 ----RD---- C:\Program Files
2010-01-21 22:16:00 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 21:32:16 ----SHD---- C:\Windows\Installer
2010-01-21 20:23:11 ----D---- C:\Windows\System32
2010-01-21 20:23:11 ----D---- C:\Windows\inf
2010-01-21 20:23:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-21 20:18:13 ----D---- C:\Windows\Temp
2010-01-21 20:16:15 ----D---- C:\Program Files\Warcraft III
2010-01-21 13:00:31 ----HD---- C:\ProgramData
2010-01-21 12:21:27 ----D---- C:\Users\Brandon\AppData\Roaming\uTorrent
2010-01-20 18:51:10 ----D---- C:\WINDOWS
2010-01-19 13:51:59 ----A---- C:\Windows\win.ini
2010-01-18 13:27:37 ----D---- C:\Windows\Debug
2010-01-18 11:34:43 ----D---- C:\Users\Brandon\AppData\Roaming\Apple Computer
2010-01-18 00:21:07 ----D---- C:\Windows\winsxs
2010-01-18 00:15:40 ----D---- C:\Windows\system32\catroot
2010-01-18 00:15:36 ----D---- C:\Program Files\Windows Mail
2010-01-18 00:14:22 ----D---- C:\Windows\system32\catroot2
2010-01-15 12:59:07 ----D---- C:\Program Files\WC3Banlist
2010-01-11 20:21:04 ----D---- C:\Program Files\World of Warcraft
2010-01-07 06:28:18 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-01-07 02:22:56 ----D---- C:\Users\Brandon\AppData\Roaming\Adobe
2010-01-07 02:22:56 ----D---- C:\ProgramData\Adobe
2010-01-07 02:22:53 ----D---- C:\Program Files\Common Files
2010-01-07 02:20:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-06 04:18:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-04 21:28:54 ----D---- C:\Windows\system32\drivers
2010-01-04 19:17:46 ----A---- C:\Windows\system32\mrt.exe
2009-12-28 14:43:29 ----D---- C:\Program Files\Hewlett-Packard
2009-12-24 17:21:18 ----SHD---- C:\System Volume Information
2009-12-24 17:21:17 ----D---- C:\Windows\Logs
2009-12-23 20:32:44 ----D---- C:\ProgramData\NVIDIA
2009-12-23 15:20:29 ----D---- C:\Windows\rescache
2009-12-23 14:59:14 ----D---- C:\Windows\system32\migration
2009-12-23 14:59:14 ----D---- C:\Program Files\Internet Explorer
2009-12-23 14:53:16 ----D---- C:\Windows\system32\en-US
2009-12-23 14:43:08 ----D---- C:\Windows\system32\LogFiles
2009-12-09 05:46:12 ----D---- C:\Windows\LiveKernelReports
2009-12-02 15:41:02 ----D---- C:\Windows\Tasks
2009-12-01 19:36:45 ----D---- C:\Windows\system32\Tasks
2009-11-25 17:09:52 ----SD---- C:\Users\Brandon\AppData\Roaming\Microsoft
2009-11-21 15:46:46 ----D---- C:\Program Files\Common Files\AOL
2009-11-21 15:46:27 ----SD---- C:\Windows\Downloaded Program Files
2009-11-18 23:16:56 ----A---- C:\Windows\system32\nvuninst.exe
2009-11-15 19:28:35 ----D---- C:\Windows\HPCPCUninstall-6811507
2009-11-15 10:02:25 ----D---- C:\Program Files\Windows Sidebar
2009-11-11 11:30:33 ----D---- C:\Windows\system32\wbem
2009-11-11 11:10:00 ----D---- C:\Windows\Microsoft.NET
2009-11-11 11:09:59 ----RSD---- C:\Windows\assembly
2009-11-11 11:09:53 ----D---- C:\Windows\system32\zh-TW
2009-11-11 11:09:53 ----D---- C:\Windows\system32\zh-HK
2009-11-11 11:09:53 ----D---- C:\Windows\system32\zh-CN
2009-11-11 11:09:53 ----D---- C:\Windows\system32\uk-UA
2009-11-11 11:09:53 ----D---- C:\Windows\system32\tr-TR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\th-TH
2009-11-11 11:09:53 ----D---- C:\Windows\system32\sv-SE
2009-11-11 11:09:53 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-11 11:09:53 ----D---- C:\Windows\system32\sl-SI
2009-11-11 11:09:53 ----D---- C:\Windows\system32\sk-SK
2009-11-11 11:09:53 ----D---- C:\Windows\system32\ru-RU
2009-11-11 11:09:53 ----D---- C:\Windows\system32\ro-RO
2009-11-11 11:09:53 ----D---- C:\Windows\system32\pt-PT
2009-11-11 11:09:53 ----D---- C:\Windows\system32\pt-BR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\pl-PL
2009-11-11 11:09:53 ----D---- C:\Windows\system32\nl-NL
2009-11-11 11:09:53 ----D---- C:\Windows\system32\nb-NO
2009-11-11 11:09:53 ----D---- C:\Windows\system32\lv-LV
2009-11-11 11:09:53 ----D---- C:\Windows\system32\lt-LT
2009-11-11 11:09:53 ----D---- C:\Windows\system32\ko-KR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\ja-JP
2009-11-11 11:09:53 ----D---- C:\Windows\system32\it-IT
2009-11-11 11:09:53 ----D---- C:\Windows\system32\hu-HU
2009-11-11 11:09:53 ----D---- C:\Windows\system32\hr-HR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\he-IL
2009-11-11 11:09:53 ----D---- C:\Windows\system32\fr-FR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\fi-FI
2009-11-11 11:09:53 ----D---- C:\Windows\system32\et-EE
2009-11-11 11:09:53 ----D---- C:\Windows\system32\es-ES
2009-11-11 11:09:53 ----D---- C:\Windows\system32\el-GR
2009-11-11 11:09:53 ----D---- C:\Windows\system32\de-DE
2009-11-11 11:09:53 ----D---- C:\Windows\system32\da-DK
2009-11-11 11:09:53 ----D---- C:\Windows\system32\cs-CZ
2009-11-11 11:09:53 ----D---- C:\Windows\system32\bg-BG
2009-11-11 11:09:53 ----D---- C:\Windows\system32\ar-SA
2009-11-11 11:04:29 ----SHD---- C:\boot
2009-11-11 10:58:22 ----D---- C:\Program Files\Windows Calendar
2009-11-11 10:58:21 ----D---- C:\Program Files\Windows Photo Gallery
2009-11-11 10:58:21 ----D---- C:\Program Files\Windows Media Player
2009-11-11 10:58:21 ----D---- C:\Program Files\Windows Journal
2009-11-11 10:58:21 ----D---- C:\Program Files\Windows Collaboration
2009-11-11 10:58:21 ----D---- C:\Program Files\Movie Maker
2009-11-11 10:58:21 ----D---- C:\Program Files\Common Files\System
2009-11-11 10:58:20 ----D---- C:\Windows\servicing
2009-11-11 10:58:20 ----D---- C:\Windows\ehome
2009-11-11 10:58:20 ----D---- C:\Program Files\Windows Defender
2009-11-11 10:58:19 ----D---- C:\Windows\system32\XPSViewer
2009-11-11 10:58:19 ----D---- C:\Windows\IME
2009-11-11 10:58:18 ----D---- C:\Windows\system32\oobe
2009-11-11 10:58:16 ----D---- C:\Windows\system32\SLUI
2009-11-11 10:58:16 ----D---- C:\Windows\system32\setup
2009-11-11 10:58:16 ----D---- C:\Windows\system32\AdvancedInstallers
2009-11-11 10:58:15 ----D---- C:\Windows\system32\manifeststore
2009-11-11 10:58:15 ----D---- C:\Windows\system32\en
2009-11-11 10:58:14 ----D---- C:\Windows\system32\migwiz
2009-11-11 10:58:07 ----RSD---- C:\Windows\Fonts
2009-11-11 10:58:07 ----D---- C:\Windows\AppPatch
2009-11-11 10:58:03 ----D---- C:\Windows\system32\Boot
2009-11-08 11:45:19 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-06 21:22:43 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-06 21:22:43 ----D---- C:\Program Files\iTunes
2009-11-06 21:22:15 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-16 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-15 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-15 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-12-05 217728]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-06-28 8192]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-19 145920]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2007-11-06 34064]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-19 521216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S4 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-11-28 63080]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-01-21 22:24:13

======Uninstall list======

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
AIM Lite 0.33-->C:\Program Files\AIM Lite\laim-uninst.exe
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 0049-->MsiExec.exe /I{3E3A110A-7FAE-4DC0-8E39-BAFFE89724B6}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Intel(R) Network Connections Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Brandon-PC
Event Code: 7031
Message: The Software Licensing service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
Record Number: 110919
Source Name: Service Control Manager
Time Written: 20091111170334.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 7031
Message: The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Record Number: 110909
Source Name: Service Control Manager
Time Written: 20091111164330.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 7034
Message: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 110908
Source Name: Service Control Manager
Time Written: 20091111164321.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 7023
Message: The Diagnostic Service Host service terminated with the following error:
The requested control is not valid for this service.
Record Number: 110896
Source Name: Service Control Manager
Time Written: 20091111164320.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 110890
Source Name: Service Control Manager
Time Written: 20091111164320.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Brandon-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Web.Extensions.Design, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Record Number: 101
Source Name: .NET Runtime Optimization Service
Time Written: 20090417181943.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80131522

Record Number: 100
Source Name: .NET Runtime Optimization Service
Time Written: 20090417181910.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Data.Services, Version=3.5.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131522

Record Number: 99
Source Name: .NET Runtime Optimization Service
Time Written: 20090417181834.000000-000
Event Type: Error
User:

Computer Name: Brandon-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1710116063-2711787288-2888440707-1000:
Process 552 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1710116063-2711787288-2888440707-1000

Record Number: 26
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090417180144.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brandon-PC
Event Code: 11720
Message: Product: ActiveCheck component for HP Active Support Library -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action DiscoverSysID script error -2146828212, Microsoft JScript runtime error: Path not found Line 557, Column 3,
Record Number: 10
Source Name: MsiInstaller
Time Written: 20090417180133.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: Brandon-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-1710116063-2711787288-2888440707-1000
Account Name: Brandon
Account Domain: Brandon-PC
Logon ID: 0xebf0a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417180144.179322-000
Event Type: Audit Success
User:

Computer Name: Brandon-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417180122.843122-000
Event Type: Audit Success
User:

Computer Name: Brandon-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: LH-EH21Y8KN8PXZ$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x244
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417180122.843122-000
Event Type: Audit Success
User:

Computer Name: Brandon-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: LH-EH21Y8KN8PXZ$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x244
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090417180122.843122-000
Event Type: Audit Success
User:

Computer Name: Brandon-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1710116063-2711787288-2888440707-1000
Account Name: Brandon
Domain Name: Brandon-PC
Logon ID: 0xebc0a
Record Number: 1
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090417175829.591722-000
Event Type: Audit Success
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Pavilion
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f02
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
blackion
Active Member
 
Posts: 4
Joined: January 12th, 2010, 5:10 am

Re: Possible keylogger or spyware.

Unread postby peku006 » January 22nd, 2010, 4:51 am

Hi blackion
I believe I may have spyware or a keylogger on my pc.

why do you think so ,do you have some problems ?

1 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform full scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  6. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
  3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Possible keylogger or spyware.

Unread postby blackion » January 24th, 2010, 3:45 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3628
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

1/24/2010 2:39:53 PM
mbam-log-2010-01-24 (14-39-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 229288
Time elapsed: 55 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
blackion
Active Member
 
Posts: 4
Joined: January 12th, 2010, 5:10 am

Re: Possible keylogger or spyware.

Unread postby peku006 » January 25th, 2010, 3:43 am

Hi blackion

1 - Clean temp files

  • Please download TFC to your desktop
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go here then click on: Image
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Possible keylogger or spyware.

Unread postby NonSuch » January 28th, 2010, 9:15 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 266 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware