Free Malware Removal Forum

by **rexel** » June 22nd, 2010, 11:58 pm

Hey guys, im posting this because its really been annoying with this "virus" or something that is in my PC. Whenever i search something on google and i click a link, i keep getting redirected to these advertisement sites. Anyways, here's my Hijack log..

____________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:51 PM, on 6/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rexel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5IF48FXJ\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [wlanapi.dll] rundll32.exe "C:\Users\Rexel\AppData\Local\Temp\wlanapi.dll",watch
O4 - HKCU\..\Run: [mapisrv.dll] rundll32.exe "C:\Users\Rexel\AppData\Local\Temp\mapisrv.dll",protect
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: mapisrv.dll wlanapi.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8359 bytes

by **MWR 3 day Mod** » June 26th, 2010, 1:07 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

by **Cypher** » June 26th, 2010, 6:07 am

Hi and welcome to Malware Removal Forums, Sorry for the delay in answering your request for help.
We have had more logs than we could handle in a timely manner.
My name is Cypher, and I will be helping you with your malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read Back up your files

please note the following important guidelines.

The instructions being given are for YOUR computer and system only!.
Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
If you don't know or understand something, please don't hesitate to ask.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
Absence of symptoms does not mean that everything is clear.
Please DO NOT run any other tools or scans whilst I am helping you.
Please DO NOT install any other software (or hardware) during the cleaning process.
Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
The logs from the tools we use can take some time to research so please be patient.
If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please post an Uninstall list.

Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.

by **rexel** » June 26th, 2010, 11:17 pm

hi cypher. here is my uninstall list

3 Days Zoo Mystery
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Maps 3D
Bonjour
Burger Shop 2
Cooking Academy 2 World Cuisine
Cruise Clues - Caribbean Adventure
Deadtime Stories
Dell Photo AIO Printer 926
Dr Wise - Medical Mysteries
Epic Adventures - La Jangada
Farm Frenzy 3 Russian Roulette
Go-Go Gourmet
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Haunted Hotel 2 Believe the Lies
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 20
Journalist Journey
Logitech Vid
Logitech Webcam Software
Love And Death Bitten
Macromedia Shockwave Player
Mall-A-Palooza
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Digital Image Standard 2006 Update
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Location Finder
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Streets & Trips 2006
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mind’s Eye The Secrets Of Forgotten
Mortimer Beckett and the Lost King
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Dire Grove
Nora Roberts - Vision In White
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PVSonyDll
QuickTime

by **Cypher** » June 27th, 2010, 6:08 am

Hi rexel.
Ok please continue with the instructions below.
There are a few things to do just take you're time you will be fine

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC).
When prompted by this with anything I ask you to do carry out please select the option Allow.

Disable Windows Defender

Go to Start > All Programs > Windows Defender.
Click on Tools at the top.
Under Settings, click on Options.
Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
Click on the Save button at the bottom right hand corner.
Note: Please do not Re-enable this until i tell you to do so.

Next.

No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.

Avira Personal FREE Antivirus - Free anti-virus software for Windows. Free support.
avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials - Free and provides real-time protection for your home PC.

Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.

Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
Please read the disclaimer... click on Continue.
RSIT will start running. When done... 2 logs files...will be produced.
The first one, "log.txt", << will be maximized
The second one, "info.txt", << will be minimized.

Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Next.

Please download GMER Rootkit Scanner from Here.

Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All << (don't miss this one)
See image below, Click the image to enlarge it
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in your next reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.

Logs/Information to Post in your Next Reply

malwarebytes log.
RSIT log.txt and info.txt contents.
Gmer.txt log.
Please give me an update on your computers performance.

by **rexel** » June 27th, 2010, 1:31 pm

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4247

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

6/27/2010 12:16:37 PM
mbam-log-2010-06-27 (12-16-37).txt

Scan type: Quick scan
Objects scanned: 162710
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\Rexel\AppData\Local\Temp\wlanapi.dll (P2P.Downloader) -> Delete on reboot.
C:\Users\Rexel\AppData\Local\Temp\mapisrv.dll (P2P.Downloader) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wlanapi.dll (P2P.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mapisrv.dll (P2P.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\sysmon\lgplg63318 (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Rexel\AppData\Local\Temp\wlanapi.dll (P2P.Downloader) -> Delete on reboot.
C:\Users\Rexel\AppData\Local\Temp\mapisrv.dll (P2P.Downloader) -> Delete on reboot.
C:\$Recycle.Bin\S-1-5-21-2610841155-1792437247-1835864711-1004\$RK1AQ74.exe (P2P.Downloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2610841155-1792437247-1835864711-1004\$RZP0473\crack-setup.exe (P2P.Downloader) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2610841155-1792437247-1835864711-1004\$ROQD4PL\Setup.exe (P2P.Downloader) -> Quarantined and deleted successfully.

by **rexel** » June 27th, 2010, 1:32 pm

Logfile of random's system information tool 1.07 (written by random/random)
Run by Rexel at 2010-06-27 12:29:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 90 GB (39%) free of 228 GB
Total RAM: 2045 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:37 PM, on 6/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Rexel\Downloads\avira_antivir_personal_en.exe
C:\Users\Rexel\AppData\Local\Temp\RarSFX0\presetup.exe
C:\Users\Rexel\AppData\Local\Temp\RarSFX0\setup.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Rexel\Downloads\RSIT.exe
C:\Program Files\trend micro\Rexel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

by **rexel** » June 27th, 2010, 1:33 pm

info.txt logfile of random's system information tool 1.06 2010-06-27 12:30:40

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
3 Days Zoo Mystery-->"C:\Program Files\MSN Games\3 Days Zoo Mystery\Uninstall.exe" "C:\Program Files\MSN Games\3 Days Zoo Mystery\install.log"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bing Maps 3D-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Burger Shop 2-->"C:\Program Files\MSN Games\Burger Shop 2\Uninstall.exe" "C:\Program Files\MSN Games\Burger Shop 2\install.log"
Cooking Academy 2 World Cuisine-->"C:\Program Files\MSN Games\Cooking Academy 2 World Cuisine\Uninstall.exe" "C:\Program Files\MSN Games\Cooking Academy 2 World Cuisine\install.log"
Cruise Clues - Caribbean Adventure-->"C:\Program Files\MSN Games\Cruise Clues - Caribbean Adventure\Uninstall.exe" "C:\Program Files\MSN Games\Cruise Clues - Caribbean Adventure\install.log"
Deadtime Stories-->"C:\Program Files\MSN Games\Deadtime Stories\Uninstall.exe" "C:\Program Files\MSN Games\Deadtime Stories\install.log"
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Dr Wise - Medical Mysteries-->"C:\Program Files\MSN Games\Dr Wise - Medical Mysteries\Uninstall.exe" "C:\Program Files\MSN Games\Dr Wise - Medical Mysteries\install.log"
Epic Adventures - La Jangada-->"C:\Program Files\MSN Games\Epic Adventures - La Jangada\Uninstall.exe" "C:\Program Files\MSN Games\Epic Adventures - La Jangada\install.log"
Farm Frenzy 3 Russian Roulette-->"C:\Program Files\MSN Games\Farm Frenzy 3 Russian Roulette\Uninstall.exe" "C:\Program Files\MSN Games\Farm Frenzy 3 Russian Roulette\install.log"
Go-Go Gourmet-->"C:\Program Files\MSN Games\Go-Go Gourmet\Uninstall.exe" "C:\Program Files\MSN Games\Go-Go Gourmet\install.log"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_6447DDAF760F41DD.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Haunted Hotel 2 Believe the Lies-->"C:\Program Files\MSN Games\Haunted Hotel 2 Believe the Lies\Uninstall.exe" "C:\Program Files\MSN Games\Haunted Hotel 2 Believe the Lies\install.log"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Journalist Journey-->"C:\Program Files\MSN Games\Journalist Journey\Uninstall.exe" "C:\Program Files\MSN Games\Journalist Journey\install.log"
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
Love And Death Bitten-->"C:\Program Files\MSN Games\Love And Death Bitten\Uninstall.exe" "C:\Program Files\MSN Games\Love And Death Bitten\install.log"
Macromedia Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Mall-A-Palooza-->"C:\Program Files\MSN Games\Mall-A-Palooza\Uninstall.exe" "C:\Program Files\MSN Games\Mall-A-Palooza\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Digital Image Standard 2006 Update-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=12
Microsoft Encarta Encyclopedia Standard 2006-->MsiExec.exe /I{06040048-3E21-46D6-9A91-D927BA08F41D}
Microsoft Location Finder-->MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Money 2006-->"c:\program files\microsoft money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Streets & Trips 2006-->MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works Suite 2006 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mind’s Eye The Secrets Of Forgotten-->"C:\Program Files\MSN Games\Mind’s Eye The Secrets Of Forgotten\Uninstall.exe" "C:\Program Files\MSN Games\Mind’s Eye The Secrets Of Forgotten\install.log"
Mortimer Beckett and the Lost King-->"C:\Program Files\MSN Games\Mortimer Beckett and the Lost King\Uninstall.exe" "C:\Program Files\MSN Games\Mortimer Beckett and the Lost King\install.log"
MSN Toolbar Platform-->MsiExec.exe /I{2B4508B3-7403-44FF-8FBC-5CCD032E3635}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Dire Grove-->"C:\Program Files\MSN Games\Mystery Case Files Dire Grove\Uninstall.exe" "C:\Program Files\MSN Games\Mystery Case Files Dire Grove\install.log"
Nora Roberts - Vision In White-->"C:\Program Files\MSN Games\Nora Roberts - Vision In White\Uninstall.exe" "C:\Program Files\MSN Games\Nora Roberts - Vision In White\install.log"
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Restaurant Rush-->"C:\Program Files\MSN Games\Restaurant Rush\Uninstall.exe" "C:\Program Files\MSN Games\Restaurant Rush\install.log"
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
The Palace Builder-->"C:\Program Files\MSN Games\The Palace Builder\Uninstall.exe" "C:\Program Files\MSN Games\The Palace Builder\install.log"
Treasure Seekers 2-->"C:\Program Files\MSN Games\Treasure Seekers 2\Uninstall.exe" "C:\Program Files\MSN Games\Treasure Seekers 2\install.log"
Treasure Seekers Visions Of Gold-->"C:\Program Files\MSN Games\Treasure Seekers Visions Of Gold\Uninstall.exe" "C:\Program Files\MSN Games\Treasure Seekers Visions Of Gold\install.log"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual City-->"C:\Program Files\MSN Games\Virtual City\Uninstall.exe" "C:\Program Files\MSN Games\Virtual City\install.log"
Virtual Villagers 4 The Tree of Life-->"C:\Program Files\MSN Games\Virtual Villagers 4 The Tree of Life\Uninstall.exe" "C:\Program Files\MSN Games\Virtual Villagers 4 The Tree of Life\install.log"
Wheres Waldo - The Fantastic Journey (remove only)-->"C:\Program Files\Yahoo! Games\Wheres Waldo - The Fantastic Journey\Uninstall.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: laureanofami-PC
Event Code: 6008
Message: The previous system shutdown at 8:14:39 PM on 5/19/2010 was unexpected.
Record Number: 70362
Source Name: EventLog
Time Written: 20100520020503.000000-000
Event Type: Error
User:

Computer Name: laureanofami-PC
Event Code: 6008
Message: The previous system shutdown at 7:35:28 PM on 5/19/2010 was unexpected.
Record Number: 70352
Source Name: EventLog
Time Written: 20100520003644.000000-000
Event Type: Error
User:

Computer Name: laureanofami-PC
Event Code: 6008
Message: The previous system shutdown at 5:41:43 PM on 5/18/2010 was unexpected.
Record Number: 69731
Source Name: EventLog
Time Written: 20100518234606.000000-000
Event Type: Error
User:

Computer Name: laureanofami-PC
Event Code: 6008
Message: The previous system shutdown at 12:10:13 PM on 5/16/2010 was unexpected.
Record Number: 68859
Source Name: EventLog
Time Written: 20100516184528.000000-000
Event Type: Error
User:

Computer Name: laureanofami-PC
Event Code: 6008
Message: The previous system shutdown at 8:25:36 AM on 5/15/2010 was unexpected.
Record Number: 68189
Source Name: EventLog
Time Written: 20100515133138.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: laureanofami-PC
Event Code: 33
Message: Activation context generation failed for "C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 151
Source Name: SideBySide
Time Written: 20100326014055.000000-000
Event Type: Error
User:

Computer Name: laureanofami-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 139
Source Name: MsiInstaller
Time Written: 20100326013920.000000-000
Event Type: Warning
User: laureanofami-PC\laureanofamily

Computer Name: laureanofami-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 136
Source Name: MsiInstaller
Time Written: 20100326013920.000000-000
Event Type: Warning
User: laureanofami-PC\laureanofamily

Computer Name: laureanofami-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2610841155-1792437247-1835864711-1000:
Process 528 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2610841155-1792437247-1835864711-1000

Record Number: 68
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100326011110.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: laureanofami-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 25
Source Name: Microsoft-Windows-Search
Time Written: 20100326010648.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: 26L2233B2-11
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B2-11$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x27c
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100326035522.012358-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0xc40d1
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100326035511.107888-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100326035508.424671-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100326035508.424671-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

by **rexel** » June 27th, 2010, 1:41 pm

Hi cypher. I cannot do the GMER.
When i run it, it keeps doing a "*** has stopped responding"
The first time it did a blue screen but now its just closing..

by **Cypher** » June 27th, 2010, 1:46 pm

Hi rexel.
Don't worry about GMER for now.
The RSIT log.txt log you posted is cut off please post it again.
It can be found at C: > RSIT > log.txt

by **rexel** » June 27th, 2010, 1:48 pm

yeah, the GMER just cost me another blue screen )=

---

Logfile of random's system information tool 1.07 (written by random/random)
Run by Rexel at 2010-06-27 12:29:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 90 GB (39%) free of 228 GB
Total RAM: 2045 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:37 PM, on 6/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Rexel\Downloads\avira_antivir_personal_en.exe
C:\Users\Rexel\AppData\Local\Temp\RarSFX0\presetup.exe
C:\Users\Rexel\AppData\Local\Temp\RarSFX0\setup.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\Rexel\Downloads\RSIT.exe
C:\Program Files\trend micro\Rexel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: mapisrv.dll wlanapi.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9762 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{86B33D2A-102E-4517-904C-BF5E2454C7EF}.job
C:\Windows\tasks\User_Feed_Synchronization-{9E7639ED-B112-4179-B7CC-E00746ACDA36}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-25 278192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-25 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\npwinext.dll [2009-11-18 506720]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-06-25 278192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
""= []
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-03 304008]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"MSN Toolbar"=C:\Program Files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe [2009-11-18 240480]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Logitech Vid"=C:\Program Files\Logitech\Logitech Vid\vid.exe [2009-07-16 5458704]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mapisrv.dll wlanapi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0aa5931-388a-11df-aacf-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-27 12:29:54 ----D---- C:\rsit
2010-06-27 12:27:50 ----D---- C:\ProgramData\Avira
2010-06-27 12:27:50 ----D---- C:\Program Files\Avira
2010-06-27 12:03:08 ----D---- C:\Users\Rexel\AppData\Roaming\Malwarebytes
2010-06-27 12:02:52 ----D---- C:\ProgramData\Malwarebytes
2010-06-27 12:02:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-26 22:15:59 ----D---- C:\Program Files\Trend Micro
2010-06-25 07:45:08 ----D---- C:\Users\Rexel\AppData\Roaming\Yahoo!
2010-06-24 21:45:54 ----D---- C:\ProgramData\Yahoo! Companion
2010-06-24 21:45:36 ----D---- C:\ProgramData\Yahoo!
2010-06-24 21:43:40 ----D---- C:\Program Files\Yahoo!
2010-06-24 09:03:55 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 09:03:55 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 09:03:55 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 09:03:55 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 09:03:54 ----A---- C:\Windows\system32\dfshim.dll
2010-06-24 00:00:16 ----D---- C:\Program Files\iPod
2010-06-24 00:00:15 ----D---- C:\Program Files\iTunes
2010-06-23 23:55:44 ----D---- C:\Program Files\Bonjour
2010-06-23 17:50:00 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-23 17:50:00 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-06-22 22:20:46 ----D---- C:\ProgramData\Motive
2010-06-20 13:52:46 ----D---- C:\Program Files\Windows Portable Devices
2010-06-20 13:36:58 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-06-20 13:36:58 ----A---- C:\Windows\system32\UIRibbon.dll
2010-06-20 13:36:58 ----A---- C:\Windows\system32\UIAnimation.dll
2010-06-20 13:36:32 ----A---- C:\Windows\system32\WMPhoto.dll
2010-06-20 13:36:32 ----A---- C:\Windows\system32\cdd.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\xpsservices.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\XpsPrint.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-06-20 13:36:31 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\OpcServices.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\FntCache.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\dxgi.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\dxdiagn.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\dxdiag.exe
2010-06-20 13:36:31 ----A---- C:\Windows\system32\DWrite.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d11.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10warp.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10level9.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10core.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10_1.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d3d10.dll
2010-06-20 13:36:31 ----A---- C:\Windows\system32\d2d1.dll
2010-06-20 13:35:57 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-06-20 13:35:57 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-06-20 13:35:57 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-06-20 13:35:51 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-06-20 13:35:41 ----A---- C:\Windows\system32\WpdMtpUS.dll
2010-06-20 13:35:41 ----A---- C:\Windows\system32\WpdConns.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\WPDSp.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\wpdshext.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\WpdMtp.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\wpd_ci.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-06-20 13:35:40 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-06-20 13:34:44 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-06-20 13:34:44 ----A---- C:\Windows\system32\oleaccrc.dll
2010-06-20 13:34:44 ----A---- C:\Windows\system32\oleacc.dll
2010-06-19 23:44:57 ----A---- C:\Windows\system32\gameux.dll
2010-06-19 17:58:57 ----D---- C:\Windows\system32\eu-ES
2010-06-19 17:58:57 ----D---- C:\Windows\system32\ca-ES
2010-06-19 17:58:56 ----D---- C:\Windows\system32\vi-VN
2010-06-19 17:04:29 ----D---- C:\Windows\system32\EventProviders
2010-06-16 13:02:08 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2010-06-16 13:02:04 ----A---- C:\Windows\system32\SLsvc.exe
2010-06-16 13:02:04 ----A---- C:\Windows\system32\SLCExt.dll
2010-06-16 13:02:03 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2010-06-16 13:02:03 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2010-06-16 13:02:01 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2010-06-16 13:01:59 ----A---- C:\Windows\system32\mssrch.dll
2010-06-16 13:01:58 ----A---- C:\Windows\system32\tquery.dll
2010-06-16 13:01:57 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2010-06-16 13:01:56 ----A---- C:\Windows\system32\scavenge.dll
2010-06-16 13:01:55 ----A---- C:\Windows\system32\msi.dll
2010-06-16 13:01:55 ----A---- C:\Windows\system32\imapi2fs.dll
2010-06-16 13:01:54 ----A---- C:\Windows\system32\WscEapPr.dll
2010-06-16 13:01:54 ----A---- C:\Windows\system32\wcnwiz2.dll
2010-06-16 13:01:54 ----A---- C:\Windows\system32\sysmain.dll
2010-06-16 13:01:53 ----A---- C:\Windows\system32\icardagt.exe
2010-06-16 13:01:53 ----A---- C:\Windows\system32\EhStorShell.dll
2010-06-16 13:01:53 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2010-06-16 13:01:52 ----A---- C:\Windows\system32\spreview.exe
2010-06-16 13:01:52 ----A---- C:\Windows\system32\spinstall.exe
2010-06-16 13:01:51 ----A---- C:\Windows\system32\spwizui.dll
2010-06-16 13:01:51 ----A---- C:\Windows\system32\drmv2clt.dll
2010-06-16 13:01:50 ----A---- C:\Windows\system32\shell32.dll
2010-06-16 13:01:50 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2010-06-16 13:01:49 ----A---- C:\Windows\system32\SearchIndexer.exe
2010-06-16 13:01:49 ----A---- C:\Windows\system32\p2psvc.dll
2010-06-16 13:01:49 ----A---- C:\Windows\system32\mssvp.dll
2010-06-16 13:01:48 ----A---- C:\Windows\system32\mssphtb.dll
2010-06-16 13:01:48 ----A---- C:\Windows\system32\mssph.dll
2010-06-16 13:01:48 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2010-06-16 13:01:48 ----A---- C:\Windows\system32\imapi2.dll
2010-06-16 13:01:47 ----A---- C:\Windows\system32\sdohlp.dll
2010-06-16 13:01:47 ----A---- C:\Windows\system32\esent.dll
2010-06-16 13:01:46 ----A---- C:\Windows\system32\IMJP10K.DLL
2010-06-16 13:01:46 ----A---- C:\Windows\system32\DevicePairing.dll
2010-06-16 13:01:45 ----A---- C:\Windows\system32\wevtsvc.dll
2010-06-16 13:01:45 ----A---- C:\Windows\system32\sperror.dll
2010-06-16 13:01:45 ----A---- C:\Windows\system32\SLC.dll
2010-06-16 13:01:45 ----A---- C:\Windows\system32\korwbrkr.dll
2010-06-16 13:01:45 ----A---- C:\Windows\system32\IasMigReader.exe
2010-06-16 13:01:44 ----A---- C:\Windows\system32\msshsq.dll
2010-06-16 13:01:43 ----A---- C:\Windows\system32\msjet40.dll
2010-06-16 13:01:43 ----A---- C:\Windows\system32\MPSSVC.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\Query.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\qmgr.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\P2PGraph.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\ole32.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\msexch40.dll
2010-06-16 13:01:42 ----A---- C:\Windows\system32\diagperf.dll
2010-06-16 13:01:41 ----A---- C:\Windows\system32\winload.exe
2010-06-16 13:01:41 ----A---- C:\Windows\system32\srchadmin.dll
2010-06-16 13:01:41 ----A---- C:\Windows\system32\ntdll.dll
2010-06-16 13:01:41 ----A---- C:\Windows\system32\mblctr.exe
2010-06-16 13:01:41 ----A---- C:\Windows\system32\EncDec.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\uDWM.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\riched20.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\RacEngn.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\mmc.exe
2010-06-16 13:01:40 ----A---- C:\Windows\system32\IasMigPlugin.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\fdBth.dll
2010-06-16 13:01:40 ----A---- C:\Windows\system32\dfsr.exe
2010-06-16 13:01:39 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2010-06-16 13:01:39 ----A---- C:\Windows\system32\SearchFilterHost.exe
2010-06-16 13:01:39 ----A---- C:\Windows\system32\milcore.dll
2010-06-16 13:01:39 ----A---- C:\Windows\system32\kernel32.dll
2010-06-16 13:01:39 ----A---- C:\Windows\system32\EhStorAPI.dll
2010-06-16 13:01:39 ----A---- C:\Windows\system32\CertEnroll.dll
2010-06-16 13:01:38 ----A---- C:\Windows\system32\spoolss.dll
2010-06-16 13:01:38 ----A---- C:\Windows\system32\schedsvc.dll
2010-06-16 13:01:38 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2010-06-16 13:01:38 ----A---- C:\Windows\system32\msjtes40.dll
2010-06-16 13:01:38 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2010-06-16 13:01:37 ----A---- C:\Windows\system32\msvcp60.dll
2010-06-16 13:01:37 ----A---- C:\Windows\system32\infocardapi.dll
2010-06-16 13:01:37 ----A---- C:\Windows\system32\gpedit.dll
2010-06-16 13:01:36 ----A---- C:\Windows\system32\WinSAT.exe
2010-06-16 13:01:36 ----A---- C:\Windows\system32\PresentationSettings.exe
2010-06-16 13:01:36 ----A---- C:\Windows\system32\Magnify.exe
2010-06-16 13:01:36 ----A---- C:\Windows\system32\es.dll
2010-06-16 13:01:35 ----A---- C:\Windows\system32\mstext40.dll
2010-06-16 13:01:35 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2010-06-16 13:01:35 ----A---- C:\Windows\system32\advapi32.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\WebClnt.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\vssapi.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\slwmi.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\msxbde40.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\msexcl40.dll
2010-06-16 13:01:34 ----A---- C:\Windows\system32\comsvcs.dll
2010-06-16 13:01:33 ----A---- C:\Windows\system32\propsys.dll
2010-06-16 13:01:33 ----A---- C:\Windows\system32\newdev.dll
2010-06-16 13:01:33 ----A---- C:\Windows\system32\NetProjW.dll
2010-06-16 13:01:33 ----A---- C:\Windows\system32\msrepl40.dll
2010-06-16 13:01:33 ----A---- C:\Windows\system32\authui.dll
2010-06-16 13:01:32 ----A---- C:\Windows\system32\rpcss.dll
2010-06-16 13:01:32 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-06-16 13:01:32 ----A---- C:\Windows\system32\iasrecst.dll
2010-06-16 13:01:32 ----A---- C:\Windows\system32\gpsvc.dll
2010-06-16 13:01:32 ----A---- C:\Windows\system32\eudcedit.exe
2010-06-16 13:01:32 ----A---- C:\Windows\system32\crypt32.dll
2010-06-16 13:01:32 ----A---- C:\Windows\explorer.exe
2010-06-16 13:01:30 ----A---- C:\Windows\system32\setupapi.dll
2010-06-16 13:01:29 ----A---- C:\Windows\system32\mspbde40.dll
2010-06-16 13:01:29 ----A---- C:\Windows\system32\d3d9.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\shlwapi.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\msrd3x40.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\msltus40.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\mfc42.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\EhStorAuthn.dll
2010-06-16 13:01:28 ----A---- C:\Windows\system32\davclnt.dll
2010-06-16 13:01:27 ----A---- C:\Windows\system32\wevtapi.dll
2010-06-16 13:01:27 ----A---- C:\Windows\system32\photowiz.dll
2010-06-16 13:01:27 ----A---- C:\Windows\system32\nlhtml.dll
2010-06-16 13:01:27 ----A---- C:\Windows\system32\msdtctm.dll
2010-06-16 13:01:27 ----A---- C:\Windows\system32\browseui.dll
2010-06-16 13:01:26 ----A---- C:\Windows\system32\user32.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\win32spl.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\WcnNetsh.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\SLCommDlg.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\samsrv.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\oleaut32.dll
2010-06-16 13:01:25 ----A---- C:\Windows\system32\ci.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\xmlfilter.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\netshell.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\mswstr10.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\IKEEXT.DLL
2010-06-16 13:01:24 ----A---- C:\Windows\system32\emdmgmt.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\compcln.exe
2010-06-16 13:01:24 ----A---- C:\Windows\system32\audiosrv.dll
2010-06-16 13:01:24 ----A---- C:\Windows\system32\apds.dll
2010-06-16 13:01:23 ----A---- C:\Windows\system32\VSSVC.exe
2010-06-16 13:01:23 ----A---- C:\Windows\system32\SLUI.exe
2010-06-16 13:01:23 ----A---- C:\Windows\system32\QAGENTRT.DLL
2010-06-16 13:01:23 ----A---- C:\Windows\system32\msvcrt.dll
2010-06-16 13:01:23 ----A---- C:\Windows\system32\msctf.dll
2010-06-16 13:01:23 ----A---- C:\Windows\system32\mfc42u.dll
2010-06-16 13:01:23 ----A---- C:\Windows\system32\gdi32.dll
2010-06-16 13:01:22 ----A---- C:\Windows\system32\sqlsrv32.dll
2010-06-16 13:01:22 ----A---- C:\Windows\system32\odbc32.dll
2010-06-16 13:01:22 ----A---- C:\Windows\system32\msrd2x40.dll
2010-06-16 13:01:22 ----A---- C:\Windows\system32\eapphost.dll
2010-06-16 13:01:21 ----A---- C:\Windows\system32\winresume.exe
2010-06-16 13:01:21 ----A---- C:\Windows\system32\shdocvw.dll
2010-06-16 13:01:21 ----A---- C:\Windows\system32\propdefs.dll
2010-06-16 13:01:20 ----A---- C:\Windows\system32\wevtutil.exe
2010-06-16 13:01:20 ----A---- C:\Windows\system32\mssitlb.dll
2010-06-16 13:01:20 ----A---- C:\Windows\system32\dbgeng.dll
2010-06-16 13:01:19 ----A---- C:\Windows\system32\WsmSvc.dll
2010-06-16 13:01:19 ----A---- C:\Windows\system32\swprv.dll
2010-06-16 13:01:19 ----A---- C:\Windows\system32\mmcndmgr.dll
2010-06-16 13:01:18 ----A---- C:\Windows\system32\vds.exe
2010-06-16 13:01:18 ----A---- C:\Windows\system32\usp10.dll
2010-06-16 13:01:17 ----A---- C:\Windows\system32\netlogon.dll
2010-06-16 13:01:17 ----A---- C:\Windows\system32\msctfp.dll
2010-06-16 13:01:17 ----A---- C:\Windows\system32\fdBthProxy.dll
2010-06-16 13:01:17 ----A---- C:\Windows\system32\drvinst.exe
2010-06-16 13:01:17 ----A---- C:\Windows\system32\devmgr.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\Wldap32.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\wcnwiz.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\msscb.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\evr.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2010-06-16 13:01:16 ----A---- C:\Windows\system32\BFE.DLL
2010-06-16 13:01:16 ----A---- C:\Windows\system32\adsldpc.dll
2010-06-16 13:01:15 ----A---- C:\Windows\system32\WMVSDECD.DLL
2010-06-16 13:01:15 ----A---- C:\Windows\system32\services.exe
2010-06-16 13:01:14 ----A---- C:\Windows\system32\wercon.exe
2010-06-16 13:01:14 ----A---- C:\Windows\system32\wcncsvc.dll
2010-06-16 13:01:14 ----A---- C:\Windows\system32\mimefilt.dll
2010-06-16 13:01:14 ----A---- C:\Windows\system32\comdlg32.dll
2010-06-16 13:01:14 ----A---- C:\Windows\system32\adtschema.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\taskeng.exe
2010-06-16 13:01:13 ----A---- C:\Windows\system32\rtffilt.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\reg.exe
2010-06-16 13:01:13 ----A---- C:\Windows\system32\mswdat10.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\msjter40.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\msdtcprx.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\ipsmsnap.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\dnsapi.dll
2010-06-16 13:01:13 ----A---- C:\Windows\system32\certcli.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\WMNetMgr.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\w32time.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\umpnpmgr.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\msshooks.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\msscntrs.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\IPSECSVC.DLL
2010-06-16 13:01:12 ----A---- C:\Windows\system32\certutil.exe
2010-06-16 13:01:12 ----A---- C:\Windows\system32\bthserv.dll
2010-06-16 13:01:12 ----A---- C:\Windows\system32\bcrypt.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\TsWpfWrp.exe
2010-06-16 13:01:11 ----A---- C:\Windows\system32\rsaenh.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\netapi32.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\mtxclu.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\msstrc.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\msihnd.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\MMDevAPI.dll
2010-06-16 13:01:11 ----A---- C:\Windows\system32\inetpp.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\termsrv.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\shsvcs.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\profsvc.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\msiexec.exe
2010-06-16 13:01:10 ----A---- C:\Windows\system32\mscories.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\imapi.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\hidserv.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\fundisc.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2010-06-16 13:01:10 ----A---- C:\Windows\system32\cryptsvc.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\wdc.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\spoolsv.exe
2010-06-16 13:01:09 ----A---- C:\Windows\system32\rasmans.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\pnidui.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\icardres.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\iassdo.dll
2010-06-16 13:01:09 ----A---- C:\Windows\system32\chsbrkr.dll
2010-06-16 13:01:08 ----A---- C:\Windows\system32\wersvc.dll
2010-06-16 13:01:08 ----A---- C:\Windows\system32\slmgr.vbs
2010-06-16 13:01:08 ----A---- C:\Windows\system32\scrrun.dll
2010-06-16 13:01:08 ----A---- C:\Windows\system32\PSHED.DLL
2010-06-16 13:01:08 ----A---- C:\Windows\system32\autofmt.exe
2010-06-16 13:01:07 ----A---- C:\Windows\system32\wmpmde.dll
2010-06-16 13:01:07 ----A---- C:\Windows\system32\pidgenx.dll
2010-06-16 13:01:07 ----A---- C:\Windows\system32\pdh.dll
2010-06-16 13:01:07 ----A---- C:\Windows\system32\dhcpcsvc.dll
2010-06-16 13:01:07 ----A---- C:\Windows\system32\CertEnrollUI.dll
2010-06-16 13:01:07 ----A---- C:\Windows\system32\azroles.dll
2010-06-16 13:01:06 ----A---- C:\Windows\system32\winlogon.exe
2010-06-16 13:01:06 ----A---- C:\Windows\system32\SyncCenter.dll
2010-06-16 13:01:06 ----A---- C:\Windows\system32\SLUINotify.dll
2010-06-16 13:01:06 ----A---- C:\Windows\system32\msjetoledb40.dll
2010-06-16 13:01:06 ----A---- C:\Windows\system32\comuid.dll
2010-06-16 13:01:06 ----A---- C:\Windows\system32\certmgr.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\untfs.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\spp.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\sethc.exe
2010-06-16 13:01:05 ----A---- C:\Windows\system32\scrobj.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\ncrypt.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\kd1394.dll
2010-06-16 13:01:05 ----A---- C:\Windows\system32\iassam.dll
2010-06-16 13:01:04 ----A---- C:\Windows\system32\wisptis.exe
2010-06-16 13:01:04 ----A---- C:\Windows\system32\taskcomp.dll
2010-06-16 13:01:04 ----A---- C:\Windows\system32\rtutils.dll
2010-06-16 13:01:04 ----A---- C:\Windows\system32\dwm.exe
2010-06-16 13:01:03 ----A---- C:\Windows\system32\autochk.exe
2010-06-16 13:01:02 ----A---- C:\Windows\system32\winsrv.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\printui.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\onex.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\kdcom.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\iasnap.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\cscript.exe
2010-06-16 13:01:02 ----A---- C:\Windows\system32\basecsp.dll
2010-06-16 13:01:02 ----A---- C:\Windows\system32\autoconv.exe
2010-06-16 13:01:01 ----A---- C:\Windows\system32\wow32.dll
2010-06-16 13:01:01 ----A---- C:\Windows\system32\userenv.dll
2010-06-16 13:01:01 ----A---- C:\Windows\system32\osk.exe
2010-06-16 13:01:01 ----A---- C:\Windows\system32\mswsock.dll
2010-06-16 13:01:01 ----A---- C:\Windows\system32\audiodg.exe
2010-06-16 13:01:00 ----A---- C:\Windows\system32\WinSCard.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\winmm.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\WerFaultSecure.exe
2010-06-16 13:01:00 ----A---- C:\Windows\system32\spcmsg.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\RelMon.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\rdpencom.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\offfilt.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\msftedit.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\kdusb.dll
2010-06-16 13:01:00 ----A---- C:\Windows\system32\dnsrslvr.dll
2010-06-16 13:00:59 ----A---- C:\Windows\system32\wsepno.dll
2010-06-16 13:00:59 ----A---- C:\Windows\system32\WerFault.exe
2010-06-16 13:00:59 ----A---- C:\Windows\system32\Utilman.exe
2010-06-16 13:00:59 ----A---- C:\Windows\system32\stobject.dll
2010-06-16 13:00:59 ----A---- C:\Windows\system32\mfplat.dll
2010-06-16 13:00:59 ----A---- C:\Windows\system32\diskraid.exe
2010-06-16 13:00:59 ----A---- C:\Windows\system32\apphelp.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\wscript.exe
2010-06-16 13:00:58 ----A---- C:\Windows\system32\wiaservc.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\ulib.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\sysclass.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\SndVol.exe
2010-06-16 13:00:58 ----A---- C:\Windows\system32\prnntfy.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\odbccp32.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\msnetobj.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\mscms.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\mcmde.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\iasdatastore.dll
2010-06-16 13:00:58 ----A---- C:\Windows\system32\adsmsext.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\wscntfy.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\rastapi.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\pnpsetup.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\ipsecsnp.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2010-06-16 13:00:57 ----A---- C:\Windows\system32\fdProxy.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\dsound.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\cryptui.dll
2010-06-16 13:00:57 ----A---- C:\Windows\system32\brcpl.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\wscsvc.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\WMVENCOD.DLL
2010-06-16 13:00:56 ----A---- C:\Windows\system32\wlangpui.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\vdsdyn.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\regsvc.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\rasapi32.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\ntprint.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\mscorier.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\logman.exe
2010-06-16 13:00:56 ----A---- C:\Windows\system32\iashlpr.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\gpapi.dll
2010-06-16 13:00:56 ----A---- C:\Windows\system32\diskpart.exe
2010-06-16 13:00:55 ----A---- C:\Windows\system32\zipfldr.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\wusa.exe
2010-06-16 13:00:55 ----A---- C:\Windows\system32\wshext.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\wpccpl.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\rasdlg.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\netcenter.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\iasrad.dll
2010-06-16 13:00:55 ----A---- C:\Windows\system32\findstr.exe
2010-06-16 13:00:54 ----A---- C:\Windows\system32\wsnmp32.dll
2010-06-16 13:00:54 ----A---- C:\Windows\system32\wer.dll
2010-06-16 13:00:54 ----A---- C:\Windows\system32\themecpl.dll
2010-06-16 13:00:54 ----A---- C:\Windows\system32\iassvcs.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\uxsms.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\srvsvc.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\slcc.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\scansetting.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\powrprof.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\ntmarta.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\msutb.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\mstsc.exe
2010-06-16 13:00:53 ----A---- C:\Windows\system32\mstlsapi.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\mssprxy.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\iasads.dll
2010-06-16 13:00:53 ----A---- C:\Windows\system32\iasacct.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\systemcpl.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\sud.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\powercpl.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\pcaui.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\newdev.exe
2010-06-16 13:00:52 ----A---- C:\Windows\system32\networkmap.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\dot3svc.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\connect.dll
2010-06-16 13:00:52 ----A---- C:\Windows\system32\authz.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\usercpl.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\themeui.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\samlib.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\qdvd.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\mmci.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\autoplay.dll
2010-06-16 13:00:51 ----A---- C:\Windows\system32\accessibilitycpl.dll
2010-06-16 13:00:50 ----A---- C:\Windows\system32\wpcao.dll
2010-06-16 13:00:50 ----A---- C:\Windows\system32\wlanpref.dll
2010-06-16 13:00:50 ----A---- C:\Windows\system32\rpchttp.dll
2010-06-16 13:00:50 ----A---- C:\Windows\system32\regapi.dll
2010-06-16 13:00:50 ----A---- C:\Windows\system32\msinfo32.exe
2010-06-16 13:00:49 ----A---- C:\Windows\system32\vdsutil.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\tapisrv.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\scksp.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\scesrv.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\psisdecd.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\oleprn.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\mpr.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\imm32.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\feclient.dll
2010-06-16 13:00:48 ----A---- C:\Windows\system32\AudioSes.dll
2010-06-16 13:00:47 ----A---- C:\Windows\system32\wscisvif.dll
2010-06-16 13:00:47 ----A---- C:\Windows\system32\sdclt.exe
2010-06-16 13:00:47 ----A---- C:\Windows\system32\rekeywiz.exe
2010-06-16 13:00:47 ----A---- C:\Windows\system32\iaspolcy.dll
2010-06-16 13:00:47 ----A---- C:\Windows\system32\Faultrep.dll
2010-06-16 13:00:47 ----A---- C:\Windows\system32\dot3msm.dll
2010-06-16 13:00:47 ----A---- C:\Windows\system32\DeviceEject.exe
2010-06-16 13:00:46 ----A---- C:\Windows\system32\dpapimig.exe
2010-06-16 13:00:45 ----A---- C:\Windows\system32\scecli.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\rasgcw.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\qedit.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\pnpui.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\perfdisk.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\ncryptui.dll
2010-06-16 13:00:45 ----A---- C:\Windows\system32\hdwwiz.exe
2010-06-16 13:00:45 ----A---- C:\Windows\system32\certreq.exe
2010-06-16 13:00:44 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2010-06-16 13:00:43 ----A---- C:\Windows\system32\TSTheme.exe
2010-06-16 13:00:43 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-06-16 13:00:43 ----A---- C:\Windows\system32\spwinsat.dll
2010-06-16 13:00:43 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2010-06-16 13:00:43 ----A---- C:\Windows\system32\rasplap.dll
2010-06-16 13:00:43 ----A---- C:\Windows\system32\cmmon32.exe
2010-06-16 13:00:42 ----A---- C:\Windows\system32\whealogr.dll
2010-06-16 13:00:42 ----A---- C:\Windows\system32\tcpmon.dll
2010-06-16 13:00:42 ----A---- C:\Windows\system32\srcore.dll
2010-06-16 13:00:42 ----A---- C:\Windows\system32\SCardSvr.dll
2010-06-16 13:00:42 ----A---- C:\Windows\system32\PnPUnattend.exe
2010-06-16 13:00:42 ----A---- C:\Windows\system32\fdWSD.dll
2010-06-16 13:00:42 ----A---- C:\Windows\system32\conime.exe
2010-06-16 13:00:42 ----A---- C:\Windows\system32\cmdial32.dll
2010-06-16 13:00:41 ----A---- C:\Windows\system32\WMVXENCD.DLL
2010-06-16 13:00:41 ----A---- C:\Windows\system32\wlanui.dll
2010-06-16 13:00:41 ----A---- C:\Windows\system32\wiaaut.dll
2010-06-16 13:00:41 ----A---- C:\Windows\system32\SnippingTool.exe
2010-06-16 13:00:41 ----A---- C:\Windows\system32\raschap.dll
2010-06-16 13:00:41 ----A---- C:\Windows\system32\MSVidCtl.dll
2010-06-16 13:00:41 ----A---- C:\Windows\system32\fontext.dll
2010-06-16 13:00:40 ----A---- C:\Windows\system32\shwebsvc.dll
2010-06-16 13:00:40 ----A---- C:\Windows\system32\rasppp.dll
2010-06-16 13:00:40 ----A---- C:\Windows\system32\PnPutil.exe
2010-06-16 13:00:40 ----A---- C:\Windows\system32\oobefldr.dll
2010-06-16 13:00:40 ----A---- C:\Windows\system32\dsprop.dll
2010-06-16 13:00:40 ----A---- C:\Windows\system32\dimsroam.dll
2010-06-16 13:00:39 ----A---- C:\Windows\system32\shsetup.dll
2010-06-16 13:00:39 ----A---- C:\Windows\system32\rasmontr.dll
2010-06-16 13:00:39 ----A---- C:\Windows\system32\mscandui.dll
2010-06-16 13:00:39 ----A---- C:\Windows\system32\modemui.dll
2010-06-16 13:00:39 ----A---- C:\Windows\system32\chtbrkr.dll
2010-06-16 13:00:38 ----A---- C:\Windows\system32\wmdrmsdk.dll
2010-06-16 13:00:38 ----A---- C:\Windows\system32\dataclen.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\WSDMon.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\wmpeffects.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\wlgpclnt.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\smss.exe
2010-06-16 13:00:37 ----A---- C:\Windows\system32\rdpwsx.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\netplwiz.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\credui.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\certprop.dll
2010-06-16 13:00:37 ----A---- C:\Windows\system32\blackbox.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\wscapi.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\wpcsvc.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\thawbrkr.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\softkbd.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\sendmail.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\networkexplorer.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\msscp.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\msimtf.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\logagent.exe
2010-06-16 13:00:36 ----A---- C:\Windows\system32\InkEd.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\ifmon.dll
2010-06-16 13:00:36 ----A---- C:\Windows\system32\gpresult.exe
2010-06-16 13:00:36 ----A---- C:\Windows\system32\cipher.exe
2010-06-16 13:00:35 ----A---- C:\Windows\system32\wshbth.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\version.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\SLLUA.exe
2010-06-16 13:00:35 ----A---- C:\Windows\system32\puiapi.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\olepro32.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\msisip.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\msctfui.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\mprapi.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\input.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\ExplorerFrame.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\drmmgrtn.dll
2010-06-16 13:00:35 ----A---- C:\Windows\system32\dmsynth.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\wsdchngr.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\SMBHelperClass.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\msjint40.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\l2nacp.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\ftp.exe
2010-06-16 13:00:34 ----A---- C:\Windows\system32\fdSSDP.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\fc.exe
2010-06-16 13:00:34 ----A---- C:\Windows\system32\eapp3hst.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\dmusic.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\cscdll.dll
2010-06-16 13:00:34 ----A---- C:\Windows\system32\cscapi.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\tscupgrd.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\Storprop.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\slcinst.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\rasdial.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\rasdiag.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\ocsetup.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\nslookup.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\networkitemfactory.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\ipconfig.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\hbaapi.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\fdWCN.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\fdeploy.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\eappgnui.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\eappcfg.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\dot3cfg.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2010-06-16 13:00:33 ----A---- C:\Windows\system32\bthudtask.exe
2010-06-16 13:00:33 ----A---- C:\Windows\system32\bthci.dll
2010-06-16 13:00:32 ----A---- C:\Windows\system32\PNPXAssoc.dll
2010-06-16 13:00:32 ----A---- C:\Windows\system32\NcdProp.dll
2010-06-16 13:00:32 ----A---- C:\Windows\system32\mmcico.dll
2010-06-16 13:00:32 ----A---- C:\Windows\system32\iscsilog.dll
2010-06-16 13:00:32 ----A---- C:\Windows\system32\gpupdate.exe
2010-06-16 13:00:32 ----A---- C:\Windows\system32\csrstub.exe
2010-06-16 13:00:32 ----A---- C:\Windows\system32\cbsra.exe
2010-06-16 13:00:32 ----A---- C:\Windows\system32\bitsigd.dll
2010-06-16 13:00:31 ----A---- C:\Windows\system32\winrnr.dll
2010-06-16 13:00:31 ----A---- C:\Windows\system32\vdmdbg.dll
2010-06-16 13:00:31 ----A---- C:\Windows\system32\slwga.dll
2010-06-16 13:00:31 ----A---- C:\Windows\system32\odbcconf.dll
2010-06-16 13:00:31 ----A---- C:\Windows\system32\inetppui.dll
2010-06-16 13:00:30 ----A---- C:\Windows\system32\midimap.dll
2010-06-16 13:00:28 ----A---- C:\Windows\system32\f3ahvoas.dll
2010-06-16 13:00:27 ----A---- C:\Windows\system32\msimsg.dll
2010-06-16 13:00:14 ----A---- C:\Windows\system32\SmiEngine.dll
2010-06-16 13:00:09 ----A---- C:\Windows\system32\wdscore.dll
2010-06-16 13:00:09 ----A---- C:\Windows\system32\PkgMgr.exe
2010-06-16 13:00:00 ----A---- C:\Windows\system32\drvstore.dll
2010-06-16 12:46:42 ----A---- C:\Windows\system32\inetcomm.dll
2010-06-16 12:46:35 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-16 12:46:29 ----A---- C:\Windows\system32\tzres.dll
2010-06-16 12:46:03 ----A---- C:\Windows\system32\atmfd.dll
2010-06-16 12:46:02 ----A---- C:\Windows\system32\atmlib.dll
2010-06-16 12:45:47 ----A---- C:\Windows\system32\mshtml.dll
2010-06-16 12:45:47 ----A---- C:\Windows\system32\ieframe.dll
2010-06-16 12:45:46 ----A---- C:\Windows\system32\iertutil.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\wininet.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\urlmon.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\occache.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\mstime.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\ieui.dll
2010-06-16 12:45:45 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-16 12:45:44 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-16 12:45:44 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\iesetup.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\iernonce.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\iepeers.dll
2010-06-16 12:45:44 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-15 23:32:44 ----D---- C:\Users\Rexel\AppData\Roaming\Ventrilo
2010-06-14 07:03:22 ----D---- C:\Users\Rexel\AppData\Roaming\WinRAR
2010-06-13 13:26:29 ----D---- C:\Users\Rexel\AppData\Roaming\Mozilla
2010-06-12 23:00:15 ----D---- C:\Windows\system32\F01744F2FC1
2010-06-12 23:00:15 ----D---- C:\Windows\system32\F016D353D7B
2010-06-12 23:00:15 ----D---- C:\Windows\system32\F0157A43D16
2010-06-12 22:54:33 ----D---- C:\Users\Rexel\AppData\Roaming\Apple Computer
2010-06-12 20:05:49 ----D---- C:\Users\Rexel\AppData\Roaming\Macromedia
2010-06-12 20:05:47 ----D---- C:\Users\Rexel\AppData\Roaming\Adobe
2010-06-12 20:05:04 ----D---- C:\Users\Rexel\AppData\Roaming\Google
2010-06-12 20:03:03 ----D---- C:\Windows\system32\F013AAE60B7
2010-06-12 19:49:12 ----D---- C:\Windows\system32\F01330A791A
2010-06-12 19:48:45 ----D---- C:\Windows\system32\F011FD80175
2010-06-12 19:48:45 ----D---- C:\Windows\system32\F010428152A
2010-06-12 06:16:54 ----D---- C:\sysmon
2010-06-12 06:16:10 ----D---- C:\Program Files\WinRAR
2010-06-09 19:58:01 ----D---- C:\ProgramData\Free Ride Games
2010-06-07 07:05:53 ----D---- C:\ProgramData\Google
2010-06-07 07:05:53 ----D---- C:\Program Files\Google
2010-06-07 07:05:30 ----D---- C:\Windows\system32\Adobe
2010-06-04 12:25:19 ----D---- C:\Program Files\ATT
2010-05-31 21:52:34 ----D---- C:\ProgramData\GameHouse
2010-05-31 15:51:41 ----D---- C:\ProgramData\Meridian93

======List of files/folders modified in the last 1 months======

2010-06-27 12:30:07 ----D---- C:\Windows\Prefetch
2010-06-27 12:28:31 ----D---- C:\Windows\Temp
2010-06-27 12:27:51 ----D---- C:\Windows\system32\drivers
2010-06-27 12:27:50 ----RD---- C:\Program Files
2010-06-27 12:27:50 ----HD---- C:\ProgramData
2010-06-27 12:25:19 ----SHD---- C:\Windows\Installer
2010-06-27 12:25:19 ----D---- C:\Windows\winsxs
2010-06-27 12:23:55 ----D---- C:\Program Files\Dl_cats
2010-06-27 12:22:56 ----D---- C:\Windows\Registration
2010-06-26 22:55:02 ----SHD---- C:\System Volume Information
2010-06-26 22:15:59 ----SD---- C:\Users\Rexel\AppData\Roaming\Microsoft
2010-06-26 08:01:56 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-06-25 23:09:10 ----D---- C:\Windows\Tasks
2010-06-25 23:09:10 ----D---- C:\Windows\system32\Tasks
2010-06-25 23:07:26 ----D---- C:\Program Files\Yahoo! Games
2010-06-25 23:07:15 ----D---- C:\Fraps
2010-06-25 23:07:07 ----D---- C:\Program Files\Ask.com
2010-06-25 23:06:26 ----D---- C:\Program Files\MSN Games
2010-06-25 23:05:01 ----D---- C:\ProgramData\Oberon Media
2010-06-25 22:56:13 ----D---- C:\Program Files\Common Files\InstallShield
2010-06-25 22:55:24 ----D---- C:\Windows
2010-06-25 19:04:07 ----D---- C:\Windows\system32\catroot2
2010-06-25 16:11:05 ----D---- C:\ProgramData\LogiShrd
2010-06-25 12:55:42 ----D---- C:\Windows\System32
2010-06-25 06:16:35 ----D---- C:\Windows\Microsoft.NET
2010-06-25 06:16:34 ----RSD---- C:\Windows\assembly
2010-06-25 06:12:20 ----D---- C:\Windows\inf
2010-06-25 06:12:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-25 06:08:49 ----D---- C:\Windows\system32\en-US
2010-06-25 06:08:46 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 21:45:09 ----D---- C:\Program Files\Common Files\microsoft shared
2010-06-24 11:50:14 ----D---- C:\Windows\AppPatch
2010-06-24 09:04:20 ----D---- C:\Windows\system32\catroot
2010-06-24 00:00:16 ----D---- C:\Program Files\Common Files\Apple
2010-06-23 23:51:47 ----D---- C:\Program Files\Safari
2010-06-23 16:40:46 ----A---- C:\Windows\ODBC.INI
2010-06-22 22:20:46 ----D---- C:\Program Files\Common Files
2010-06-21 09:29:23 ----D---- C:\Windows\Logs
2010-06-20 14:11:35 ----D---- C:\Windows\rescache
2010-06-20 13:52:45 ----D---- C:\Windows\system32\wbem
2010-06-20 13:52:41 ----D---- C:\Windows\system32\zh-TW
2010-06-20 13:52:41 ----D---- C:\Windows\system32\zh-HK
2010-06-20 13:52:41 ----D---- C:\Windows\system32\zh-CN
2010-06-20 13:52:41 ----D---- C:\Windows\system32\uk-UA
2010-06-20 13:52:41 ----D---- C:\Windows\system32\tr-TR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\th-TH
2010-06-20 13:52:41 ----D---- C:\Windows\system32\sv-SE
2010-06-20 13:52:41 ----D---- C:\Windows\system32\sr-Latn-CS
2010-06-20 13:52:41 ----D---- C:\Windows\system32\sl-SI
2010-06-20 13:52:41 ----D---- C:\Windows\system32\sk-SK
2010-06-20 13:52:41 ----D---- C:\Windows\system32\ru-RU
2010-06-20 13:52:41 ----D---- C:\Windows\system32\ro-RO
2010-06-20 13:52:41 ----D---- C:\Windows\system32\pt-PT
2010-06-20 13:52:41 ----D---- C:\Windows\system32\pt-BR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\pl-PL
2010-06-20 13:52:41 ----D---- C:\Windows\system32\nl-NL
2010-06-20 13:52:41 ----D---- C:\Windows\system32\nb-NO
2010-06-20 13:52:41 ----D---- C:\Windows\system32\lv-LV
2010-06-20 13:52:41 ----D---- C:\Windows\system32\lt-LT
2010-06-20 13:52:41 ----D---- C:\Windows\system32\ko-KR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\ja-JP
2010-06-20 13:52:41 ----D---- C:\Windows\system32\it-IT
2010-06-20 13:52:41 ----D---- C:\Windows\system32\hu-HU
2010-06-20 13:52:41 ----D---- C:\Windows\system32\hr-HR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\he-IL
2010-06-20 13:52:41 ----D---- C:\Windows\system32\fr-FR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\fi-FI
2010-06-20 13:52:41 ----D---- C:\Windows\system32\et-EE
2010-06-20 13:52:41 ----D---- C:\Windows\system32\es-ES
2010-06-20 13:52:41 ----D---- C:\Windows\system32\el-GR
2010-06-20 13:52:41 ----D---- C:\Windows\system32\de-DE
2010-06-20 13:52:41 ----D---- C:\Windows\system32\da-DK
2010-06-20 13:52:41 ----D---- C:\Windows\system32\cs-CZ
2010-06-20 13:52:41 ----D---- C:\Windows\system32\bg-BG
2010-06-20 13:52:41 ----D---- C:\Windows\system32\ar-SA
2010-06-19 18:04:24 ----SHD---- C:\Boot
2010-06-19 17:59:21 ----D---- C:\Windows\servicing
2010-06-19 17:59:21 ----D---- C:\Windows\ehome
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Sidebar
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Photo Gallery
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Media Player
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Mail
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Journal
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Defender
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Collaboration
2010-06-19 17:59:21 ----D---- C:\Program Files\Windows Calendar
2010-06-19 17:59:21 ----D---- C:\Program Files\Movie Maker
2010-06-19 17:59:21 ----D---- C:\Program Files\Internet Explorer
2010-06-19 17:59:21 ----D---- C:\Program Files\Common Files\System
2010-06-19 17:59:18 ----D---- C:\Windows\system32\XPSViewer
2010-06-19 17:59:18 ----D---- C:\Windows\IME
2010-06-19 17:59:11 ----D---- C:\Windows\system32\oobe
2010-06-19 17:59:11 ----D---- C:\Windows\system32\migration
2010-06-19 17:59:11 ----D---- C:\Windows\system32\AdvancedInstallers
2010-06-19 17:59:10 ----D---- C:\Windows\system32\SLUI
2010-06-19 17:59:10 ----D---- C:\Windows\system32\setup
2010-06-19 17:59:10 ----D---- C:\Windows\system32\migwiz
2010-06-19 17:59:10 ----D---- C:\Windows\system32\manifeststore
2010-06-19 17:59:10 ----D---- C:\Windows\system32\en
2010-06-19 17:59:02 ----RSD---- C:\Windows\Fonts
2010-06-19 17:58:56 ----D---- C:\Windows\system32\Boot
2010-06-17 15:40:22 ----D---- C:\Windows\system32\WDI
2010-06-17 01:11:03 ----D---- C:\Windows\PolicyDefinitions
2010-06-16 07:52:39 ----D---- C:\Windows\system32\spool
2010-06-16 07:51:33 ----ASH---- C:\Program Files\desktop.ini
2010-06-16 07:44:37 ----D---- C:\Windows\MSAgent
2010-06-16 07:44:37 ----D---- C:\Windows\L2Schemas
2010-06-16 07:44:37 ----D---- C:\Windows\DigitalLocker
2010-06-16 07:44:36 ----D---- C:\Windows\system32\com
2010-06-16 07:44:33 ----D---- C:\Windows\system32\sysprep
2010-06-16 07:44:32 ----D---- C:\Windows\system32\ias
2010-06-16 07:43:55 ----D---- C:\Windows\Boot
2010-06-16 06:06:39 ----A---- C:\Windows\system32\ifxcardm.dll
2010-06-16 06:06:35 ----A---- C:\Windows\system32\axaltocm.dll
2010-06-10 20:58:23 ----A---- C:\Windows\win.ini
2010-06-09 20:01:50 ----D---- C:\ProgramData\PlayFirst
2010-06-09 19:58:00 ----SD---- C:\Windows\Downloaded Program Files
2010-06-07 19:15:10 ----AD---- C:\ProgramData\TEMP
2010-06-07 07:18:09 ----D---- C:\Program Files\Oberon Media
2010-06-04 09:35:26 ----SD---- C:\ProgramData\Microsoft
2010-05-28 14:37:34 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-18 220672]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-01-12 11586280]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-05-01 2687512]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-01-12 129640]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-25 136176]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-25 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

by **Cypher** » June 27th, 2010, 2:19 pm

Hi rexel.
Good work so far.
Please continue with the instructions below.

TDSSKiller

Please Download TDSSKiller.exe and save it on your desktop.
Important!: Run this fix once and once only.
Double click TDSSKiller.exe to run it.
a log file should be created on your C: drive named something like TDSSKiller.2.3.2.0 19.06.2010
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.

Next.

Back Up registry with ERUNT

Please use the following link and download ERUNT to your desktop. HERE
Click on the erunt-setup.exe
Follow the prompts to install ERUNT
Choose language
A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO
Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next

Disable Avira anti-virus

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: )
right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: )
Note: Don't forget to re-enable it after the fix.

Next.

Download and Run ComboFix

Please download ComboFix from one of the following links.

Link 1.

Link 2.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Logs/Information to Post in your Next Reply

TDSSKiller log.
ComboFix log.
Please give me an update on your computers performance.

by **rexel** » June 27th, 2010, 2:32 pm

13:30:51:491 3276 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
13:30:51:491 3276 ================================================================================
13:30:51:491 3276 SystemInfo:

13:30:51:491 3276 OS Version: 6.0.6002 ServicePack: 2.0
13:30:51:491 3276 Product type: Workstation
13:30:51:491 3276 ComputerName: LAUREANOFAMI-PC
13:30:51:491 3276 UserName: Rexel
13:30:51:491 3276 Windows directory: C:\Windows
13:30:51:491 3276 Processor architecture: Intel x86
13:30:51:491 3276 Number of processors: 2
13:30:51:491 3276 Page size: 0x1000
13:30:51:492 3276 Boot type: Normal boot
13:30:51:492 3276 ================================================================================
13:30:51:678 3276 Initialize success
13:30:51:679 3276
13:30:51:679 3276 Scanning Services ...
13:30:52:174 3276 Raw services enum returned 436 services
13:30:52:181 3276
13:30:52:182 3276 Scanning Drivers ...
13:30:52:646 3276 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:30:52:701 3276 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:30:52:748 3276 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:30:52:785 3276 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:30:52:864 3276 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:30:52:961 3276 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
13:30:53:004 3276 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
13:30:53:070 3276 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:30:53:147 3276 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
13:30:53:256 3276 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
13:30:53:358 3276 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
13:30:53:661 3276 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:30:53:717 3276 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:30:53:752 3276 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:30:53:949 3276 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:30:54:135 3276 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:30:54:365 3276 atapi (a779ca2c76da4fcb595e692c05e8e4eb) C:\Windows\system32\drivers\atapi.sys
13:30:54:582 3276 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\Windows\system32\DRIVERS\avgntflt.sys
13:30:54:623 3276 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\Windows\system32\DRIVERS\avipbb.sys
13:30:54:675 3276 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:30:54:842 3276 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
13:30:55:043 3276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:30:55:215 3276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:30:55:429 3276 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:30:55:637 3276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:30:55:739 3276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:30:55:919 3276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:30:56:201 3276 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:30:56:545 3276 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:30:56:595 3276 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:30:56:738 3276 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:30:56:964 3276 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:30:57:201 3276 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
13:30:57:400 3276 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
13:30:57:575 3276 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:30:57:725 3276 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:30:57:801 3276 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
13:30:57:951 3276 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:30:58:178 3276 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
13:30:58:451 3276 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
13:30:58:680 3276 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
13:30:58:830 3276 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\Windows\system32\DLA\DLADResM.SYS
13:30:59:002 3276 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
13:30:59:235 3276 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
13:30:59:441 3276 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
13:30:59:613 3276 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
13:30:59:693 3276 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
13:30:59:731 3276 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
13:30:59:796 3276 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:31:00:047 3276 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
13:31:00:219 3276 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
13:31:00:575 3276 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
13:31:00:785 3276 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
13:31:01:015 3276 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:31:01:126 3276 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:31:01:160 3276 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:31:01:224 3276 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:31:01:284 3276 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:31:01:330 3276 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:31:01:394 3276 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:31:01:426 3276 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:31:01:490 3276 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:31:01:570 3276 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:31:01:589 3276 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:31:01:626 3276 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:31:01:672 3276 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:31:01:736 3276 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:31:01:890 3276 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:31:02:034 3276 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:31:02:185 3276 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:31:02:314 3276 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:31:02:457 3276 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:31:02:757 3276 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:31:02:855 3276 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:31:02:947 3276 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:31:03:036 3276 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:31:03:115 3276 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:31:03:271 3276 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
13:31:03:483 3276 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:31:03:684 3276 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:31:03:752 3276 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:31:03:969 3276 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:31:04:035 3276 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:31:04:125 3276 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
13:31:04:378 3276 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:31:04:707 3276 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:31:04:967 3276 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:31:05:263 3276 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:31:05:337 3276 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:31:05:619 3276 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
13:31:06:042 3276 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:31:06:452 3276 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:31:06:730 3276 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:31:06:812 3276 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:31:06:854 3276 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:31:07:008 3276 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:31:07:082 3276 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:31:07:182 3276 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:31:07:418 3276 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:31:07:780 3276 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:31:08:148 3276 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:31:08:237 3276 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:31:08:331 3276 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:31:08:399 3276 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:31:08:524 3276 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:31:08:579 3276 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:31:08:766 3276 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:31:08:809 3276 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:31:09:047 3276 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:31:09:094 3276 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:31:09:153 3276 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
13:31:09:282 3276 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:31:09:525 3276 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:31:10:058 3276 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:31:10:552 3276 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:31:10:962 3276 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:31:11:020 3276 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:31:11:160 3276 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:31:11:428 3276 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:31:11:574 3276 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:31:11:660 3276 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:31:11:773 3276 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:31:11:929 3276 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:31:11:982 3276 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:31:12:105 3276 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:31:12:201 3276 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:31:12:335 3276 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:31:12:436 3276 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:31:12:535 3276 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:31:12:734 3276 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:31:12:953 3276 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:31:13:040 3276 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:31:13:514 3276 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:31:13:709 3276 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:31:13:798 3276 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:31:15:261 3276 nvlddmkm (712d98d35e68d0006b121f4a3b8ee814) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:31:15:500 3276 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
13:31:15:555 3276 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
13:31:15:619 3276 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
13:31:15:755 3276 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:31:15:964 3276 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:31:16:097 3276 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:31:16:353 3276 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:31:16:563 3276 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:31:16:608 3276 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
13:31:16:862 3276 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:31:17:070 3276 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:31:17:862 3276 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
13:31:18:372 3276 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:31:18:681 3276 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:31:19:060 3276 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:31:19:430 3276 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
13:31:19:727 3276 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:31:19:794 3276 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:31:19:896 3276 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:31:19:931 3276 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:31:20:200 3276 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:31:20:740 3276 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:31:20:993 3276 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:31:21:204 3276 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:31:21:430 3276 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:31:21:704 3276 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
13:31:21:813 3276 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:31:22:088 3276 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:31:22:180 3276 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:31:22:230 3276 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:31:22:276 3276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:31:22:306 3276 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:31:22:377 3276 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:31:22:641 3276 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:31:22:693 3276 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
13:31:22:756 3276 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
13:31:22:923 3276 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
13:31:23:111 3276 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:31:23:164 3276 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
13:31:23:308 3276 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:31:23:394 3276 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:31:23:464 3276 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:31:23:585 3276 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:31:23:723 3276 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
13:31:23:783 3276 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
13:31:23:818 3276 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
13:31:24:064 3276 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:31:24:169 3276 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:31:24:216 3276 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:31:24:406 3276 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:31:24:689 3276 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:31:24:775 3276 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys
13:31:24:826 3276 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys
13:31:24:862 3276 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:31:24:903 3276 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:31:25:074 3276 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:31:25:157 3276 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:31:25:262 3276 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:31:25:477 3276 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:31:25:685 3276 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:31:25:803 3276 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:31:26:133 3276 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:31:26:431 3276 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:31:26:561 3276 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
13:31:26:889 3276 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:31:26:964 3276 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:31:27:022 3276 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:31:27:090 3276 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:31:27:364 3276 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:31:27:405 3276 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:31:27:673 3276 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:31:27:758 3276 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:31:27:805 3276 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:31:27:866 3276 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:31:28:070 3276 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:31:28:240 3276 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:31:28:308 3276 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:31:28:570 3276 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:31:28:669 3276 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:31:28:750 3276 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:31:28:815 3276 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
13:31:28:880 3276 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:31:29:080 3276 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
13:31:29:360 3276 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:31:29:559 3276 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:31:29:610 3276 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:31:29:725 3276 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:31:29:873 3276 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
13:31:29:935 3276 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:31:29:964 3276 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:31:30:131 3276 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:30:144 3276 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:31:30:325 3276 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:31:30:603 3276 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:31:30:733 3276 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:31:30:879 3276 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
13:31:30:988 3276 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:31:31:181 3276 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:31:31:250 3276 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:31:31:252 3276
13:31:31:252 3276 Completed
13:31:31:252 3276
13:31:31:252 3276 Results:
13:31:31:252 3276 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:31:31:253 3276 File objects infected / cured / cured on reboot: 0 / 0 / 0
13:31:31:253 3276
13:31:31:255 3276 KLMD(ARK) unloaded successfully

by **rexel** » June 27th, 2010, 2:36 pm

other logs are on the way

by **Cypher** » June 27th, 2010, 3:04 pm

No problem post the ComboFix log when ready.

Free Malware Removal Forum

Vistanumbers internet links redirect

Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Re: Vistanumbers internet links redirect

Who is online