Possible Rootkit?

[frustratedtotheex]

Ok. So my husband believes we have a rootkit because several services keep starting up when they are disabled and certain applications start running when I'm online and you see the admin prompt for a short time. I am attaching several logs. PLEASE help me. A lot of the software doesn't recognize anything but my husband believes it's because it has a PE file injector. I'm a teacher (both online and in a public school and really need my computer)! So, again, please help!

wMBR version 0.9.9.1124 Copyright© 2011 AVAST Software

Run date: 2007-01-03 07:01:54

-----------------------------

07:01:54.056 OS Version: Windows 6.0.6000

07:01:54.056 Number of processors: 2 586 0x6802

07:01:54.056 ComputerName: MARY-PC UserName: Mary

07:01:54.992 Initialize success

07:02:38.242 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

07:02:38.257 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3

07:02:38.288 Disk 0 MBR read successfully

07:02:38.304 Disk 0 MBR scan

07:02:38.304 Disk 0 Windows VISTA default MBR code

07:02:38.320 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

07:02:38.335 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151126 MB offset 3074048

07:02:38.351 Disk 0 scanning sectors +312580096

07:02:38.429 Disk 0 scanning C:\Windows\system32\drivers

07:02:41.736 Service scanning

07:02:43.421 Modules scanning

07:02:51.954 Disk 0 trace - called modules:

07:02:52.001 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys

07:02:52.001 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85637ad8]

07:02:52.016 3 ntkrnlpa.exe[81cb06e2] -> nt!IofCallDriver -> [0x8554b9b0]

07:02:52.016 5 acpi.sys[8023232a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8553e030]

07:02:52.032 Scan finished successfully

07:03:24.761 Disk 0 MBR has been saved successfully to "C:\Users\Mary\Documents\MBR.dat"

07:03:24.776 The log file has been saved successfully to "C:\Users\Mary\Documents\aswMBR.txt"

07:03:45.417 Disk 0 MBR has been saved successfully to "C:\Users\Mary\Desktop\MBR.dat"

07:03:45.433 The log file has been saved successfully to "C:\Users\Mary\Desktop\aswMBR.txt"

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows Vista Home Premium Edition

Windows Information: (build 6000), 32-bit

Base Board Manufacturer: TOSHIBA

BIOS Manufacturer: TOSHIBA

System Manufacturer: TOSHIBA

System Product Name: Satellite P205D

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 151):

0x81C00000 \SystemRoot\system32\ntkrnlpa.exe

0x81FA1000 \SystemRoot\system32\hal.dll

0x802C6000 \SystemRoot\system32\kdcom.dll

0x802BD000 \SystemRoot\system32\PSHED.dll

0x802B5000 \SystemRoot\system32\BOOTVID.dll

0x8027A000 \SystemRoot\system32\CLFS.SYS

0x8051F000 \SystemRoot\system32\CI.dll

0x804A4000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8026D000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8022A000 \SystemRoot\system32\drivers\acpi.sys

0x80221000 \SystemRoot\system32\drivers\WMILIB.SYS

0x80219000 \SystemRoot\system32\drivers\msisadrv.sys

0x8047F000 \SystemRoot\system32\drivers\pci.sys

0x8020A000 \SystemRoot\system32\drivers\volmgr.sys

0x80200000 \SystemRoot\system32\DRIVERS\LPCFilter.sys

0x8047C000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x80472000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x80462000 \SystemRoot\System32\drivers\mountmgr.sys

0x8045B000 \SystemRoot\system32\drivers\pciide.sys

0x8044D000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x80423000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x807B6000 \SystemRoot\System32\drivers\volmgrx.sys

0x8041B000 \SystemRoot\system32\drivers\atapi.sys

0x80798000 \SystemRoot\system32\drivers\ataport.SYS

0x80767000 \SystemRoot\system32\drivers\fltmgr.sys

0x8040B000 \SystemRoot\system32\drivers\fileinfo.sys

0x80402000 \SystemRoot\System32\Drivers\PxHelp20.sys

0x80663000 \SystemRoot\system32\drivers\ndis.sys

0x80638000 \SystemRoot\system32\drivers\msrpc.sys

0x81BC7000 \SystemRoot\system32\drivers\NETIO.SYS

0x81ABF000 \SystemRoot\System32\Drivers\Ntfs.sys

0x81A55000 \SystemRoot\System32\Drivers\ksecdd.sys

0x80602000 \SystemRoot\system32\drivers\volsnap.sys

0x81A50000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS

0x81A05000 \SystemRoot\system32\DRIVERS\tos_sps32.sys

0x825F8000 \SystemRoot\System32\Drivers\spldr.sys

0x825E9000 \SystemRoot\System32\drivers\partmgr.sys

0x825DA000 \SystemRoot\System32\Drivers\mup.sys

0x825B5000 \SystemRoot\System32\drivers\ecache.sys

0x825A4000 \SystemRoot\system32\drivers\disk.sys

0x82583000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x8257B000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

0x82572000 \SystemRoot\system32\drivers\crcdisk.sys

0x89A8D000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x89B63000 \SystemRoot\system32\DRIVERS\tunmp.sys

0x82FC1000 \SystemRoot\system32\DRIVERS\amdk8.sys

0x8AAFE000 \SystemRoot\system32\DRIVERS\atikmdag.sys

0x8AA62000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x89A80000 \SystemRoot\System32\drivers\watchdog.sys

0x8B547000 \SystemRoot\system32\DRIVERS\athr.sys

0x8A56A000 \SystemRoot\system32\DRIVERS\usbohci.sys

0x89A43000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x89A35000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x82E41000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys

0x89A1D000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x89A0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x8A45D000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x89A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x8A430000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x83382000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x8A425000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x83348000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x832E0000 \SystemRoot\system32\DRIVERS\ohci1394.sys

0x8A417000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

0x8AA16000 \SystemRoot\system32\drivers\tifm21.sys

0x8B52F000 \SystemRoot\system32\DRIVERS\sdbus.sys

0x8B504000 \SystemRoot\system32\DRIVERS\msiscsi.sys

0x8B4C4000 \SystemRoot\system32\DRIVERS\storport.sys

0x8A40C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x8B4AD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x8A401000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x8B48A000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x8A470000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x8AA03000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x8A47F000 \SystemRoot\system32\DRIVERS\termdd.sys

0x80600000 \SystemRoot\system32\DRIVERS\swenum.sys

0x8B448000 \SystemRoot\system32\DRIVERS\ks.sys

0x8A574000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x8B472000 \SystemRoot\system32\DRIVERS\umbus.sys

0x8B414000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x82FA9000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x8B8E4000 \SystemRoot\system32\DRIVERS\AGRSM.sys

0x8B8D7000 \SystemRoot\system32\drivers\modem.sys

0x8BA40000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x8B8AA000 \SystemRoot\system32\drivers\portcls.sys

0x8B885000 \SystemRoot\system32\drivers\drmk.sys

0x8B406000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS

0x8B407000 \SystemRoot\System32\Drivers\Cdralw2k.SYS

0x89B12000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0x89B9E000 \SystemRoot\System32\Drivers\Null.SYS

0x89BA5000 \SystemRoot\System32\Drivers\Beep.SYS

0x8B839000 \SystemRoot\System32\drivers\vga.sys

0x8B818000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x82EF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x82EDD000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8B47F000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8B80A000 \SystemRoot\System32\Drivers\Npfs.SYS

0x89B1B000 \SystemRoot\System32\DRIVERS\rasacd.sys

0x8BD2F000 \SystemRoot\System32\drivers\tcpip.sys

0x8BA07000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8BD08000 \SystemRoot\System32\Drivers\Mpfp.sys

0x8BCF3000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8BCE1000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys

0x8BCCD000 \SystemRoot\system32\DRIVERS\smb.sys

0x8BC86000 \SystemRoot\system32\drivers\afd.sys

0x8BC54000 \SystemRoot\System32\DRIVERS\netbt.sys

0x8BC3E000 \SystemRoot\system32\DRIVERS\pacer.sys

0x8BC30000 \SystemRoot\system32\DRIVERS\netbios.sys

0x8BC1D000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x8BFC5000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x8A57E000 \SystemRoot\system32\drivers\nsiproxy.sys

0x8BF55000 \SystemRoot\system32\drivers\mfehidk.sys

0x8BC06000 \SystemRoot\System32\Drivers\dfsc.sys

0x8BE4A000 \SystemRoot\System32\Drivers\crashdmp.sys

0x89AE8000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x82F1D000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x90A00000 \SystemRoot\System32\win32k.sys

0x8A59C000 \SystemRoot\System32\drivers\Dxapi.sys

0x8A506000 \SystemRoot\system32\DRIVERS\monitor.sys

0x91200000 \SystemRoot\System32\TSDDD.dll

0x91210000 \SystemRoot\System32\cdd.dll

0x90E95000 \SystemRoot\system32\drivers\luafv.sys

0x93972000 \SystemRoot\system32\drivers\spsys.sys

0x83270000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x93947000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x8A5CE000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x93934000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x9453C000 \SystemRoot\system32\drivers\HTTP.sys

0x944E1000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x944C8000 \SystemRoot\system32\DRIVERS\bowser.sys

0x93833000 \SystemRoot\System32\drivers\mpsdrv.sys

0x94483000 \SystemRoot\system32\drivers\mrxdav.sys

0x94465000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9440C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x938CA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x947DC000 \SystemRoot\System32\DRIVERS\srv2.sys

0x94750000 \SystemRoot\System32\DRIVERS\srv.sys

0x95122000 \SystemRoot\system32\drivers\peauth.sys

0x8A5B0000 \SystemRoot\System32\Drivers\secdrv.SYS

0x89BF9000 \SystemRoot\system32\drivers\mfebopk.sys

0x95010000 \SystemRoot\system32\drivers\mfeavfk.sys

0x98E26000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x89B24000 \SystemRoot\system32\drivers\mfesmfk.sys

0x9B499000 \??\C:\Users\Mary\AppData\Local\Temp\pwldypow.sys

0x9B432000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x89B5A000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x90E50000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x89BDD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x95EE8000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x8CBC9000 \??\C:\Users\Mary\AppData\Local\Temp\aswMBR.sys

0x77260000 \Windows\System32\ntdll.dll

Processes (total 74):

0 System Idle Process

4 System

400 C:\Windows\System32\smss.exe

508 csrss.exe

560 C:\Windows\System32\wininit.exe

568 csrss.exe

604 C:\Windows\System32\services.exe

660 C:\Windows\System32\winlogon.exe

688 C:\Windows\System32\lsass.exe

696 C:\Windows\System32\lsm.exe

836 C:\Windows\System32\svchost.exe

876 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

924 C:\Windows\System32\svchost.exe

1052 C:\Windows\System32\Ati2evxx.exe

1072 C:\Windows\System32\svchost.exe

1104 C:\Windows\System32\svchost.exe

1120 C:\Windows\System32\svchost.exe

1228 C:\Windows\System32\audiodg.exe

1256 C:\Windows\System32\SLsvc.exe

1288 C:\Windows\System32\svchost.exe

1396 C:\Program Files\HitmanPro\hmpsched.exe

1420 C:\Windows\System32\svchost.exe

1620 C:\Windows\System32\Ati2evxx.exe

1700 C:\Windows\System32\spoolsv.exe

1724 C:\Windows\System32\svchost.exe

260 C:\Windows\System32\dwm.exe

420 C:\Windows\explorer.exe

1656 C:\Windows\System32\agrsmsvc.exe

832 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

1552 C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe

256 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe

1648 C:\Program Files\McAfee\MPF\MpfSrv.exe

868 C:\Program Files\McAfee\MSK\msksrver.exe

1188 C:\TOSHIBA\IVP\ISM\pinger.exe

1936 C:\Windows\System32\svchost.exe

2072 C:\Windows\System32\svchost.exe

2104 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe

2128 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

2172 C:\Windows\System32\TODDSrv.exe

2204 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

2232 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

2312 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

2356 C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

2376 C:\Windows\System32\svchost.exe

2412 C:\Windows\System32\SearchIndexer.exe

2904 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

2936 C:\Windows\System32\taskeng.exe

3100 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

3208 C:\Windows\System32\taskeng.exe

3320 C:\Windows\RtHDVCpl.exe

3384 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

3588 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

3616 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

3640 C:\Program Files\Synaptics\SynTP\SynToshiba.exe

3760 C:\Program Files\Toshiba\Utilities\KeNotify.exe

3816 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

3844 C:\Program Files\Toshiba\SmoothView\SmoothView.exe

3852 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

3936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

3956 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

3964 C:\Program Files\Toshiba Registration\Registration.exe

1136 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

2716 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

3068 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

6004 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

3116 C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe

4192 C:\Program Files\Google\Update\GoogleUpdate.exe

2468 C:\Program Files\Internet Explorer\ieuser.exe

436 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

4972 C:\Program Files\Internet Explorer\iexplore.exe

4976 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

1408 C:\Windows\System32\SearchProtocolHost.exe

5944 C:\Windows\System32\SearchFilterHost.exe

4712 C:\Users\Mary\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1637GSX, Rev: DL030M

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected

SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\toshiba games\bejeweled 2 deluxe\sounds\firecrackle.ogg

c:\program files\toshiba games\mah jong quest\images\tile_firecracker-1.pnge

c:\program files\toshiba games\mah jong quest\images\tile_firecracker-2.pnge

c:\program files\toshiba games\mah jong quest\images\tile_firecracker-3.pnge

c:\program files\toshiba games\mah jong quest\images\tile_firecracker1.pnge

c:\program files\toshiba games\mah jong quest\images\kwazi3\level5-1cracktop.jpge

c:\program files\toshiba games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge

c:\program files\toshiba games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge

scanner sequence 3.CE.11.OANAMU

----- EOF -----

DDS txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6000.16473

Run by Mary at 7:42:50 on 2007-01-03

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1917.1213 [GMT -5:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Windows\system32\taskeng.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Toshiba Registration\Registration.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe

uRun: [1145860967] c:\program files\toshiba registration\registration.exe /r "c:\program files\toshiba registration\Registration.rpd"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [NDSTray.exe] NDSTray.exe

mRun: [HWSetup] \HWSetup.exe hwSetUP

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

Trusted Zone: download.com

Trusted Zone: surfright.nl\www

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{2C6F3325-0F2B-4A2A-8481-A37CCE2FEBE1} : DhcpNameServer = 209.18.47.61 209.18.47.62

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-8-16 201288]

R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2007-1-3 98120]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-16 359248]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-8-16 144704]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-8-16 695624]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-8-16 79304]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-8-16 35240]

R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-8-16 40488]

S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-8-16 33800]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2007-1-3 135664]

.

=============== Created Last 30 ================

.

2011-12-28 17:07:04 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

2011-12-28 17:06:55 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites

2011-12-28 17:05:58 -------- d-----w- c:\program files\Synaptics

2011-12-28 17:03:59 737280 ----a-w- c:\windows\system32\drivers\athr.sys

2011-12-28 17:03:59 737280 ----a-w- c:\windows\system32\athr.sys

2011-12-28 17:03:59 -------- d-----w- c:\program files\Atheros

2011-12-28 17:03:43 -------- d-----w- c:\programdata\Atheros

2011-12-28 17:03:07 269096 ----a-w- c:\windows\RTKVADDA.EXE

2011-12-28 16:58:20 -------- d-----w- c:\program files\ATI Technologies

2011-12-28 16:56:55 -------- d-----w- c:\program files\ATI

2011-12-28 16:56:47 7680 ----a-w- c:\windows\system32\drivers\AtiPcie.sys

2011-12-28 16:51:26 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

2011-12-28 16:51:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2011-12-28 16:50:28 -------- d-----w- c:\windows\PCHEALTH

2011-12-28 16:44:39 -------- d-----w- C:\WORKSSETUP

2011-12-28 14:18:51 -------- d-----w- c:\users\mary\appdata\local\ATI

2011-12-28 14:18:47 -------- d-----w- c:\users\mary\appdata\local\Toshiba

2011-12-28 14:18:39 -------- d-----w- c:\users\mary\appdata\local\Google

2007-08-16 22:56:19 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll

2007-08-16 22:56:18 187448 ----a-w- c:\windows\system32\drivers\SynTP.sys

2007-08-16 22:56:18 143360 ----a-w- c:\windows\system32\SynTPAPI.dll

2007-08-16 22:56:18 110592 ----a-w- c:\windows\system32\SynTPCo4.dll

2007-08-16 22:56:17 196608 ----a-w- c:\windows\system32\SynCtrl.dll

2007-08-16 22:56:17 163840 ----a-w- c:\windows\system32\SynCOM.dll

2007-08-16 20:32:17 -------- d-----w- C:\DOCS

2007-08-16 20:24:26 -------- d-----w- c:\program files\Picasa2

2007-08-16 20:15:31 -------- d-----w- c:\program files\TOSHIBA Games

2007-08-16 20:15:24 -------- d-----w- c:\programdata\WildTangent

2007-08-16 20:11:22 -------- d-----w- c:\program files\common files\Napster Shared

2007-08-16 20:10:43 -------- d-----w- c:\programdata\Napster

2007-08-16 20:10:26 -------- d-----w- c:\program files\Napster

2007-08-16 20:10:24 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll

2007-08-16 20:10:24 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll

2007-08-16 20:10:24 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe

2007-08-16 20:10:24 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll

2007-08-16 20:10:24 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll

2007-08-16 20:10:24 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll

2007-08-16 20:10:24 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll

2007-08-16 20:05:17 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll

2007-08-16 20:05:17 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll

2007-08-16 20:05:17 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll

2007-08-16 20:05:17 188416 ----a-w- c:\windows\system32\IVIresizePX.dll

2007-08-16 20:05:16 20480 ----a-w- c:\windows\system32\IVIresize.dll

2007-08-16 20:05:16 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll

2007-08-16 20:05:15 -------- d-----w- c:\program files\InterVideo

2007-08-16 20:05:14 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll

2007-08-16 20:04:57 -------- d-----w- c:\windows\RegisteredPackages

2007-08-16 20:04:56 -------- d--h--w- c:\windows\msdownld.tmp

2007-08-16 20:04:54 -------- d-----w- c:\program files\Windows Media Components

2007-08-16 20:01:53 -------- d-----w- c:\program files\Ulead Systems

2007-08-16 20:01:52 -------- d-----w- c:\program files\common files\Ulead Systems

2007-08-16 20:01:33 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2007-08-16 20:01:33 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2007-08-16 20:01:33 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2007-08-16 20:01:33 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2007-08-16 20:01:33 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2007-08-16 20:01:33 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2007-08-16 20:01:33 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2007-08-16 19:59:06 69632 ----a-w- c:\windows\system32\javacpl.cpl

2007-08-16 19:58:06 -------- d-----w- C:\Memeo

2007-08-16 19:56:39 143360 ----a-w- c:\windows\system32\dunzip32.dll

2007-08-16 19:55:41 33800 ----a-w- c:\windows\system32\drivers\mferkdk.sys

2007-08-16 19:55:40 79304 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2007-08-16 19:55:40 40488 ----a-w- c:\windows\system32\drivers\mfesmfk.sys

2007-08-16 19:55:40 35240 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2007-08-16 19:55:40 201288 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2007-08-16 19:55:36 125728 ----a-w- c:\windows\system32\drivers\Mpfp.sys

2007-08-16 19:55:17 -------- d-----w- c:\program files\McAfee.com

2007-08-16 19:55:15 -------- d-----w- c:\program files\common files\McAfee

2007-08-16 19:55:14 -------- d-----w- c:\program files\McAfee

2007-08-16 19:54:30 -------- d-----w- c:\program files\Intuit

2007-08-16 19:46:06 69632 ----a-w- c:\windows\system32\TosOlkN.dll

2007-08-16 19:46:06 40960 ----a-w- c:\windows\system32\ToscmddN.dll

2007-08-16 19:46:06 24576 ----a-w- c:\windows\system32\TosusrpN.dll

2007-08-16 19:46:06 102400 ----a-w- c:\windows\system32\Tossps.scr

2007-08-16 19:45:55 77824 ----a-r- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2007-08-16 19:45:55 32768 ----a-r- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2007-08-16 19:45:55 225280 ----a-r- c:\program files\common files\installshield\iscript\iscript.dll

2007-08-16 19:45:55 176128 ----a-r- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2007-08-16 19:45:54 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2007-08-16 19:44:41 -------- d-----w- C:\TOSHIBA

2007-08-16 19:44:39 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll

2007-08-16 19:44:39 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll

2007-08-16 19:44:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe

2007-08-16 19:44:39 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2007-08-16 19:44:39 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll

2007-08-16 19:44:39 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll

2007-08-16 19:44:39 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll

2007-08-16 19:44:39 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll

2007-08-16 19:43:31 -------- d-----w- c:\program files\Toshiba Registration

2007-08-16 19:43:27 -------- d-----w- c:\windows\Downloaded Installations

2007-08-16 19:42:32 -------- d-----w- c:\programdata\XP

2007-08-16 19:42:32 -------- d-----w- c:\programdata\Vista64

2007-08-16 19:40:49 -------- d-----w- c:\program files\common files\Toshiba Shared

2007-08-16 19:39:55 285184 ----a-w- c:\windows\system32\drivers\tos_sps32.sys

2007-08-16 19:35:44 114688 ----a-w- c:\windows\system32\TODDSrv.exe

2007-08-16 19:27:43 36864 ----a-w- c:\windows\system32\HWS_Ctrl.dll

2007-08-16 19:27:43 24576 ----a-w- c:\windows\system32\TSBWLS.dll

2007-08-16 19:19:05 446464 ----a-w- c:\windows\system32\TOSCDSPD.cpl

2007-08-16 19:18:23 77824 ----a-w- c:\windows\system32\tosmreg.exe

2007-08-16 19:18:23 491520 ----a-w- c:\windows\system32\cselect.exe

2007-08-16 19:18:23 45056 ----a-w- c:\windows\system32\csellang.dll

2007-08-16 19:18:23 -------- d-----w- c:\program files\ltmoh

2007-08-16 19:17:58 -------- d-----w- c:\windows\Options

2007-08-16 19:16:50 -------- d-----w- c:\windows\system32\SDA

2007-08-16 19:15:14 -------- d-----w- c:\windows\tiinst

2007-08-16 19:08:31 81408 ----a-w- c:\windows\system32\drivers\Rtlh86.sys

2007-08-16 19:08:31 -------- d-----w- c:\program files\Realtek

2007-08-16 19:04:22 -------- d-----w- c:\program files\Toshiba

2007-08-16 19:03:46 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys

2007-08-16 19:03:46 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys

2007-08-16 19:03:46 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2007-08-16 18:57:17 8704 ----a-w- c:\windows\system32\hccoin.dll

2007-08-16 18:57:17 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2007-08-16 18:57:17 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

2007-08-16 18:57:17 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys

2007-08-16 18:57:17 223744 ----a-w- c:\windows\system32\drivers\usbport.sys

2007-08-16 18:57:17 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys

2007-08-16 18:57:17 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys

2007-08-16 18:55:36 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys

2007-08-16 18:42:08 4153344 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2007-08-16 18:42:08 1686016 ----a-w- c:\windows\system32\gameux.dll

2007-08-16 18:40:56 1419232 ----a-w- c:\windows\system32\WdfCoinstaller01005.dll

2007-08-16 18:38:14 -------- d-----w- c:\windows\Panther

2007-08-16 18:37:59 -------- d-sh--w- C:\Boot

2007-08-16 18:36:51 479488 ----a-w- c:\windows\system32\drivers\kr3npxp.sys

2007-08-16 18:36:17 211072 ----a-w- c:\windows\system32\drivers\KR10N.sys

2007-08-16 18:35:42 219264 ----a-w- c:\windows\system32\drivers\KR10I.sys

2007-08-16 18:35:28 67584 ----a-w- c:\windows\system32\wlanhlp.dll

2007-08-16 18:35:28 502784 ----a-w- c:\windows\system32\wlansvc.dll

2007-08-16 18:35:28 47104 ----a-w- c:\windows\system32\wlanapi.dll

2007-08-16 18:35:28 297984 ----a-w- c:\windows\system32\wlansec.dll

2007-08-16 18:35:28 290816 ----a-w- c:\windows\system32\wlanmsm.dll

2007-08-16 18:32:56 36864 ----a-w- c:\windows\system32\wmdmps.dll

2007-08-16 18:32:56 31744 ----a-w- c:\windows\system32\wmdmlog.dll

2007-08-16 18:32:56 311296 ----a-w- c:\windows\system32\mswmdm.dll

2007-08-16 18:31:58 974336 ----a-w- c:\windows\system32\crypt32.dll

2007-08-16 18:28:09 5120 ----a-w- c:\windows\system32\wmi.dll

2007-08-16 18:28:09 152576 ----a-w- c:\windows\system32\imagehlp.dll

2007-08-16 18:28:09 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2007-08-16 18:27:11 2048 ----a-w- c:\windows\system32\wertargets.wtl

2007-08-16 18:20:16 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2007-08-16 18:18:49 503480 ----a-w- c:\windows\system32\drivers\ndis.sys

2007-08-16 18:17:55 49664 ----a-w- c:\windows\system32\csrsrv.dll

2007-08-16 18:17:54 376320 ----a-w- c:\windows\system32\winsrv.dll

2007-08-16 18:11:50 229888 ----a-w- c:\windows\system32\msshsq.dll

2007-08-16 18:05:32 80896 ----a-w- c:\windows\system32\MSNP.ax

2007-08-16 18:05:32 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2007-08-16 18:05:32 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2007-08-16 18:05:32 292352 ----a-w- c:\windows\system32\psisdecd.dll

2007-08-16 18:05:32 218624 ----a-w- c:\windows\system32\psisrndr.ax

2007-08-16 18:03:29 414208 ----a-w- c:\windows\system32\msscp.dll

2007-08-16 17:55:59 -------- d-----w- c:\program files\MSXML 4.0

2007-08-16 17:55:56 -------- d-sh--w- c:\windows\Installer

2007-08-16 17:55:21 633856 ----a-w- c:\windows\system32\user32.dll

2007-08-16 17:55:21 2026496 ----a-w- c:\windows\system32\win32k.sys

2007-08-16 17:52:33 -------- d-----w- c:\windows\Driver Cache

2007-07-14 07:01:30 2771968 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2007-07-14 06:52:12 344064 ----a-w- c:\windows\system32\ATIDEMGX.dll

2007-07-14 06:52:00 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2007-07-14 06:51:50 262144 ----a-w- c:\windows\system32\atipdlxx.dll

2007-07-14 06:51:40 237568 ----a-w- c:\windows\system32\Oemdspif.dll

2007-07-14 06:51:30 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2007-07-14 06:51:22 241664 ----a-w- c:\windows\system32\Ati2evxx.dll

2007-07-14 06:50:18 606208 ----a-w- c:\windows\system32\Ati2evxx.exe

2007-07-14 06:48:12 8118272 ----a-w- c:\windows\system32\atioglxx.dll

2007-07-14 06:41:12 2884096 ----a-w- c:\windows\system32\atiumdag.dll

2007-07-14 06:29:20 3788288 ----a-w- c:\windows\system32\atiumdva.dll

2007-07-14 06:09:44 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2007-06-21 22:48:52 972128 ----a-w- c:\program files\common files\microsoft shared\textconv\wkcvqd01.dll

2007-06-20 22:04:52 279904 ----a-w- c:\program files\common files\microsoft shared\textconv\WKLS31.DLL

2007-06-20 22:04:52 161120 ----a-w- c:\program files\common files\microsoft shared\textconv\wkcvqr01.dll

2007-06-09 02:32:00 58704 ----a-r- c:\program files\common files\microsoft shared\works shared\msthes3.dll

2007-06-09 02:31:58 92944 ----a-r- c:\program files\common files\microsoft shared\works shared\msspell3.dll

2007-06-09 02:31:58 3175760 ----a-r- c:\program files\common files\microsoft shared\works shared\1033\msgr3en.dll

2007-06-08 08:30:54 230760 ----a-w- c:\program files\common files\microsoft shared\information retrieval\msitss.dll

2007-06-08 08:30:54 197992 ----a-w- c:\program files\common files\microsoft shared\information retrieval\itircl54.dll

2007-06-05 08:30:46 41296 ----a-r- c:\windows\system32\hlp95en.dll

2007-06-02 09:04:04 1398128 ----a-w- c:\program files\common files\microsoft shared\works shared\1033\MSGR3GE.DLL

2007-05-22 23:46:52 167936 ----a-w- c:\windows\system32\TosBtAPI.dll

2007-05-15 21:58:50 110592 ----a-w- c:\windows\system32\TosBtSDDB.dll

2007-05-15 21:28:00 282624 ----a-w- c:\windows\system32\LCWizard.dll

2007-04-12 18:52:28 102400 ----a-w- c:\windows\system32\TosBdAPI.dll

2007-04-10 17:47:46 131072 ----a-w- c:\windows\system32\TosAvdtAPI.dll

2007-03-30 01:08:00 1884160 ----a-w- c:\windows\system32\TosBtExt.dll

2007-03-22 17:03:48 14656 ----a-r- c:\program files\common files\microsoft shared\textconv\WPEQU532.DLL

2007-03-22 17:03:48 117552 ----a-r- c:\program files\common files\microsoft shared\textconv\msconv97.dll

2007-03-16 06:46:08 16874888 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL

2007-03-11 01:47:36 348160 ----a-r- c:\program files\common files\microsoft shared\textconv\msvcr71.dll

2007-02-28 22:20:04 53248 ----a-w- c:\windows\system32\TosBTHFPAPI.dll

2007-02-28 01:53:44 491520 ----a-w- c:\windows\system32\TosSndPlug.dll

2007-02-02 18:41:14 36864 ----a-w- c:\windows\system32\SDDEVMGR.dll

2007-01-24 21:44:06 290304 ----a-w- c:\windows\system32\drivers\tifm21.sys

2007-01-22 22:17:28 569344 ----a-w- c:\windows\system32\tosBtShell.dll

2007-01-17 16:53:40 61440 ----a-w- c:\windows\system32\TosSndAPI.dll

2007-01-09 21:22:28 50752 ----a-w- c:\windows\agrsmdel.exe

2007-01-03 11:11:42 -------- d-----w- c:\program files\StartNow Toolbar

2007-01-03 10:47:50 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2007-01-03 10:47:48 -------- d-----w- c:\program files\HitmanPro

2007-01-03 10:47:18 -------- d-----w- c:\programdata\HitmanPro

2007-01-03 10:06:40 2421760 ----a-w- c:\windows\system32\wucltux.dll

2007-01-03 10:05:19 87552 ----a-w- c:\windows\system32\wudriver.dll

2007-01-03 10:04:32 33792 ----a-w- c:\windows\system32\wuapp.exe

2007-01-03 10:04:32 171608 ----a-w- c:\windows\system32\wuwebv.dll

2006-12-22 06:33:58 90112 ----a-w- c:\windows\system32\LocalCOM.cpl

2006-12-12 18:13:20 32768 ----a-w- c:\windows\system32\EBLib.DLL

2006-12-08 18:05:02 167936 ----a-w- c:\windows\system32\TBTMon.dll

2006-12-08 02:29:30 6536992 ----a-w- c:\program files\common files\microsoft shared\office12\office setup controller\OSETUP.DLL

2006-12-05 20:05:04 114688 ----a-w- c:\windows\system32\TosBtAcc.dll

2006-12-04 22:58:40 94208 ----a-w- c:\windows\system32\tbtmon98Language.dll

.

==================== Find3M ====================

.

2011-12-28 17:02:21 319456 ----a-w- c:\windows\DIFxAPI.dll

2011-12-28 17:02:04 315392 ----a-w- c:\windows\HideWin.exe

2007-08-16 18:52:53 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2007-08-16 18:52:50 822784 ----a-w- c:\windows\system32\wininet.dll

2007-08-16 18:52:49 56320 ----a-w- c:\windows\system32\iesetup.dll

2007-08-16 18:52:49 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2007-08-16 18:52:48 1824768 ----a-w- c:\windows\system32\inetcpl.cpl

2007-08-16 18:52:47 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2007-08-16 18:42:09 449024 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2007-08-16 18:42:09 2560 ----a-w- c:\windows\apppatch\AcRes.dll

2007-08-16 18:42:08 537600 ----a-w- c:\windows\apppatch\AcLayers.dll

2007-08-16 18:42:08 2143744 ----a-w- c:\windows\apppatch\AcGenral.dll

2007-08-16 18:42:08 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll

2007-08-16 18:17:03 160872 ----a-w- c:\windows\system32\halmacpi.dll

2007-08-16 18:17:03 134760 ----a-w- c:\windows\system32\halacpi.dll

2007-08-16 17:58:51 87040 ----a-w- c:\windows\system32\msoert2.dll

2007-08-16 17:58:51 84480 ----a-w- c:\windows\system32\INETRES.dll

2007-08-16 17:58:51 737792 ----a-w- c:\windows\system32\inetcomm.dll

2007-08-16 17:58:51 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2007-08-16 17:58:51 205824 ----a-w- c:\windows\system32\msoeacct.dll

2007-07-19 18:32:40 1841312 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2007-07-17 15:34:28 2048000 ----a-w- c:\windows\system32\RtkAPO.dll

2007-07-07 10:06:52 4669440 ----a-w- c:\windows\RtHDVCpl.exe

2007-07-07 10:04:14 532480 ----a-w- c:\windows\system32\RTSndMgr.cpl

2007-07-07 09:27:32 17408 ----a-w- c:\windows\system32\RtkCoInst.dll

2007-06-26 15:46:00 126976 ----a-w- c:\windows\system32\maxxaudioapo.dll

2007-06-16 15:45:50 1826816 ----a-w- c:\windows\SkyTel.exe

2007-05-31 16:23:12 563712 ----a-w- c:\windows\system32\RtkPgExt.dll

2007-05-18 10:26:20 185776 ----a-w- c:\windows\system32\SRSTSHD.dll

2007-04-17 16:09:06 167936 ----a-w- c:\windows\system32\SRSHP360.dll

2007-04-14 07:08:06 135168 ----a-w- c:\windows\system32\SRSWOW.dll

2007-03-24 14:34:40 266240 ----a-w- c:\windows\system32\RtkApoApi.dll

2007-01-17 09:39:36 1191936 ----a-w- c:\windows\RtlUpd.exe

2007-01-13 15:54:44 520192 ----a-w- c:\windows\RtlExUpd.dll

2006-12-14 09:30:06 339968 ----a-w- c:\windows\system32\SRSTSXT.dll

2006-12-02 02:47:12 94208 ----a-w- c:\windows\system32\TosBtHcrpAPI.dll

2006-11-28 22:11:00 1161888 ----a-w- c:\windows\system32\drivers\AGRSM.sys

2006-11-04 21:14:00 1245696 ----a-w- c:\windows\system32\msxml4.dll

2006-11-04 21:10:08 82432 ----a-w- c:\windows\system32\msxml4r.dll

2006-11-02 12:40:56 4096 ----a-w- c:\windows\system32\drivers\en-us\ntrigdigi.sys.mui

2006-11-02 12:36:31 68096 ----a-w- c:\windows\system32\DFDWiz.exe

2006-11-02 12:35:59 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2006-11-02 12:34:50 7168 ----a-w- c:\windows\system32\getuname.dll

2006-11-02 09:52:02 902248 ----a-w- c:\windows\system32\winresume.exe

2006-11-02 09:52:01 940648 ----a-w- c:\windows\system32\winload.exe

2006-11-02 09:50:59 140392 ----a-w- c:\windows\system32\drivers\scsiport.sys

2006-11-02 09:49:59 56936 ----a-w- c:\windows\system32\drivers\UAGP35.SYS

2006-11-02 09:47:26 1162656 ----a-w- c:\windows\system32\ntdll.dll

2006-11-02 09:47:18 228968 ----a-w- c:\windows\system32\rsaenh.dll

2006-11-02 09:47:18 165992 ----a-w- c:\windows\system32\dssenh.dll

2006-11-02 09:47:18 121960 ----a-w- c:\windows\system32\basecsp.dll

2006-11-02 09:47:04 991232 ----a-w- c:\windows\system32\Narrator.exe

2006-11-02 09:47:03 98816 ----a-w- c:\windows\system32\NAPHLPR.DLL

2006-11-02 09:47:03 39936 ----a-w- c:\windows\system32\NAPCRYPT.DLL

2006-11-02 09:45:59 624128 ----a-w- c:\windows\system32\wbem\WMIC.exe

2006-11-02 09:44:59 84992 ----a-w- c:\windows\system32\colorcpl.exe

2006-11-02 09:43:27 7680 ----a-w- c:\windows\system32\spwizres.dll

2006-11-02 09:43:27 5963264 ----a-w- c:\windows\system32\spwizimg.dll

2006-11-02 09:43:10 57344 ----a-w- c:\windows\system32\nlsbres.dll

2006-11-02 09:43:08 5120 ----a-w- c:\windows\system32\security.dll

2006-11-02 09:43:00 2560 ----a-w- c:\windows\system32\rnr20.dll

2006-11-02 09:42:53 107520 ----a-w- c:\windows\system32\RDPENCDD.dll

2006-11-02 09:42:44 17408 ----a-w- c:\windows\system32\prflbmsg.dll

2006-11-02 09:42:17 229376 ----a-w- c:\windows\system32\odbcint.dll

2006-11-02 09:41:17 2048 ----a-w- c:\windows\system32\netmsg.dll

2006-11-02 09:41:16 2048 ----a-w- c:\windows\system32\neth.dll

2006-11-02 09:41:16 15360 ----a-w- c:\windows\system32\netevent.dll

2006-11-02 09:41:09 2048 ----a-w- c:\windows\system32\msxml6r.dll

2006-11-02 09:41:09 2048 ----a-w- c:\windows\system32\msxml3r.dll

2006-11-02 09:41:08 61440 ----a-w- c:\windows\system32\msvcrt40.dll

2006-11-02 09:41:03 58368 ----a-w- c:\windows\system32\msobjs.dll

2006-11-02 09:40:18 7168 ----a-w- c:\windows\system32\msctfime.ime

2006-11-02 09:40:16 3072 ----a-w- c:\windows\system32\msafd.dll

2006-11-02 09:40:16 145920 ----a-w- c:\windows\system32\msaudite.dll

2006-11-02 09:23:19 93184 ----a-w- c:\windows\system32\drivers\bridge.sys

2006-11-02 09:20:50 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2006-11-02 09:14:58 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys

2006-11-02 09:13:00 444928 ----a-w- c:\windows\system32\html.iec

2006-11-02 09:04:35 878080 ----a-w- c:\windows\system32\drivers\PEAuth.sys

2006-11-02 09:03:41 3072 ----a-w- c:\windows\system32\dpnlobby.dll

2006-11-02 09:03:41 3072 ----a-w- c:\windows\system32\dpnaddr.dll

2006-11-02 09:03:00 242688 ----a-w- c:\windows\system32\drivers\rdpdr.sys

2006-11-02 09:02:21 124416 ----a-w- c:\windows\system32\rdpdd.dll

2006-11-02 09:02:15 160256 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2006-11-02 09:02:07 23552 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2006-11-02 09:02:02 14336 ----a-w- c:\windows\system32\tsddd.dll

2006-11-02 09:02:01 6144 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys

2006-11-02 09:02:01 6144 ----a-w- c:\windows\system32\drivers\RDPCDD.sys

2006-11-02 09:02:01 28672 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2006-11-02 09:02:01 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys

2006-11-02 08:57:48 32768 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2006-11-02 08:56:49 60416 ----a-w- c:\windows\system32\drivers\rspndr.sys

2006-11-02 08:56:49 47104 ----a-w- c:\windows\system32\drivers\lltdio.sys

2006-11-02 08:56:34 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2006-11-02 08:54:59 5632 ----a-w- c:\windows\system32\drivers\drmkaud.sys

2006-11-02 08:54:52 82560 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2006-11-02 08:54:38 51712 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2006-11-02 08:54:08 109056 ----a-w- c:\windows\system32\drivers\videoprt.sys

2006-11-02 08:54:05 41984 ----a-w- c:\windows\system32\drivers\monitor.sys

2006-11-02 08:54:01 56320 ----a-w- c:\windows\system32\vga256.dll

.

============= FINISH: 7:43:37.26 ===============

attach txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/28/2011 11:39:24 AM

System Uptime: 1/3/2007 6:24:48 AM (1 hours ago)

.

Motherboard: TOSHIBA | | JASAA

Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 148 GiB total, 132.733 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP100: 1/3/2007 5:04:11 AM - Windows Update

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

Adobe Reader 8.1.0

Atheros Driver Installation Program

ATI Catalyst Install Manager

Bluetooth Stack for Windows by Toshiba

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

DVD MovieFactory for TOSHIBA

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

HitmanPro 3.6

Java SE Runtime Environment 6

McAfee SecurityCenter

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft XML Parser

MSXML 4.0 SP2 (KB927978)

Napster

Napster Burn Engine

Picasa 2

QuickBooks Financial Center

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Skins

StartNow Toolbar

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Games

TOSHIBA Hardware Setup

Toshiba Registration

TOSHIBA SD Memory Utilities

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Office 2007 (KB934528)

Update for Office System 2007 Setup (KB929722)

Utility Common Driver

Windows Media Encoder 9 Series

.

==== Event Viewer Messages From Past Week ========

.

12/28/2011 12:13:02 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

12/28/2011 12:11:03 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.

12/28/2011 12:11:02 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 7, function 0. Please contact your system vendor for technical assistance.

1/3/2007 6:48:59 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user Mary-PC\Mary SID (S-1-5-21-3827888315-660581099-1841583290-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/3/2007 6:41:00 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +157526211 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly.

1/3/2007 6:25:06 AM, Error: EventLog [6008] - The previous system shutdown at 6:23:56 AM on 1/3/2007 was unexpected.

1/3/2007 6:10:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}

1/3/2007 6:07:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr Wanarpv6

1/3/2007 6:07:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/3/2007 6:06:04 AM, Error: EventLog [6008] - The previous system shutdown at 6:03:54 AM on 1/3/2007 was unexpected.

1/3/2007 6:02:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

1/3/2007 6:02:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/3/2007 6:02:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

1/3/2007 6:02:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/3/2007 6:02:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/3/2007 6:01:09 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 3 Request Type: 12 Memory/IO: 1 Address: 0

1/3/2007 5:08:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

1/3/2007 5:08:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

1/3/2007 5:08:00 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

1/3/2007 5:08:00 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

1/3/2007 5:08:00 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

1/3/2007 5:07:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

1/3/2007 5:03:41 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by +157526208 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly.

1/3/2007 4:58:00 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 2 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 0

1/1/2007 7:42:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service McMSCSvc with arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}

1/1/2007 7:41:32 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 14 Memory/IO: 1 Address: 0

1/1/2007 12:02:51 AM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 1 Address: 0

.

==== End Of File ===========================

MERGED Post

[MrCharlie]

Welcome to the forum.

Please go to your control panels add/remove programs and uninstall:

StartNow Toolbar

----------------------------------

Please ......Scan for malware:

Please download Malwarebytes' Anti-Malware Free from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

Note: -->Do not run a full scan with MBAM. It is not required or needed.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Mainard]

Opened as per user's request.

[Maurice Naggar]

Hello Frustratedtotheex.

Have you done the MBAM scan as per MrC? If yes, I'll want the MBAM scan log. If you have not, and in any event, proceed with the steps below.

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

These steps are for member Frustratedtotheex only. If you are a casual viewer, do NOT try this on your system!

If you are not Frustratedtotheex and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

• Click the Start button, and then click Computer.
  
• On the Organize menu, click Folder and Search Options.
  
• Click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders.
  
• Click Apply > OK.

Step 3

Delete the prior copy of aswMBR !!

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, do that right then. Press Reboot Now.
  The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt
  ". Please copy and paste the contents of that file here.
  

Reply with copies of the aswMBR log and the TDSSKiller log.

Do not do any websurfing or online games, or anything online until we have all this cured. I'll advise when.

There's a lot more after this.

[frustratedtotheex]

Trying this again. Will post it when I get home around 8pm.

I have to use that computer to get online at home--will I be infecting anything by posting when I do get there? I also teach online--same concerns.

[Maurice Naggar]

Until we fully rule out a rootkit, it is safest to only go to this forum, and (for the time being) only the websites "trusted" by you.

I would add, do not do any online shopping, or online banking on the "suspect" pc.

It would be best, if at all possible, if you have a different pc at your location, to use that one for the duration.

Needless, to say, no freewheeling websurfing either. Just use it on trusted sites for the time being, and we'll see what the initial logs show this evening.

[frustratedtotheex]

MBAM Log

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.09.02

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Mary :: MARY-PC [administrator]

Protection: Enabled

1/10/2012 6:30:43 PM

mbam-log-2012-01-10 (18-30-43).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 163525

Time elapsed: 18 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[frustratedtotheex]

asWBR Log

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software

Run date: 2012-01-10 18:55:46

-----------------------------

18:55:46.664 OS Version: Windows 6.0.6002 Service Pack 2

18:55:46.664 Number of processors: 2 586 0x6802

18:55:46.680 ComputerName: MARY-PC UserName: Mary

18:55:48.380 Initialize success

18:56:30.816 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

18:56:30.832 Disk 0 Vendor: TOSHIBA_MK1637GSX DL030M Size: 152627MB BusType: 3

18:56:30.941 Disk 0 MBR read successfully

18:56:30.941 Disk 0 MBR scan

18:56:30.957 Disk 0 Windows VISTA default MBR code

18:56:30.988 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

18:56:31.035 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 151126 MB offset 3074048

18:56:31.050 Disk 0 scanning sectors +312580096

18:56:31.144 Disk 0 scanning C:\Windows\system32\drivers

18:56:48.132 Service scanning

18:56:50.238 Service MpKsl471ef965 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42EAD93F-A207-4777-87D6-1A5BEDBF6D33}\MpKsl471ef965.sys **LOCKED** 32

18:56:50.238 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

18:56:50.987 Modules scanning

18:57:11.891 Scan finished successfully

18:57:35.229 Disk 0 MBR has been saved successfully to "C:\Users\Mary\Desktop\MBR.dat"

18:57:35.244 The log file has been saved successfully to "C:\Users\Mary\Desktop\aswMBR.txt"

TDSS Log--Fix not enabled only Fix mbr

18:58:39.0422 3360 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26

18:58:39.0874 3360 ============================================================

18:58:39.0874 3360 Current date / time: 2012/01/10 18:58:39.0874

18:58:39.0874 3360 SystemInfo:

18:58:39.0874 3360

18:58:39.0874 3360 OS Version: 6.0.6002 ServicePack: 2.0

18:58:39.0874 3360 Product type: Workstation

18:58:39.0874 3360 ComputerName: MARY-PC

18:58:39.0874 3360 UserName: Mary

18:58:39.0874 3360 Windows directory: C:\Windows

18:58:39.0874 3360 System windows directory: C:\Windows

18:58:39.0874 3360 Processor architecture: Intel x86

18:58:39.0874 3360 Number of processors: 2

18:58:39.0874 3360 Page size: 0x1000

18:58:39.0874 3360 Boot type: Normal boot

18:58:39.0874 3360 ============================================================

18:58:42.0121 3360 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050

18:58:42.0246 3360 Initialize success

18:58:50.0030 2172 ============================================================

18:58:50.0030 2172 Scan started

18:58:50.0030 2172 Mode: Manual;

18:58:50.0030 2172 ============================================================

18:58:52.0370 2172 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

18:58:52.0386 2172 ACPI - ok

18:58:52.0620 2172 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

18:58:52.0635 2172 adp94xx - ok

18:58:52.0760 2172 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

18:58:52.0776 2172 adpahci - ok

18:58:52.0900 2172 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

18:58:52.0900 2172 adpu160m - ok

18:58:52.0916 2172 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

18:58:52.0916 2172 adpu320 - ok

18:58:53.0088 2172 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

18:58:53.0103 2172 AFD - ok

18:58:53.0275 2172 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys

18:58:53.0290 2172 AgereSoftModem - ok

18:58:53.0384 2172 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

18:58:53.0384 2172 agp440 - ok

18:58:53.0462 2172 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

18:58:53.0462 2172 aic78xx - ok

18:58:53.0587 2172 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

18:58:53.0587 2172 aliide - ok

18:58:53.0665 2172 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

18:58:53.0665 2172 amdagp - ok

18:58:53.0696 2172 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

18:58:53.0696 2172 amdide - ok

18:58:53.0743 2172 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

18:58:53.0743 2172 AmdK7 - ok

18:58:53.0852 2172 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

18:58:53.0852 2172 AmdK8 - ok

18:58:53.0946 2172 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

18:58:53.0946 2172 arc - ok

18:58:53.0992 2172 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

18:58:53.0992 2172 arcsas - ok

18:58:54.0133 2172 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

18:58:54.0133 2172 AsyncMac - ok

18:58:54.0242 2172 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

18:58:54.0242 2172 atapi - ok

18:58:54.0398 2172 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys

18:58:54.0414 2172 athr - ok

18:58:54.0835 2172 atikmdag (fab37c8e4b55235de9055026561dcc7f) C:\Windows\system32\DRIVERS\atikmdag.sys

18:58:54.0928 2172 atikmdag - ok

18:58:55.0459 2172 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

18:58:55.0459 2172 AtiPcie - ok

18:58:55.0818 2172 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

18:58:55.0833 2172 Beep - ok

18:58:55.0864 2172 blbdrive - ok

18:58:55.0927 2172 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

18:58:55.0927 2172 bowser - ok

18:58:56.0020 2172 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

18:58:56.0020 2172 BrFiltLo - ok

18:58:56.0410 2172 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

18:58:56.0410 2172 BrFiltUp - ok

18:58:56.0520 2172 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

18:58:56.0520 2172 Brserid - ok

18:58:56.0582 2172 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

18:58:56.0582 2172 BrSerWdm - ok

18:58:56.0691 2172 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

18:58:56.0691 2172 BrUsbMdm - ok

18:58:56.0800 2172 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

18:58:56.0800 2172 BrUsbSer - ok

18:58:57.0003 2172 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

18:58:57.0003 2172 BTHMODEM - ok

18:58:57.0066 2172 catchme - ok

18:58:57.0206 2172 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

18:58:57.0206 2172 cdfs - ok

18:58:57.0331 2172 Cdr4_xp - ok

18:58:57.0440 2172 Cdralw2k - ok

18:58:57.0612 2172 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

18:58:57.0627 2172 cdrom - ok

18:58:57.0768 2172 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

18:58:57.0768 2172 circlass - ok

18:58:57.0861 2172 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

18:58:57.0892 2172 CLFS - ok

18:58:58.0002 2172 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

18:58:58.0002 2172 CmBatt - ok

18:58:58.0173 2172 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

18:58:58.0173 2172 cmdide - ok

18:58:58.0314 2172 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

18:58:58.0314 2172 Compbatt - ok

18:58:58.0563 2172 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

18:58:58.0563 2172 crcdisk - ok

18:58:58.0626 2172 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

18:58:58.0626 2172 Crusoe - ok

18:58:58.0719 2172 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

18:58:58.0719 2172 DfsC - ok

18:58:59.0000 2172 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

18:58:59.0000 2172 disk - ok

18:58:59.0140 2172 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

18:58:59.0140 2172 drmkaud - ok

18:58:59.0406 2172 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

18:58:59.0421 2172 DXGKrnl - ok

18:58:59.0499 2172 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

18:58:59.0499 2172 E1G60 - ok

18:58:59.0718 2172 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

18:58:59.0718 2172 Ecache - ok

18:58:59.0842 2172 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

18:58:59.0858 2172 elxstor - ok

18:59:00.0123 2172 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

18:59:00.0123 2172 exfat - ok

18:59:00.0310 2172 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

18:59:00.0326 2172 fastfat - ok

18:59:00.0451 2172 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

18:59:00.0451 2172 fdc - ok

18:59:00.0513 2172 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

18:59:00.0513 2172 FileInfo - ok

18:59:00.0638 2172 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

18:59:00.0638 2172 Filetrace - ok

18:59:00.0700 2172 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

18:59:00.0700 2172 flpydisk - ok

18:59:00.0841 2172 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

18:59:00.0856 2172 FltMgr - ok

18:59:01.0137 2172 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

18:59:01.0137 2172 Fs_Rec - ok

18:59:01.0215 2172 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

18:59:01.0215 2172 gagp30kx - ok

18:59:01.0278 2172 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

18:59:01.0293 2172 HdAudAddService - ok

18:59:01.0418 2172 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:59:01.0434 2172 HDAudBus - ok

18:59:01.0636 2172 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

18:59:01.0636 2172 HidBth - ok

18:59:01.0777 2172 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

18:59:01.0777 2172 HidIr - ok

18:59:01.0839 2172 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

18:59:01.0839 2172 HidUsb - ok

18:59:01.0980 2172 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

18:59:01.0980 2172 HpCISSs - ok

18:59:02.0182 2172 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

18:59:02.0214 2172 HTTP - ok

18:59:02.0292 2172 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

18:59:02.0292 2172 i2omp - ok

18:59:02.0416 2172 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

18:59:02.0416 2172 i8042prt - ok

18:59:02.0541 2172 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

18:59:02.0557 2172 iaStorV - ok

18:59:02.0666 2172 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

18:59:02.0666 2172 iirsp - ok

18:59:02.0931 2172 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys

18:59:03.0040 2172 IntcAzAudAddService - ok

18:59:03.0150 2172 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

18:59:03.0150 2172 intelide - ok

18:59:03.0181 2172 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

18:59:03.0181 2172 intelppm - ok

18:59:03.0321 2172 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:59:03.0321 2172 IpFilterDriver - ok

18:59:03.0477 2172 IpInIp - ok

18:59:03.0540 2172 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

18:59:03.0540 2172 IPMIDRV - ok

18:59:03.0633 2172 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

18:59:03.0633 2172 IPNAT - ok

18:59:03.0696 2172 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

18:59:03.0696 2172 IRENUM - ok

18:59:03.0789 2172 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

18:59:03.0805 2172 isapnp - ok

18:59:03.0930 2172 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

18:59:03.0945 2172 iScsiPrt - ok

18:59:04.0086 2172 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

18:59:04.0086 2172 iteatapi - ok

18:59:04.0164 2172 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

18:59:04.0164 2172 iteraid - ok

18:59:04.0288 2172 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

18:59:04.0288 2172 kbdclass - ok

18:59:04.0382 2172 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

18:59:04.0382 2172 kbdhid - ok

18:59:04.0554 2172 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys

18:59:04.0554 2172 KR10I - ok

18:59:04.0741 2172 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys

18:59:04.0756 2172 KR10N - ok

18:59:04.0866 2172 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys

18:59:04.0881 2172 KR3NPXP - ok

18:59:05.0162 2172 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

18:59:05.0193 2172 KSecDD - ok

18:59:05.0349 2172 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

18:59:05.0349 2172 lltdio - ok

18:59:05.0505 2172 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

18:59:05.0505 2172 LPCFilter - ok

18:59:05.0599 2172 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

18:59:05.0599 2172 LSI_FC - ok

18:59:05.0677 2172 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

18:59:05.0677 2172 LSI_SAS - ok

18:59:05.0739 2172 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

18:59:05.0739 2172 LSI_SCSI - ok

18:59:06.0004 2172 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

18:59:06.0004 2172 luafv - ok

18:59:06.0472 2172 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

18:59:06.0472 2172 MBAMProtector - ok

18:59:06.0613 2172 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

18:59:06.0613 2172 megasas - ok

18:59:07.0065 2172 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

18:59:07.0081 2172 Modem - ok

18:59:07.0284 2172 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

18:59:07.0284 2172 monitor - ok

18:59:07.0330 2172 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

18:59:07.0346 2172 mouclass - ok

18:59:07.0393 2172 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

18:59:07.0393 2172 mouhid - ok

18:59:07.0830 2172 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

18:59:07.0830 2172 MountMgr - ok

18:59:08.0298 2172 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

18:59:08.0344 2172 MpFilter - ok

18:59:08.0563 2172 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

18:59:08.0563 2172 mpio - ok

18:59:08.0828 2172 MpKsl471ef965 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{42EAD93F-A207-4777-87D6-1A5BEDBF6D33}\MpKsl471ef965.sys

18:59:08.0828 2172 MpKsl471ef965 - ok

18:59:09.0093 2172 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

18:59:09.0093 2172 MpNWMon - ok

18:59:09.0140 2172 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

18:59:09.0140 2172 mpsdrv - ok

18:59:09.0296 2172 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

18:59:09.0296 2172 Mraid35x - ok

18:59:09.0577 2172 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

18:59:09.0592 2172 MRxDAV - ok

18:59:09.0655 2172 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:59:09.0655 2172 mrxsmb - ok

18:59:09.0780 2172 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:59:09.0795 2172 mrxsmb10 - ok

18:59:09.0951 2172 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:59:09.0951 2172 mrxsmb20 - ok

18:59:10.0029 2172 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

18:59:10.0029 2172 msahci - ok

18:59:10.0045 2172 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

18:59:10.0045 2172 msdsm - ok

18:59:10.0310 2172 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

18:59:10.0310 2172 Msfs - ok

18:59:10.0372 2172 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

18:59:10.0372 2172 msisadrv - ok

18:59:10.0466 2172 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

18:59:10.0466 2172 MSKSSRV - ok

18:59:10.0497 2172 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

18:59:10.0497 2172 MSPCLOCK - ok

18:59:10.0622 2172 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

18:59:10.0622 2172 MSPQM - ok

18:59:10.0716 2172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

18:59:10.0716 2172 MsRPC - ok

18:59:10.0809 2172 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

18:59:10.0809 2172 mssmbios - ok

18:59:10.0856 2172 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

18:59:10.0856 2172 MSTEE - ok

18:59:10.0981 2172 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

18:59:10.0981 2172 Mup - ok

18:59:11.0106 2172 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

18:59:11.0106 2172 NativeWifiP - ok

18:59:11.0215 2172 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

18:59:11.0215 2172 NDIS - ok

18:59:11.0386 2172 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

18:59:11.0386 2172 NdisTapi - ok

18:59:11.0418 2172 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

18:59:11.0418 2172 Ndisuio - ok

18:59:11.0527 2172 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:59:11.0527 2172 NdisWan - ok

18:59:11.0574 2172 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

18:59:11.0574 2172 NDProxy - ok

18:59:11.0667 2172 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

18:59:11.0667 2172 NetBIOS - ok

18:59:11.0761 2172 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

18:59:11.0761 2172 netbt - ok

18:59:11.0870 2172 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

18:59:11.0870 2172 nfrd960 - ok

18:59:11.0948 2172 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

18:59:11.0948 2172 Npfs - ok

18:59:12.0135 2172 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

18:59:12.0135 2172 nsiproxy - ok

18:59:12.0463 2172 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

18:59:12.0650 2172 Ntfs - ok

18:59:13.0040 2172 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

18:59:13.0040 2172 ntrigdigi - ok

18:59:13.0149 2172 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

18:59:13.0149 2172 Null - ok

18:59:13.0196 2172 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

18:59:13.0196 2172 nvraid - ok

18:59:13.0399 2172 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

18:59:13.0399 2172 nvstor - ok

18:59:13.0414 2172 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

18:59:13.0414 2172 nv_agp - ok

18:59:13.0430 2172 NwlnkFlt - ok

18:59:13.0446 2172 NwlnkFwd - ok

18:59:13.0570 2172 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

18:59:13.0570 2172 ohci1394 - ok

18:59:13.0633 2172 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

18:59:13.0633 2172 Parport - ok

18:59:13.0836 2172 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

18:59:13.0836 2172 partmgr - ok

18:59:13.0898 2172 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

18:59:13.0898 2172 Parvdm - ok

18:59:14.0038 2172 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

18:59:14.0038 2172 pci - ok

18:59:14.0194 2172 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

18:59:14.0194 2172 pciide - ok

18:59:14.0288 2172 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

18:59:14.0288 2172 pcmcia - ok

18:59:14.0522 2172 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

18:59:14.0538 2172 PEAUTH - ok

18:59:14.0709 2172 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

18:59:14.0709 2172 PptpMiniport - ok

18:59:14.0772 2172 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

18:59:14.0772 2172 Processor - ok

18:59:14.0834 2172 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

18:59:14.0834 2172 PSched - ok

18:59:14.0943 2172 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys

18:59:14.0959 2172 PxHelp20 - ok

18:59:15.0146 2172 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

18:59:15.0162 2172 ql2300 - ok

18:59:15.0208 2172 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

18:59:15.0208 2172 ql40xx - ok

18:59:15.0318 2172 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

18:59:15.0318 2172 QWAVEdrv - ok

18:59:15.0349 2172 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

18:59:15.0349 2172 RasAcd - ok

18:59:15.0411 2172 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:59:15.0411 2172 Rasl2tp - ok

18:59:15.0520 2172 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

18:59:15.0520 2172 RasPppoe - ok

18:59:15.0567 2172 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

18:59:15.0567 2172 RasSstp - ok

18:59:15.0614 2172 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

18:59:15.0630 2172 rdbss - ok

18:59:15.0786 2172 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:59:15.0786 2172 RDPCDD - ok

18:59:15.0848 2172 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

18:59:15.0879 2172 rdpdr - ok

18:59:15.0910 2172 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

18:59:15.0910 2172 RDPENCDD - ok

18:59:16.0020 2172 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

18:59:16.0020 2172 RDPWD - ok

18:59:16.0238 2172 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

18:59:16.0238 2172 rspndr - ok

18:59:16.0347 2172 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

18:59:16.0347 2172 RTL8169 - ok

18:59:16.0456 2172 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

18:59:16.0456 2172 sbp2port - ok

18:59:16.0581 2172 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

18:59:16.0597 2172 sdbus - ok

18:59:16.0690 2172 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

18:59:16.0690 2172 secdrv - ok

18:59:16.0784 2172 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

18:59:16.0800 2172 Serenum - ok

18:59:16.0909 2172 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

18:59:16.0909 2172 Serial - ok

18:59:16.0956 2172 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

18:59:16.0956 2172 sermouse - ok

18:59:17.0080 2172 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

18:59:17.0080 2172 sffdisk - ok

18:59:17.0174 2172 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

18:59:17.0174 2172 sffp_mmc - ok

18:59:17.0283 2172 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

18:59:17.0299 2172 sffp_sd - ok

18:59:17.0314 2172 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

18:59:17.0314 2172 sfloppy - ok

18:59:17.0392 2172 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

18:59:17.0392 2172 sisagp - ok

18:59:17.0439 2172 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

18:59:17.0439 2172 SiSRaid2 - ok

18:59:17.0548 2172 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

18:59:17.0548 2172 SiSRaid4 - ok

18:59:17.0642 2172 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

18:59:17.0642 2172 Smb - ok

18:59:17.0720 2172 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

18:59:17.0720 2172 spldr - ok

18:59:17.0814 2172 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

18:59:17.0814 2172 srv - ok

18:59:17.0907 2172 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

18:59:17.0907 2172 srv2 - ok

18:59:18.0001 2172 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

18:59:18.0001 2172 srvnet - ok

18:59:18.0235 2172 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

18:59:18.0235 2172 swenum - ok

18:59:18.0391 2172 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

18:59:18.0391 2172 Symc8xx - ok

18:59:18.0516 2172 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

18:59:18.0516 2172 Sym_hi - ok

18:59:18.0531 2172 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

18:59:18.0531 2172 Sym_u3 - ok

18:59:18.0640 2172 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys

18:59:18.0703 2172 SynTP - ok

18:59:18.0812 2172 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

18:59:18.0828 2172 Tcpip - ok

18:59:18.0921 2172 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

18:59:18.0937 2172 Tcpip6 - ok

18:59:19.0015 2172 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

18:59:19.0015 2172 TDPIPE - ok

18:59:19.0062 2172 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

18:59:19.0062 2172 TDTCP - ok

18:59:19.0233 2172 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

18:59:19.0233 2172 tdx - ok

18:59:19.0342 2172 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

18:59:19.0358 2172 TermDD - ok

18:59:19.0452 2172 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys

18:59:19.0467 2172 tifm21 - ok

18:59:19.0545 2172 Tosrfcom - ok

18:59:19.0686 2172 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

18:59:19.0701 2172 tos_sps32 - ok

18:59:19.0764 2172 TpChoice - ok

18:59:19.0935 2172 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:59:19.0935 2172 tssecsrv - ok

18:59:20.0107 2172 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

18:59:20.0107 2172 tunmp - ok

18:59:20.0388 2172 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

18:59:20.0388 2172 tunnel - ok

18:59:20.0606 2172 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

18:59:20.0606 2172 TVALZ - ok

18:59:20.0746 2172 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

18:59:20.0746 2172 uagp35 - ok

18:59:21.0074 2172 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

18:59:21.0090 2172 udfs - ok

18:59:21.0292 2172 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

18:59:21.0292 2172 uliagpkx - ok

18:59:21.0417 2172 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

18:59:21.0417 2172 uliahci - ok

18:59:21.0698 2172 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

18:59:21.0698 2172 UlSata - ok

18:59:21.0745 2172 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

18:59:21.0745 2172 ulsata2 - ok

18:59:21.0792 2172 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

18:59:21.0807 2172 umbus - ok

18:59:22.0088 2172 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

18:59:22.0088 2172 usbccgp - ok

18:59:22.0213 2172 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

18:59:22.0213 2172 usbcir - ok

18:59:22.0291 2172 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

18:59:22.0291 2172 usbehci - ok

18:59:22.0353 2172 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

18:59:22.0369 2172 usbhub - ok

18:59:22.0384 2172 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

18:59:22.0384 2172 usbohci - ok

18:59:22.0478 2172 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

18:59:22.0478 2172 usbprint - ok

18:59:22.0540 2172 USBSTOR - ok

18:59:22.0681 2172 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

18:59:22.0681 2172 usbuhci - ok

18:59:22.0728 2172 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

18:59:22.0728 2172 vga - ok

18:59:22.0852 2172 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

18:59:22.0852 2172 VgaSave - ok

18:59:22.0977 2172 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

18:59:22.0977 2172 viaagp - ok

18:59:23.0071 2172 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

18:59:23.0071 2172 ViaC7 - ok

18:59:23.0352 2172 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

18:59:23.0352 2172 viaide - ok

18:59:23.0648 2172 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

18:59:23.0648 2172 volmgr - ok

18:59:24.0038 2172 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

18:59:24.0054 2172 volmgrx - ok

18:59:24.0241 2172 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

18:59:24.0256 2172 volsnap - ok

18:59:24.0334 2172 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

18:59:24.0334 2172 vsmraid - ok

18:59:24.0412 2172 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

18:59:24.0412 2172 WacomPen - ok

18:59:24.0475 2172 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:59:24.0475 2172 Wanarp - ok

18:59:24.0568 2172 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

18:59:24.0568 2172 Wanarpv6 - ok

18:59:24.0646 2172 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

18:59:24.0646 2172 Wd - ok

18:59:24.0818 2172 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

18:59:24.0849 2172 Wdf01000 - ok

18:59:25.0005 2172 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

18:59:25.0005 2172 WmiAcpi - ok

18:59:25.0068 2172 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

18:59:25.0068 2172 ws2ifsl - ok

18:59:25.0224 2172 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:59:25.0224 2172 WUDFRd - ok

18:59:25.0286 2172 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

18:59:25.0348 2172 \Device\Harddisk0\DR0 - ok

18:59:25.0364 2172 Boot (0x1200) (156b54357b2fdc60fed28e21297f8334) \Device\Harddisk0\DR0\Partition0

18:59:25.0364 2172 \Device\Harddisk0\DR0\Partition0 - ok

18:59:25.0364 2172 ============================================================

18:59:25.0364 2172 Scan finished

18:59:25.0364 2172 ============================================================

18:59:25.0380 2916 Detected object count: 0

18:59:25.0380 2916 Actual detected object count: 0

[Maurice Naggar]

Very good on both.

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

[frustratedtotheex]

Just to add--my son's laptop (which he got Christmas) seems to be acting similar to mine. He cannot run things as an admin--new partitions--just a whole bunch of weird stuff. My point is, I will be starting a new thread if needed to help with his computer.

There seems to be a pattern--every computer he touches starts acting weird.

Thanks so much for your help.

[Maurice Naggar]

Is your son carrying & plugging in a USB stick (flash) drive and plugging to one & the other system? If so, an infected USB flash drive may be the mechanism to facilitate infection. If that is what is happening, tell him to stop and put those USB sticks out and secure them somewhere.

IF he is playing online games, stop that too, until after each system is in the clear.

While you run GMER, please don't start or run any other program. I'll await the GMER log.

[frustratedtotheex]

Gmer log quits working. What to do now?

[Maurice Naggar]

How do you think it quit? It just takes time for it to finish. Tell me what you see

[frustratedtotheex]

Is your son carrying & plugging in a USB stick (flash) drive and plugging to one & the other system? If so, an infected USB flash drive may be the mechanism to facilitate infection. If that is what is happening, tell him to stop and put those USB sticks out and secure them somewhere.

IF he is playing online games, stop that too, until after each system is in the clear.

While you run GMER, please don't start or run any other program. I'll await the GMER log.

Yes, he does have a USB and I told him to stop.

[Maurice Naggar]

You'all need to secure those and I can have you run a tool on the USB, but that is for much later. For now, tell me what you see on GMER screen.

(I assume you followed my steps and pressed Scan )

[frustratedtotheex]

How do you think it quit? It just takes time for it to finish. Tell me what you see

Said unexpected error (I think. I closed it) And said that windows can check online. Going to try it again.

[frustratedtotheex]

Gmer

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-01-10 20:22:34

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL030M

Running: fr2u1fgz.exe; Driver: C:\Users\Mary\AppData\Local\Temp\pwldypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87B51000, 0x4036D, 0xE8000020]

.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x87B9A000, 0x510, 0x40000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\assembly\NativeImages_v2.0.50727_32\index22a.dat 0 bytes

File C:\Windows\assembly\NativeImages_v2.0.50727_32\index22b.dat 0 bytes

---- EOF - GMER 1.0.15 ----

[Maurice Naggar]

Reminder, please do no websurfing or any online games (your son). Especially, do NOT run any tools on your own. Make no fixes on your own.

Let's get a couple of reports and I'll review them.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

• Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  
• In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  
• Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  
• It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  
• Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  
• Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):

• the contents of OTL.txt;
  
• the contents of Extras.txt ; and
  
• the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[frustratedtotheex]

I'm attaching logs because it says it is too large.

OTL.Txt

Extras.Txt

checkup.txt

[frustratedtotheex]

Oops...I didn't see the last part about not attaching it.

OTL logfile created on: 1/10/2012 8:56:49 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 48.79% Memory free

3.99 Gb Paging File | 2.99 Gb Available in Paging File | 74.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 147.58 Gb Total Space | 105.94 Gb Free Space | 71.78% Space Free | Partition Type: NTFS

Computer Name: MARY-PC | User Name: Mary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 20:53:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe

PRC - [2007/07/07 05:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

========== Modules (No Company Name) ==========

MOD - [2007/07/14 01:52:00 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

========== Driver Services (SafeList) ==========

DRV - [2012/01/10 19:44:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBC1B8B7-4EFD-4A4C-B84B-097156365B45}\MpKsl2c587bb6.sys -- (MpKsl2c587bb6)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2009/06/19 21:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/07/14 02:01:30 | 002,771,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/06/28 18:23:14 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007/04/30 15:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/09 16:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/09 16:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2006/11/02 02:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)

DRV - [2006/09/27 22:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)

DRV - [2006/07/28 18:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

O1 HOSTS File: ([2007/01/03 08:49:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C6F3325-0F2B-4A2A-8481-A37CCE2FEBE1}: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[frustratedtotheex]

OTL cont'd

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 20:53:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary\Desktop\OTL.exe

[2012/01/10 19:28:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2012/01/10 19:15:59 | 000,000,000 | ---D | C] -- C:\ARK

[2012/01/10 19:02:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll

[2012/01/10 19:02:56 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll

[2012/01/10 19:02:56 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll

[2012/01/10 19:02:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll

[2012/01/10 19:02:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe

[2012/01/10 19:02:15 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll

[2012/01/10 19:02:13 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll

[2012/01/10 19:02:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll

[2012/01/10 19:02:13 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll

[2012/01/10 19:02:13 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll

[2012/01/10 19:02:13 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll

[2012/01/10 19:02:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll

[2012/01/10 18:54:38 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mary\Desktop\tdsskiller.exe

[2012/01/10 18:52:35 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mary\Desktop\aswMBR.exe

[2012/01/10 18:51:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe

[2012/01/10 18:51:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll

[2012/01/10 18:51:50 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

[2012/01/10 18:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/01/10 18:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/01/10 18:39:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2012/01/10 18:36:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll

[2012/01/10 18:36:13 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe

[2012/01/10 18:36:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe

[2012/01/10 18:36:12 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe

[2012/01/10 18:36:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll

[2012/01/10 18:36:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll

[2012/01/10 18:36:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll

[2012/01/10 18:36:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe

[2012/01/10 18:36:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll

[2012/01/10 18:36:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll

[2012/01/10 18:36:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll

[2012/01/10 18:35:46 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll

[2012/01/10 18:35:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe

[2012/01/10 18:35:46 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll

[2012/01/10 18:35:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll

[2012/01/10 18:35:46 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll

[2012/01/08 21:53:24 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2012/01/08 21:52:55 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2012/01/08 21:52:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll

[2012/01/08 21:52:54 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2012/01/08 21:52:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2012/01/08 21:52:52 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2012/01/08 21:52:52 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2012/01/08 21:52:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2012/01/08 21:52:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2012/01/08 21:52:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll

[2012/01/08 21:52:30 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2012/01/08 21:52:12 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

[2012/01/08 21:52:06 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2012/01/08 21:52:02 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2012/01/08 21:52:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2012/01/08 21:51:58 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2012/01/08 21:51:56 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll

[2012/01/08 21:51:56 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2012/01/08 21:51:56 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll

[2012/01/08 21:51:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2012/01/08 21:51:36 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll

[2012/01/08 21:51:36 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll

[2012/01/08 21:51:35 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll

[2012/01/08 21:51:27 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012/01/08 21:51:25 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/01/08 21:51:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/01/08 21:51:17 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2012/01/08 21:51:16 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2012/01/08 21:51:14 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2012/01/08 21:51:03 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2012/01/08 21:51:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2012/01/08 21:50:23 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2012/01/08 21:49:49 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2012/01/08 21:49:48 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL

[2012/01/08 21:49:43 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/01/08 21:49:43 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2012/01/08 21:49:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe

[2012/01/08 21:49:07 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/01/08 21:49:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2012/01/08 21:49:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012/01/08 21:48:50 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2012/01/08 21:48:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2012/01/08 21:47:14 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2012/01/02 13:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/01/02 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/01/02 09:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/01/02 09:17:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/01/02 09:17:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/01/02 09:17:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/01/02 09:17:25 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/01/02 08:59:16 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\TOSHIBA

[2012/01/02 08:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared

[2012/01/02 08:55:52 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\InstallShield

[2012/01/02 08:55:51 | 000,000,000 | ---D | C] -- C:\Users\Mary\AppData\Roaming\WinBatch

[2012/01/02 08:41:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2012/01/02 08:41:21 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2012/01/02 08:41:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2012/01/02 08:41:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2012/01/02 08:41:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/01/02 08:41:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2012/01/02 08:41:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2012/01/02 08:41:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2012/01/02 08:41:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/01/02 08:41:20 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2012/01/02 08:41:19 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2012/01/02 08:41:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/01/02 08:41:19 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2012/01/02 08:41:19 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2012/01/02 08:41:19 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2012/01/02 08:41:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/01/02 08:41:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2012/01/02 08:41:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2012/01/02 08:41:19 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2012/01/02 08:41:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2012/01/02 08:41:18 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/01/02 08:41:18 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2012/01/02 08:41:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2012/01/02 08:41:18 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2012/01/02 08:41:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/01/02 08:41:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/01/02 08:41:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2012/01/02 08:41:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2012/01/02 08:41:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/01/02 08:41:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2012/01/02 08:41:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2012/01/02 08:41:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2012/01/02 08:41:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2012/01/02 08:41:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2012/01/02 08:41:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2012/01/02 08:41:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2012/01/02 08:41:14 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2012/01/02 08:39:31 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll

[2012/01/02 08:39:31 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll

[2012/01/02 08:39:31 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll

[2012/01/02 08:39:31 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll

[2012/01/02 08:39:31 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll

[2012/01/02 08:39:30 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll

[2012/01/02 08:39:30 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll

[2012/01/02 08:39:23 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/01/02 08:39:23 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll

[2012/01/02 08:39:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/01/02 08:39:22 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll

[2012/01/02 08:39:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

[2012/01/02 08:39:22 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll

[2012/01/02 08:39:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/01/02 08:39:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll

[2012/01/02 08:39:22 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/01/02 08:39:21 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll

[2012/01/02 08:39:21 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe

[2012/01/02 08:39:21 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2012/01/02 08:39:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll

[2012/01/02 08:39:20 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll

[2012/01/02 08:37:27 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012/01/02 08:35:03 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll

[2012/01/02 08:35:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe

[2012/01/02 08:35:03 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll

[2012/01/02 08:35:02 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll

[2012/01/02 08:35:02 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll

[2012/01/02 08:35:02 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll

[2012/01/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN

[2012/01/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES

[2012/01/02 07:56:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES

[2012/01/02 07:48:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview

[2012/01/02 07:27:17 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll

[2012/01/02 07:27:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe

[2012/01/02 07:20:22 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll

[2012/01/02 07:20:21 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll

[2012/01/02 07:20:20 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll

[2012/01/02 07:20:20 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys

[2012/01/02 07:20:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys

[2012/01/02 07:20:19 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll

[2012/01/02 07:20:18 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll

[2012/01/02 07:20:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll

[2012/01/02 07:20:16 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll

[2012/01/02 07:20:16 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll

[2012/01/02 07:20:16 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime

[2012/01/02 07:20:15 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll

[2012/01/02 07:20:15 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll

[2012/01/02 07:20:15 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll

[2012/01/02 07:20:15 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll

[2012/01/02 07:20:15 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll

[2012/01/02 07:20:15 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys

[2012/01/02 07:20:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll

[2012/01/02 07:20:15 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe

[2012/01/02 07:20:15 | 000,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys

[2012/01/02 07:20:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe

[2012/01/02 07:20:13 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll

[2012/01/02 07:20:13 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr

[2012/01/02 07:20:13 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe

[2012/01/02 07:20:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime

[2012/01/02 07:20:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe

[2012/01/02 07:20:11 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll

[2012/01/02 07:20:10 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll

[2012/01/02 07:20:10 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll

[2012/01/02 07:20:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll

[2012/01/02 07:20:10 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll

[2012/01/02 07:20:10 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll

[2012/01/02 07:20:09 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll

[2012/01/02 07:20:09 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe

[2012/01/02 07:20:09 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll

[2012/01/02 07:20:07 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe

[2012/01/02 07:20:06 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll

[2012/01/02 07:20:06 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll

[2012/01/02 07:20:06 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll

[2012/01/02 07:20:06 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll

[2012/01/02 07:20:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe

[2012/01/02 07:20:05 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll

[2012/01/02 07:20:05 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[frustratedtotheex]

Still OTL

[2012/01/02 07:20:05 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll

[2012/01/02 07:20:05 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime

[2012/01/02 07:20:05 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime

[2012/01/02 07:20:04 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll

[2012/01/02 07:20:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe

[2012/01/02 07:20:03 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

[2012/01/02 07:20:03 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/01/02 07:20:03 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe

[2012/01/02 07:20:02 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll

[2012/01/02 07:20:02 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll

[2012/01/02 07:20:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe

[2012/01/02 07:20:01 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2012/01/02 07:19:59 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/01/02 07:19:59 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll

[2012/01/02 07:19:58 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll

[2012/01/02 07:19:57 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL

[2012/01/02 07:19:52 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe

[2012/01/02 07:19:47 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll

[2012/01/02 07:19:47 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll

[2012/01/02 07:19:47 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll

[2012/01/02 07:19:46 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll

[2012/01/02 07:19:46 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll

[2012/01/02 07:19:46 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll

[2012/01/02 07:19:46 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys

[2012/01/02 07:19:45 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll

[2012/01/02 07:19:45 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe

[2012/01/02 07:19:45 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys

[2012/01/02 07:19:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll

[2012/01/02 07:19:44 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/01/02 07:19:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll

[2012/01/02 07:19:42 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll

[2012/01/02 07:19:42 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll

[2012/01/02 07:19:42 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll

[2012/01/02 07:19:42 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll

[2012/01/02 07:19:41 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe

[2012/01/02 07:19:41 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe

[2012/01/02 07:19:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2012/01/02 07:19:40 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe

[2012/01/02 07:19:40 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll

[2012/01/02 07:19:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll

[2012/01/02 07:19:40 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll

[2012/01/02 07:19:39 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll

[2012/01/02 07:19:39 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll

[2012/01/02 07:19:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll

[2012/01/02 07:19:39 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe

[2012/01/02 07:19:38 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll

[2012/01/02 07:19:38 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll

[2012/01/02 07:19:38 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll

[2012/01/02 07:19:37 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe

[2012/01/02 07:19:36 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe

[2012/01/02 07:19:36 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll

[2012/01/02 07:19:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll

[2012/01/02 07:19:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll

[2012/01/02 07:19:36 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll

[2012/01/02 07:19:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll

[2012/01/02 07:19:36 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll

[2012/01/02 07:19:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe

[2012/01/02 07:19:35 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll

[2012/01/02 07:19:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe

[2012/01/02 07:19:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe

[2012/01/02 07:19:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys

[2012/01/02 07:19:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe

[2012/01/02 07:19:34 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll

[2012/01/02 07:19:34 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll

[2012/01/02 07:19:34 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll

[2012/01/02 07:19:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll

[2012/01/02 07:19:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll

[2012/01/02 07:19:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll

[2012/01/02 07:19:34 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll

[2012/01/02 07:19:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll

[2012/01/02 07:19:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll

[2012/01/02 07:19:33 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll

[2012/01/02 07:19:33 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll

[2012/01/02 07:19:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe

[2012/01/02 07:19:32 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll

[2012/01/02 07:19:32 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2012/01/02 07:19:32 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2012/01/02 07:19:32 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll

[2012/01/02 07:19:32 | 000,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys

[2012/01/02 07:19:32 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll

[2012/01/02 07:19:32 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2012/01/02 07:19:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

[2012/01/02 07:19:32 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll

[2012/01/02 07:19:31 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll

[2012/01/02 07:19:31 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe

[2012/01/02 07:19:31 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe

[2012/01/02 07:19:31 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll

[2012/01/02 07:19:31 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll

[2012/01/02 07:19:30 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll

[2012/01/02 07:19:30 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll

[2012/01/02 07:19:30 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll

[2012/01/02 07:19:30 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll

[2012/01/02 07:19:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll

[2012/01/02 07:19:29 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll

[2012/01/02 07:19:29 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll

[2012/01/02 07:19:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll

[2012/01/02 07:19:27 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll

[2012/01/02 07:19:27 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll

[2012/01/02 07:19:26 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll

[2012/01/02 07:19:25 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll

[2012/01/02 07:19:25 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

[2012/01/02 07:19:24 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll

[2012/01/02 07:19:24 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys

[2012/01/02 07:19:23 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll

[2012/01/02 07:19:22 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll

[2012/01/02 07:19:22 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll

[2012/01/02 07:19:22 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe

[2012/01/02 07:19:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll

[2012/01/02 07:19:21 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe

[2012/01/02 07:19:21 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll

[2012/01/02 07:19:21 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe

[2012/01/02 07:19:21 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll

[2012/01/02 07:19:21 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe

[2012/01/02 07:19:20 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll

[2012/01/02 07:19:20 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll

[2012/01/02 07:19:20 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl

[2012/01/02 07:19:20 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll

[2012/01/02 07:19:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe

[2012/01/02 07:19:19 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll

[2012/01/02 07:19:19 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys

[2012/01/02 07:19:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime

[2012/01/02 07:19:19 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe

[2012/01/02 07:19:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe

[2012/01/02 07:19:19 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe

[2012/01/02 07:19:18 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll

[2012/01/02 07:19:18 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll

[2012/01/02 07:19:18 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe

[2012/01/02 07:19:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll

[2012/01/02 07:19:17 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe

[2012/01/02 07:19:17 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime

[2012/01/02 07:19:16 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll

[2012/01/02 07:19:16 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll

[2012/01/02 07:19:16 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll

[2012/01/02 07:19:16 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll

[2012/01/02 07:19:16 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll

[2012/01/02 07:19:14 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll

[2012/01/02 07:19:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll

[2012/01/02 07:19:14 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll

[2012/01/02 07:19:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll

[2012/01/02 07:19:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll

[2012/01/02 07:19:12 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll

[2012/01/02 07:19:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll

[2012/01/02 07:19:11 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll

[2012/01/02 07:19:11 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2012/01/02 07:19:11 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2012/01/02 07:19:10 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll

[2012/01/02 07:19:10 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll

[2012/01/02 07:19:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/01/02 07:19:09 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll

[2012/01/02 07:19:09 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/01/02 07:19:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll

[2012/01/02 07:19:08 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll

[2012/01/02 07:19:07 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll

[2012/01/02 07:19:07 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll

[2012/01/02 07:19:07 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2012/01/02 07:19:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe

[2012/01/02 07:19:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll

[2012/01/02 07:19:06 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll

[2012/01/02 07:19:06 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL

[2012/01/02 07:19:06 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll

[2012/01/02 07:19:06 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll

[2012/01/02 07:19:06 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll

[2012/01/02 07:19:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll

[2012/01/02 07:19:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2012/01/02 07:19:06 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll

[2012/01/02 07:19:05 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe

[2012/01/02 07:19:05 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll

[2012/01/02 07:19:05 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll

[2012/01/02 07:19:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll

[2012/01/02 07:19:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll

[2012/01/02 07:19:05 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll

[2012/01/02 07:19:04 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll

[2012/01/02 07:19:04 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll

[2012/01/02 07:19:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll

[2012/01/02 07:19:03 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll

[2012/01/02 07:19:03 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll

[2012/01/02 07:19:00 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2012/01/02 07:19:00 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2012/01/02 07:19:00 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll

[2012/01/02 07:19:00 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2012/01/02 07:19:00 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2012/01/02 07:19:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll

[2012/01/02 07:19:00 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll

[2012/01/02 07:19:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll

[2012/01/02 07:19:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll

[2012/01/02 07:18:59 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll

[2012/01/02 07:18:59 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll

[2012/01/02 07:18:59 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl

[2012/01/02 07:18:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll

[2012/01/02 07:18:58 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime

[2012/01/02 07:18:58 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll

[2012/01/02 07:18:57 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll

[2012/01/02 07:18:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll

[2012/01/02 07:18:56 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll

[2012/01/02 07:18:56 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll

[2012/01/02 07:18:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe

[2012/01/02 07:18:55 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll

[2012/01/02 07:18:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll

[2012/01/02 07:18:55 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll

[2012/01/02 07:18:55 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll

[2012/01/02 07:18:54 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe

[2012/01/02 07:18:54 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll

[2012/01/02 07:18:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll

[2012/01/02 07:18:54 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll

[2012/01/02 07:18:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll

[2012/01/02 07:18:53 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME

[2012/01/02 07:18:53 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL

[2012/01/02 07:18:53 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll

[2012/01/02 07:18:52 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll

[2012/01/02 07:18:52 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll

[2012/01/02 07:18:49 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll

[2012/01/02 07:18:48 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll

[2012/01/02 07:18:45 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll

[2012/01/02 07:18:45 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe

[2012/01/02 07:18:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll

[2012/01/02 07:18:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll

[2012/01/02 07:18:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys

[2012/01/02 07:18:41 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll

[2012/01/02 07:18:41 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax

[2012/01/02 07:18:40 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll

[2012/01/02 07:18:40 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll

[2012/01/02 07:18:40 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll

[2012/01/02 07:18:40 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll

[2012/01/02 07:18:39 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe

[2012/01/02 07:18:39 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll

[frustratedtotheex]

More OTL

[2012/01/02 07:18:39 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll

[2012/01/02 07:18:39 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll

[2012/01/02 07:18:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe

[2012/01/02 07:18:38 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe

[2012/01/02 07:18:37 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe

[2012/01/02 07:18:36 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe

[2012/01/02 07:18:36 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll

[2012/01/02 07:18:36 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll

[2012/01/02 07:18:35 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll

[2012/01/02 07:18:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll

[2012/01/02 07:18:33 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll

[2012/01/02 07:18:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe

[2012/01/02 07:18:33 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll

[2012/01/02 07:18:32 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe

[2012/01/02 07:18:32 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll

[2012/01/02 07:18:32 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe

[2012/01/02 07:18:31 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll

[2012/01/02 07:18:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll

[2012/01/02 07:18:30 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll

[2012/01/02 07:18:30 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2012/01/02 07:18:30 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll

[2012/01/02 07:18:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll

[2012/01/02 07:18:29 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe

[2012/01/02 07:18:28 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll

[2012/01/02 07:18:28 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll

[2012/01/02 07:18:28 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll

[2012/01/02 07:18:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys

[2012/01/02 07:18:25 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl

[2012/01/02 07:18:25 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll

[2012/01/02 07:18:25 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll

[2012/01/02 07:18:25 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll

[2012/01/02 07:18:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll

[2012/01/02 07:18:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll

[2012/01/02 07:18:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll

[2012/01/02 07:18:24 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL

[2012/01/02 07:18:24 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL

[2012/01/02 07:18:24 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL

[2012/01/02 07:18:24 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll

[2012/01/02 07:18:23 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll

[2012/01/02 07:18:23 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll

[2012/01/02 07:18:23 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe

[2012/01/02 07:18:22 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll

[2012/01/02 07:18:21 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll

[2012/01/02 07:18:21 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll

[2012/01/02 07:18:20 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll

[2012/01/02 07:18:20 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe

[2012/01/02 07:18:20 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll

[2012/01/02 07:18:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll

[2012/01/02 07:18:20 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll

[2012/01/02 07:18:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe

[2012/01/02 07:18:19 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe

[2012/01/02 07:18:17 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll

[2012/01/02 07:18:16 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll

[2012/01/02 07:18:14 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll

[2012/01/02 07:18:14 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys

[2012/01/02 07:18:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll

[2012/01/02 07:18:13 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll

[2012/01/02 07:18:13 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys

[2012/01/02 07:18:12 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll

[2012/01/02 07:18:12 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll

[2012/01/02 07:18:08 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll

[2012/01/02 07:18:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx

[2012/01/02 07:18:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll

[2012/01/02 07:18:07 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll

[2012/01/02 07:18:07 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2012/01/02 07:18:07 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll

[2012/01/02 07:18:07 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll

[2012/01/02 07:18:06 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll

[2012/01/02 07:18:06 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll

[2012/01/02 07:18:06 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe

[2012/01/02 07:18:06 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll

[2012/01/02 07:18:05 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll

[2012/01/02 07:18:05 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll

[2012/01/02 07:18:05 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe

[2012/01/02 07:18:05 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe

[2012/01/02 07:18:05 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll

[2012/01/02 07:18:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll

[2012/01/02 07:18:03 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll

[2012/01/02 07:18:03 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll

[2012/01/02 07:18:03 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll

[2012/01/02 07:18:02 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll

[2012/01/02 07:18:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe

[2012/01/02 07:17:59 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys

[2012/01/02 07:17:59 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe

[2012/01/02 07:17:59 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe

[2012/01/02 07:17:59 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll

[2012/01/02 07:17:58 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe

[2012/01/02 07:17:58 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe

[2012/01/02 07:17:57 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe

[2012/01/02 07:17:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys

[2012/01/02 07:17:56 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll

[2012/01/02 07:17:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys

[2012/01/02 07:17:56 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys

[2012/01/02 07:17:55 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll

[2012/01/02 07:17:55 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll

[2012/01/02 07:17:54 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll

[2012/01/02 07:17:49 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime

[2012/01/02 07:17:48 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2012/01/02 07:17:48 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll

[2012/01/02 07:17:47 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll

[2012/01/02 07:17:46 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll

[2012/01/02 07:11:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2012/01/01 20:46:39 | 000,000,000 | ---D | C] -- C:\PerfLogs

[2012/01/01 20:03:26 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe

[2012/01/01 20:03:21 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdspres.dll

[2012/01/01 20:02:39 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxproxy.dll

[2012/01/01 20:01:58 | 000,464,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe

[2012/01/01 20:01:58 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssha.dll

[2012/01/01 20:01:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrdc.dll

[2012/01/01 20:01:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxdm.dll

[2012/01/01 20:01:56 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mycomput.dll

[2012/01/01 20:01:56 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mystify.scr

[2012/01/01 20:01:56 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPMONTR.DLL

[2012/01/01 20:01:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtstocom.exe

[2012/01/01 20:01:56 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPHLPR.DLL

[2012/01/01 20:01:56 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napdsnap.dll

[2012/01/01 20:01:56 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MuiUnattend.exe

[2012/01/01 20:01:56 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPCRYPT.DLL

[2012/01/01 20:01:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\napipsec.dll

[2012/01/01 20:01:56 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxlegih.dll

[2012/01/01 20:01:52 | 001,386,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll

[2012/01/01 20:01:50 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswmdm.dll

[2012/01/01 20:01:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcuiu.dll

[2012/01/01 20:01:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcVSp1res.dll

[2012/01/01 20:01:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdelta.dll

[2012/01/01 20:01:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.exe

[2012/01/01 20:01:46 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdadiag.dll

[2012/01/01 20:01:46 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdart.dll

[2012/01/01 20:01:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtclog.dll

[2012/01/01 20:01:45 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ENC.DLL

[2012/01/01 20:01:45 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2012/01/01 20:01:45 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2ADEC.DLL

[2012/01/01 20:01:45 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdt.dll

[2012/01/01 20:01:45 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll

[2012/01/01 20:01:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll

[2012/01/01 20:01:44 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe

[2012/01/01 20:01:44 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoeacct.dll

[2012/01/01 20:01:44 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msorcl32.dll

[2012/01/01 20:01:44 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msoert2.dll

[2012/01/01 20:01:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll

[2012/01/01 20:01:43 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msidcrl30.dll

[2012/01/01 20:01:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msident.dll

[2012/01/01 20:01:35 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Nlsdl.dll

[2012/01/01 20:01:33 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlmgp.dll

[2012/01/01 20:01:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlsbres.dll

[2012/01/01 20:01:30 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll

[2012/01/01 20:01:29 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll

[2012/01/01 20:01:29 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll

[2012/01/01 20:01:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll

[2012/01/01 20:01:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll

[2012/01/01 20:01:28 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshipsec.dll

[2012/01/01 20:01:27 | 000,520,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntvdm.exe

[2012/01/01 20:01:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netdiagfx.dll

[2012/01/01 20:01:27 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll

[2012/01/01 20:01:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcfg.exe

[2012/01/01 20:01:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netbtugc.exe

[2012/01/01 20:01:26 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netid.dll

[2012/01/01 20:01:26 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll

[2012/01/01 20:01:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nci.dll

[2012/01/01 20:01:26 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe

[2012/01/01 20:01:25 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NAPSTAT.EXE

[2012/01/01 20:01:25 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net1.exe

[2012/01/01 20:01:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfapi.dll

[2012/01/01 20:01:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\net.exe

[2012/01/01 20:01:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ndfetw.dll

[2012/01/01 20:01:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nbtstat.exe

[2012/01/01 20:01:23 | 000,669,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netprof.dll

[2012/01/01 20:01:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Netplwiz.exe

[2012/01/01 20:01:22 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\makecab.exe

[2012/01/01 20:01:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsmproxy.dll

[2012/01/01 20:01:21 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localsec.dll

[2012/01/01 20:01:21 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe

[2012/01/01 20:01:21 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\luainstall.dll

[2012/01/01 20:01:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loghours.dll

[2012/01/01 20:01:21 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpremove.exe

[2012/01/01 20:01:21 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lodctr.exe

[2012/01/01 20:01:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localui.dll

[2012/01/01 20:01:20 | 005,714,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logon.scr

[2012/01/01 20:01:19 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFWMAAEC.DLL

[2012/01/01 20:01:19 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfvdsp.dll

[2012/01/01 20:01:16 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcbuilder.exe

[2012/01/01 20:01:16 | 000,205,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdminst.dll

[2012/01/01 20:01:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mcd.sys

[2012/01/01 20:01:15 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\McxDriv.dll

[2012/01/01 20:01:15 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe

[2012/01/01 20:01:15 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsiwmi.dll

[2012/01/01 20:01:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsium.dll

[2012/01/01 20:01:15 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsied.dll

[2012/01/01 20:01:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\intl.cpl

[2012/01/01 20:01:14 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtrmgr.dll

[2012/01/01 20:01:14 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kstvtune.ax

[2012/01/01 20:01:14 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2gpstore.dll

[2012/01/01 20:01:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksxbar.ax

[2012/01/01 20:01:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmutil.exe

[2012/01/01 20:01:14 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ktmw32.dll

[2012/01/01 20:01:14 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iprtprio.dll

[2012/01/01 20:01:13 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\keymgr.dll

[2012/01/01 20:01:13 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ksproxy.ax

[2012/01/01 20:01:13 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\loadperf.dll

[2012/01/01 20:01:13 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lnkstub.exe

[2012/01/01 20:01:13 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lltdapi.dll

[2012/01/01 20:01:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\LangCleanupSysprepAction.dll

[2012/01/01 20:01:12 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\joy.cpl

[2012/01/01 20:01:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDJPN.DLL

[2012/01/01 20:01:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprmsg.dll

[2012/01/01 20:01:11 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprddm.dll

[2012/01/01 20:01:11 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDKOR.DLL

[2012/01/01 20:01:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mountvol.exe

[2012/01/01 20:01:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPG4DECD.DLL

[2012/01/01 20:01:08 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP43DECD.DLL

[2012/01/01 20:01:08 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP3DMOD.DLL

[2012/01/01 20:01:07 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe

[2012/01/01 20:01:06 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSAC3ENC.DLL

[2012/01/01 20:01:06 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaatext.dll

[2012/01/01 20:01:04 | 000,301,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcbase.dll

[frustratedtotheex]

OTL STILL

[2012/01/01 20:01:00 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\migisol.dll

[2012/01/01 20:01:00 | 000,094,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MigAutoPlay.exe

[2012/01/01 20:00:59 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdshext.dll

[2012/01/01 20:00:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SecEdit.exe

[2012/01/01 20:00:57 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrink.dll

[2012/01/01 20:00:56 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shrpubw.exe

[2012/01/01 20:00:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll

[2012/01/01 20:00:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shutdown.exe

[2012/01/01 20:00:55 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiInstaller.dll

[2012/01/01 20:00:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smclib.sys

[2012/01/01 20:00:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll

[2012/01/01 20:00:53 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\serialui.dll

[2012/01/01 20:00:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcln.dll

[2012/01/01 20:00:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupugc.exe

[2012/01/01 20:00:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupcl.exe

[2012/01/01 20:00:52 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe

[2012/01/01 20:00:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupSNK.exe

[2012/01/01 20:00:48 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssocPrx.dll

[2012/01/01 20:00:46 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercfg.cpl

[2012/01/01 20:00:46 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWiaCompat.dll

[2012/01/01 20:00:46 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pots.dll

[2012/01/01 20:00:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpts.dll

[2012/01/01 20:00:45 | 000,300,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiobj.dll

[2012/01/01 20:00:45 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\provthrd.dll

[2012/01/01 20:00:45 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL

[2012/01/01 20:00:44 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prntvpt.dll

[2012/01/01 20:00:44 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll

[2012/01/01 20:00:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2012/01/01 20:00:43 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pcollab.dll

[2012/01/01 20:00:43 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2P.dll

[2012/01/01 20:00:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2phost.exe

[2012/01/01 20:00:43 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2pnetsh.dll

[2012/01/01 20:00:43 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olecli32.dll

[2012/01/01 20:00:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profprov.dll

[2012/01/01 20:00:43 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcadm.dll

[2012/01/01 20:00:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\procinst.dll

[2012/01/01 20:00:42 | 001,107,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ogldrv.dll

[2012/01/01 20:00:42 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olethk32.dll

[2012/01/01 20:00:42 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olesvr32.dll

[2012/01/01 20:00:41 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OptionalFeatures.exe

[2012/01/01 20:00:41 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osblprov.dll

[2012/01/01 20:00:41 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osbaseln.dll

[2012/01/01 20:00:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll

[2012/01/01 20:00:38 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE

[2012/01/01 20:00:37 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe

[2012/01/01 20:00:37 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdhui.dll

[2012/01/01 20:00:37 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfnet.dll

[2012/01/01 20:00:36 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe

[2012/01/01 20:00:36 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RstrtMgr.dll

[2012/01/01 20:00:36 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\runonce.exe

[2012/01/01 20:00:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfts.dll

[2012/01/01 20:00:35 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Ribbons.scr

[2012/01/01 20:00:35 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rgb9rast.dll

[2012/01/01 20:00:35 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtm.dll

[2012/01/01 20:00:34 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RESAMPLEDMO.DLL

[2012/01/01 20:00:34 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RpcPing.exe

[2012/01/01 20:00:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched32.dll

[2012/01/01 20:00:33 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdengin2.dll

[2012/01/01 20:00:33 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

[2012/01/01 20:00:33 | 000,087,552 | ---- | C] (Microsoft) -- C:\Windows\System32\Robocopy.exe

[2012/01/01 20:00:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbunattend.exe

[2012/01/01 20:00:32 | 000,142,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\scsiport.sys

[2012/01/01 20:00:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdchange.exe

[2012/01/01 20:00:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacAgent.exe

[2012/01/01 20:00:30 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qasf.dll

[2012/01/01 20:00:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rascfg.dll

[2012/01/01 20:00:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QCLIPROV.DLL

[2012/01/01 20:00:30 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasctrs.dll

[2012/01/01 20:00:29 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdv.dll

[2012/01/01 20:00:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qcap.dll

[2012/01/01 20:00:29 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSHVHOST.DLL

[2012/01/01 20:00:29 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QSVRMGMT.DLL

[2012/01/01 20:00:28 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RDPENCDD.dll

[2012/01/01 20:00:28 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regini.exe

[2012/01/01 20:00:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegCtrl.dll

[2012/01/01 20:00:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrleakdiag.exe

[2012/01/01 20:00:27 | 000,975,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RASMM.dll

[2012/01/01 20:00:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raserver.exe

[2012/01/01 20:00:27 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasphone.exe

[2012/01/01 20:00:27 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcfgex.dll

[2012/01/01 20:00:26 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d8.dll

[2012/01/01 20:00:26 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll

[2012/01/01 20:00:26 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dim.dll

[2012/01/01 20:00:26 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\desk.cpl

[2012/01/01 20:00:26 | 000,226,816 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe

[2012/01/01 20:00:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll

[2012/01/01 20:00:25 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll

[2012/01/01 20:00:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbnetlib.dll

[2012/01/01 20:00:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dxof.dll

[2012/01/01 20:00:20 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dinput8.dll

[2012/01/01 20:00:20 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispdiag.exe

[2012/01/01 20:00:20 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diantz.exe

[2012/01/01 20:00:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispci.dll

[2012/01/01 20:00:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll

[2012/01/01 20:00:19 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe

[2012/01/01 20:00:19 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\DfrgNtfs.exe

[2012/01/01 20:00:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfdts.dll

[2012/01/01 20:00:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dispex.dll

[2012/01/01 20:00:18 | 000,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe

[2012/01/01 20:00:18 | 000,096,768 | ---- | C] (Microsoft Corp.) -- C:\Windows\System32\dfrgfat.exe

[2012/01/01 20:00:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DFDWiz.exe

[2012/01/01 20:00:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DHCPQEC.DLL

[2012/01/01 20:00:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpsapi.dll

[2012/01/01 20:00:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgifc.exe

[2012/01/01 20:00:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmcfg32.dll

[2012/01/01 20:00:17 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmipnpinstall.dll

[2012/01/01 20:00:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdl32.exe

[2012/01/01 20:00:17 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmifw.dll

[2012/01/01 20:00:17 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmicryptinstall.dll

[2012/01/01 20:00:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmlua.dll

[2012/01/01 20:00:16 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cic.dll

[2012/01/01 20:00:16 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll

[2012/01/01 20:00:15 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsnap.dll

[2012/01/01 20:00:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comrepl.dll

[2012/01/01 20:00:15 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComputerDefaults.exe

[2012/01/01 20:00:14 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatUI.dll

[2012/01/01 20:00:14 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compstui.dll

[2012/01/01 20:00:14 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompMgmtLauncher.exe

[2012/01/01 20:00:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\convert.exe

[2012/01/01 20:00:13 | 000,686,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorui.dll

[2012/01/01 20:00:13 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COLORCNV.DLL

[2012/01/01 20:00:13 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstp.exe

[2012/01/01 20:00:13 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmutil.dll

[2012/01/01 20:00:13 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cofiredm.dll

[2012/01/01 20:00:13 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmpbk32.dll

[2012/01/01 20:00:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmstplua.dll

[2012/01/01 20:00:12 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\els.dll

[2012/01/01 20:00:10 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentutl.exe

[2012/01/01 20:00:10 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esentprf.dll

[2012/01/01 20:00:09 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll

[2012/01/01 20:00:09 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\efsadu.dll

[2012/01/01 20:00:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EAPQEC.DLL

[2012/01/01 20:00:08 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\filemgmt.dll

[2012/01/01 20:00:08 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fde.dll

[2012/01/01 20:00:08 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fmifs.dll

[2012/01/01 20:00:07 | 002,585,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallControlPanel.exe

[2012/01/01 20:00:07 | 002,249,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Firewall.cpl

[2012/01/01 20:00:07 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll

[2012/01/01 20:00:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findnetprinters.dll

[2012/01/01 20:00:06 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpui.dll

[2012/01/01 20:00:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3ui.dll

[2012/01/01 20:00:06 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\extrac32.exe

[2012/01/01 20:00:06 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\expand.exe

[2012/01/01 20:00:06 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs

[2012/01/01 20:00:06 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eventcls.dll

[2012/01/01 20:00:05 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll

[2012/01/01 20:00:05 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpx.dll

[2012/01/01 20:00:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskmgr.dll

[2012/01/01 20:00:05 | 000,178,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmime.dll

[2012/01/01 20:00:05 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DpiScaling.exe

[2012/01/01 20:00:05 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys

[2012/01/01 20:00:05 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmscript.dll

[2012/01/01 20:00:05 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\driverquery.exe

[2012/01/01 20:00:05 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3gpclnt.dll

[2012/01/01 20:00:05 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmloader.dll

[2012/01/01 20:00:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdskres2.dll

[2012/01/01 20:00:04 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmdlgs.dll

[2012/01/01 20:00:04 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmvdsitf.dll

[2012/01/01 20:00:04 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWWIN.EXE

[2012/01/01 20:00:04 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmview.ocx

[2012/01/01 20:00:04 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnshc.dll

[2012/01/01 20:00:04 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmocx.dll

[2012/01/01 20:00:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmutil.dll

[2012/01/01 20:00:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxapi.sys

[2012/01/01 20:00:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll

[2012/01/01 20:00:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsdmo.dll

[2012/01/01 20:00:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dskquota.dll

[2012/01/01 20:00:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll

[2012/01/01 20:00:02 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsauth.dll

[2012/01/01 20:00:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll

[2012/01/01 20:00:01 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AtBroker.exe

[2012/01/01 20:00:01 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\at.exe

[2012/01/01 20:00:00 | 004,595,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWSnapin.dll

[2012/01/01 20:00:00 | 001,370,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Aurora.scr

[2012/01/01 20:00:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuthFWGP.dll

[2012/01/01 20:00:00 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll

[2012/01/01 20:00:00 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authfwcfg.dll

[2012/01/01 20:00:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe

[2012/01/01 19:59:59 | 000,334,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdedit.exe

[2012/01/01 19:59:59 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsadmin.exe

[2012/01/01 19:59:59 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll

[2012/01/01 19:59:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\bfsvc.exe

[2012/01/01 19:59:59 | 000,028,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\battc.sys

[2012/01/01 19:59:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\batt.dll

[2012/01/01 19:59:58 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdsrv.dll

[2012/01/01 19:59:58 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayApi.dll

[2012/01/01 19:59:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcdprov.dll

[2012/01/01 19:59:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bdasup.sys

[2012/01/01 19:59:57 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroleui.dll

[2012/01/01 19:59:57 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionQueue.dll

[2012/01/01 19:59:57 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ACW.exe

[2012/01/01 19:59:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AzSqlExt.dll

[2012/01/01 19:59:57 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll

[2012/01/01 19:59:56 | 001,405,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActiveContentWizard.dll

[2012/01/01 19:59:56 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aclui.dll

[2012/01/01 19:59:56 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\activeds.tlb

[2012/01/01 19:59:56 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394bus.sys

[2012/01/01 19:59:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apircl.dll

[2012/01/01 19:59:55 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amstream.dll

[2012/01/01 19:59:55 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll

[2012/01/01 19:59:55 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll

[2012/01/01 19:59:54 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsnt.dll

[2012/01/01 19:59:54 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apss.dll

[2012/01/01 19:59:53 | 000,879,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Bubbles.scr

[2012/01/01 19:59:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldp.dll

[2012/01/01 19:59:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\btpanui.dll

[2012/01/01 19:59:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cacls.exe

[2012/01/01 19:59:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcplsdw.dll

[2012/01/01 19:59:51 | 000,024,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BOOTVID.DLL

[2012/01/01 19:59:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capisp.dll

[2012/01/01 19:59:51 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bridgeunattend.exe

[2012/01/01 19:59:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootstr.dll

[2012/01/01 19:59:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollCtrl.exe

[2012/01/01 19:59:49 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2012/01/01 19:59:49 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cewmdm.dll

[2012/01/01 19:59:49 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cfgbkend.dll

[2012/01/01 19:59:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bootcfg.exe

[2012/01/01 19:59:40 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll

[2012/01/01 19:59:39 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetmib1.dll

[2012/01/01 19:59:38 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InfDefaultInstall.exe

[2012/01/01 19:59:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ias.dll

[2012/01/01 19:59:34 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe

[2012/01/01 19:59:30 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifsutil.dll

[2012/01/01 19:59:29 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll

[2012/01/01 19:59:29 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsfiltr.dll

[2012/01/01 19:59:29 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icfupgd.dll

[2012/01/01 19:59:29 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icacls.exe

[2012/01/01 19:59:29 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\idndl.dll

[2012/01/01 19:59:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icsunattend.exe

[2012/01/01 19:59:27 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hlink.dll

[2012/01/01 19:59:27 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll

[2012/01/01 19:59:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hnetmon.dll

[2012/01/01 19:59:23 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedynos.dll

[2012/01/01 19:59:23 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framedyn.dll

[2012/01/01 19:59:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2012/01/01 19:59:23 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fwcfg.dll

[2012/01/01 19:59:23 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fphc.dll

[2012/01/01 19:59:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\fveupdate.exe

[2012/01/01 19:59:23 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\framebuf.dll

[2012/01/01 19:59:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GuidedHelp.dll

[2012/01/01 19:59:22 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2012/01/01 19:59:22 | 000,016,896 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs

[2012/01/01 19:59:21 | 000,498,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2012/01/01 19:59:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HelpPaneProxy.dll

[2012/01/01 19:59:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\getmac.exe

[2012/01/01 19:59:20 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gacinstall.dll

[2012/01/01 19:59:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\g711codc.ax

[2012/01/01 19:59:19 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\graftabl.com

[2012/01/01 19:59:15 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgrade.exe

[2012/01/01 19:59:14 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaacmgr.exe

[2012/01/01 19:59:13 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadefui.dll

[2012/01/01 19:59:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiadss.dll

[2012/01/01 19:59:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wfapigp.dll

[2012/01/01 19:59:12 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiascanprofiles.dll

[2012/01/01 19:59:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiarpc.dll

[2012/01/01 19:59:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSRPC.DLL

[2012/01/01 19:59:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll

[2012/01/01 19:59:11 | 000,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSATAPI.dll

[2012/01/01 19:59:10 | 000,628,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanConn.dll

[2012/01/01 19:59:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlancfg.dll

[2012/01/01 19:59:10 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winethc.dll

[2012/01/01 19:59:09 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe

[2012/01/01 19:59:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll

[2012/01/01 19:59:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wbemcomn.dll

[2012/01/01 19:59:07 | 000,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wavemsp.dll

[2012/01/01 19:59:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32tm.exe

[2012/01/01 19:59:07 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WavDest.dll

[2012/01/01 19:59:06 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssadmin.exe

[2012/01/01 19:59:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\waitfor.exe

[2012/01/01 19:59:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vss_ps.dll

[2012/01/01 19:59:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

[2012/01/01 19:59:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\werdiagcontroller.dll

[2012/01/01 19:59:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wertargets.wtl

[2012/01/01 19:59:01 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscmisetup.dll

[2012/01/01 19:59:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll

[2012/01/01 19:59:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscproxystub.dll

[2012/01/01 19:59:00 | 001,295,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsecedit.dll

[2012/01/01 19:59:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll

[2012/01/01 19:59:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll

[2012/01/01 19:58:59 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpdwcn.dll

[2012/01/01 19:58:59 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpclsp.dll

[2012/01/01 19:58:59 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpnpinst.exe

[2012/01/01 19:58:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xcopy.exe

[2012/01/01 19:58:58 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactsrv.dll

[2012/01/01 19:58:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll

[2012/01/01 19:58:57 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wvc.dll

[2012/01/01 19:58:57 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll

[2012/01/01 19:58:57 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe

[2012/01/01 19:58:57 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll

[2012/01/01 19:58:57 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wzcdlg.dll

[2012/01/01 19:58:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlprovi.dll

[2012/01/01 19:58:56 | 001,675,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpssvcs.dll

[2012/01/01 19:58:56 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll

[2012/01/01 19:58:55 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwizards.dll

[2012/01/01 19:58:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSTPager.ax

[2012/01/01 19:58:54 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmidx.dll

[2012/01/01 19:58:54 | 000,041,472 | ---- | C] (Microsoft) -- C:\Windows\System32\WlanMmHC.dll

[2012/01/01 19:58:54 | 000,017,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmilib.sys

[2012/01/01 19:58:53 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOE.DLL

[2012/01/01 19:58:53 | 000,913,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WlanMM.dll

[2012/01/01 19:58:53 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMADMOD.DLL

[2012/01/01 19:58:53 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlandlg.dll

[2012/01/01 19:58:53 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmdev.dll

[2012/01/01 19:58:53 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmnet.dll

[2012/01/01 19:58:53 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL

[2012/01/01 19:58:53 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WLanHC.dll

[2012/01/01 19:58:52 | 001,329,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOE.DLL

[2012/01/01 19:58:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpsrcwp.dll

[2012/01/01 19:58:50 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL

[2012/01/01 19:58:50 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSENCD.DLL

[2012/01/01 19:58:50 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmvdspa.dll

[2012/01/01 19:58:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmiprop.dll

[2012/01/01 19:58:48 | 001,642,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPEncEn.dll

[2012/01/01 19:58:47 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpcm.dll

[2012/01/01 19:58:45 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabbtn.dll

[2012/01/01 19:58:45 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systeminfo.exe

[2012/01/01 19:58:41 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll

[2012/01/01 19:58:41 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tasklist.exe

[2012/01/01 19:58:41 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskkill.exe

[2012/01/01 19:58:41 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tbs.dll

[2012/01/01 19:58:40 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabletPC.cpl

[2012/01/01 19:58:40 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TapiMigPlugin.dll

[2012/01/01 19:58:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabcal.exe

[2012/01/01 19:58:40 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabbtnEx.dll

[2012/01/01 19:58:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tape.sys

[2012/01/01 19:58:40 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdi.sys

[2012/01/01 19:58:39 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlcese30.dll

[2012/01/01 19:58:39 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srrstr.dll

[2012/01/01 19:58:39 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqmapi.dll

[2012/01/01 19:58:39 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\takeown.exe

[2012/01/01 19:58:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe

[2012/01/01 19:58:38 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlceqp30.dll

[2012/01/01 19:58:38 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssText3d.scr

[2012/01/01 19:58:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SSShim.dll

[2012/01/01 19:58:38 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srwmi.dll

[2012/01/01 19:58:37 | 008,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ssBranded.scr

[2012/01/01 19:58:36 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizeng.dll

[2012/01/01 19:58:36 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe

[2012/01/01 19:58:36 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spbcd.dll

[2012/01/01 19:58:35 | 008,322,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizimg.dll

[2012/01/01 19:58:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012/01/01 19:58:35 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sppnp.dll

[2012/01/01 19:58:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spopk.dll

[2012/01/01 19:58:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizres.dll

[2012/01/01 19:58:34 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll

[2012/01/01 19:58:34 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxstrace.exe

[2012/01/01 19:58:34 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sxsstore.dll

[2012/01/01 19:58:33 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sti_ci.dll

[2012/01/01 19:58:33 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syssetup.dll

[2012/01/01 19:58:33 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\syskey.exe

[2012/01/01 19:58:32 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbui.dll

[2012/01/01 19:58:32 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe

[2012/01/01 19:58:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usbperf.dll

[2012/01/01 19:58:31 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xwtpw32.dll

[2012/01/01 19:58:31 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga256.dll

[2012/01/01 19:58:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnpcont.exe

[2012/01/01 19:58:31 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vga.dll

[2012/01/01 19:58:31 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2012/01/01 19:58:30 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VAN.dll

[2012/01/01 19:58:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VIDRESZR.DLL

[2012/01/01 19:58:30 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VBICodec.ax

[2012/01/01 19:58:30 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uudf.dll

[2012/01/01 19:58:30 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\videoprt.sys

[2012/01/01 19:58:30 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbisurf.ax