Dayplayer Posted December 13, 2010 ID:360231 Share Posted December 13, 2010 Hello im new here and this is my first post my pc has been infected by some weird problems lately, starting from random bsod's, self restarting,occasional lags, and the most annoying one is programs closing/crashing on its own without any notice..i have reformatted the pc, reinstalled the latest graphic driver but to no good result by the way here is the mbam test result..Database version: 5304Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/13/2010 2:23:25 AMmbam-log-2010-12-13 (02-23-25).txtScan type: Quick scanObjects scanned: 127611Time elapsed: 7 minute(s), 2 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:c:\documents and settings\Admin\my documents\downloads\evid4226patch.exe (Malware.Tool) -> Quarantined and deleted successfully.your help is highly appreciated Link to post Share on other sites More sharing options...
kahdah Posted December 13, 2010 ID:360299 Share Posted December 13, 2010 Hello DayplayerWelcome to Malwarebytes.Sounds more like a hardware or software issue to me.I will look at the logs to see if they provide any type of sign as to what is going on.=====================Download OTL to your desktop.Double click on OTL to run it.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as Results.log and copy/paste the contents in your next reply.Exit the program and re-enable all active protection when done. Link to post Share on other sites More sharing options...
Dayplayer Posted December 13, 2010 Author ID:360347 Share Posted December 13, 2010 hi, thanks for the response these are the txt you askedThe otl textOTL logfile created on: 12/13/2010 7:21:20 AM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Admin\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,022.00 Mb Total Physical Memory | 646.00 Mb Available Physical Memory | 63.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 53.71 Gb Total Space | 38.89 Gb Free Space | 72.40% Space Free | Partition Type: NTFSDrive D: | 20.81 Gb Total Space | 20.61 Gb Free Space | 99.08% Space Free | Partition Type: NTFSComputer Name: DELUXE | User Name: Admin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)PRC - C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe (IObit)PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)========== Modules (SafeList) ==========MOD - C:\Documents and Settings\Admin\My Documents\Downloads\OTL.exe (OldTimer Tools)MOD - C:\Program Files\IObitBar\toolbar\1.bin\i0brstub.dll (IObit)MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not foundSRV - (IObitBarService) -- C:\Program Files\IObitBar\toolbar\1.bin\i0barsvc.exe (IObit)SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)========== Driver Services (SafeList) ==========DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()DRV - (ip100xp) -- C:\WINDOWS\system32\drivers\ipfnd51.sys (IC Plus Corp. )DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)========== Standard Registry (All) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKCU\..\URLSearchHook: {7757CBCC-0975-4b79-A519-90B142CA3A23} - C:\Program Files\IObitBar\toolbar\1.bin\i0SrcAs.dll (IObit)IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..extensions.enabledItems: i0ffxtbr@IObitBar.com:1.1FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/08 23:56:04 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Firefox\extensions\\i0ffxtbr@IObitBar.com: C:\Program Files\IObitBar\toolbar\1.bin [2010/12/10 16:07:48 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 03:35:50 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/13 03:35:50 | 000,000,000 | ---D | M][2010/12/09 00:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions[2010/12/09 00:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2010/12/09 00:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\dlxzbpsl.default\extensions[2010/12/09 00:27:29 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions[2010/12/13 03:35:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2010/12/13 03:35:28 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll[2010/12/13 03:35:28 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll[2010/12/13 03:35:37 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL[2008/06/11 22:45:28 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll[2010/02/02 10:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll[2010/02/02 10:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll[2010/12/13 03:35:38 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml[2010/12/13 03:35:38 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml[2010/12/13 03:35:38 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml[2010/12/13 03:35:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml[2010/12/13 03:35:38 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml[2010/12/13 03:35:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml[2010/12/13 03:35:38 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xmlO1 HOSTS File: ([2009/04/14 18:13:00 | 000,000,780 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: 127.0.0.1 mpa.one.microsoft.comO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Toolbar BHO) - {EFA17361-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)O3 - HKLM\..\Toolbar: (IObit Toolbar) - {EFA17369-CDC0-4927-9AFC-BAAD1F96B2AE} - C:\Program Files\IObitBar\toolbar\1.bin\i0bar.dll (IObit)O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)O4 - HKLM..\Run: [iObitBar Browser Plugin Loader] C:\Program Files\IObitBar\toolbar\1.bin\i0brmon.exe (IObit)O4 - HKLM..\Run: [KernelFaultCheck] File not foundO4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()O4 - HKLM..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 159O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Handler\msdaipp - No CLSID value foundO18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)O24 - Desktop Components:0 (My Current Home Page) - About:HomeO24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2010/12/08 23:48:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O33 - MountPoints2\G\Shell - "" = AutoRunO33 - MountPoints2\G\Shell\AutoRun - "" = Auto&PlayO33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\DVD-W.exe -- File not foundO34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2010/12/13 05:01:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent[2010/12/13 02:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes[2010/12/13 02:00:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/12/13 02:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/12/13 02:00:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2010/12/13 02:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/12/12 10:34:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt[2010/12/12 09:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX[2010/12/12 05:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Corel User Files[2010/12/12 05:24:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Corel[2010/12/12 05:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis[2010/12/12 05:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel[2010/12/12 05:18:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel[2010/12/12 05:17:33 | 000,000,000 | ---D | C] -- C:\Program Files\Corel[2010/12/12 04:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite[2010/12/12 04:08:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools[2010/12/12 03:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo[2010/12/12 02:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation[2010/12/12 02:34:31 | 014,532,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll[2010/12/12 02:34:31 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll[2010/12/12 02:34:31 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll[2010/12/12 02:34:30 | 004,882,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll[2010/12/12 02:34:30 | 002,932,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll[2010/12/12 02:34:30 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll[2010/12/12 02:34:30 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll[2010/12/12 02:34:27 | 013,012,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll[2010/12/12 02:34:27 | 009,623,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys[2010/12/12 02:34:27 | 006,359,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll[2010/12/12 02:34:27 | 001,462,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll[2010/12/12 02:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation[2010/12/12 02:32:47 | 000,000,000 | ---D | C] -- C:\NVIDIA[2010/12/11 10:40:52 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS[2010/12/10 23:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\minidump[2010/12/10 19:14:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch[2010/12/10 16:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\IObitBar[2010/12/10 16:07:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\IObit[2010/12/10 16:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\IObit[2010/12/09 18:02:49 | 000,026,752 | R--- | C] (IC Plus Corp. ) -- C:\WINDOWS\System32\drivers\ipfnd51.sys[2010/12/09 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Luna Online Indonesia[2010/12/09 10:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR[2010/12/09 10:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Identities[2010/12/09 10:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Ahead[2010/12/09 10:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Ahead[2010/12/09 10:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead[2010/12/09 10:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData[2010/12/09 09:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nero[2010/12/09 09:59:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero[2010/12/09 09:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead[2010/12/09 09:41:34 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll[2010/12/09 09:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works[2010/12/09 09:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio[2010/12/09 09:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER[2010/12/09 09:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET[2010/12/09 09:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\tugas[2010/12/09 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8[2010/12/09 08:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles[2010/12/09 06:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Opera[2010/12/09 06:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Opera[2010/12/09 06:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Opera[2010/12/09 06:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Downloads[2010/12/09 06:01:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER[2010/12/09 01:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\ACD Systems[2010/12/09 01:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ACD Systems[2010/12/09 01:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems[2010/12/09 01:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems[2010/12/09 01:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems[2010/12/09 01:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Downloaded Installations[2010/12/09 01:09:18 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe[2010/12/09 01:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Macromedia[2010/12/09 01:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Adobe[2010/12/09 01:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe[2010/12/09 01:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe[2010/12/09 01:04:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe[2010/12/09 00:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla[2010/12/09 00:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla[2010/12/09 00:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo![2010/12/09 00:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW[2010/12/09 00:31:43 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll[2010/12/09 00:31:42 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll[2010/12/09 00:31:42 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll[2010/12/09 00:31:40 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll[2010/12/09 00:31:28 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm[2010/12/09 00:31:26 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm[2010/12/09 00:31:25 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll[2010/12/09 00:31:22 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll[2010/12/09 00:31:22 | 000,547,576 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll[2010/12/09 00:31:22 | 000,510,712 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll[2010/12/09 00:31:22 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll[2010/12/09 00:31:22 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll[2010/12/09 00:31:22 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll[2010/12/09 00:31:22 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe[2010/12/09 00:31:22 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe[2010/12/09 00:31:22 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe[2010/12/09 00:31:22 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll[2010/12/09 00:31:22 | 000,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys[2010/12/09 00:31:22 | 000,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys[2010/12/09 00:31:21 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll[2010/12/09 00:31:12 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll[2010/12/09 00:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft Help[2010/12/09 00:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp[2010/12/09 00:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Winamp[2010/12/09 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack[2010/12/09 00:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office[2010/12/09 00:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help[2010/12/09 00:29:32 | 000,000,000 | RH-D | C] -- C:\MSOCache[2010/12/09 00:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2010/12/09 00:16:51 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqmapi.dll[2010/12/09 00:16:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui[2010/12/09 00:16:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui[2010/12/09 00:16:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui[2010/12/09 00:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Identities[2010/12/09 00:15:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Music[2010/12/09 00:15:39 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information[2010/12/09 00:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents\My Pictures[2010/12/09 00:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition[2010/12/09 00:13:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft[2010/12/09 00:13:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Application Data\Microsoft[2010/12/09 00:13:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\SendTo[2010/12/09 00:13:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Application Data[2010/12/09 00:13:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Start Menu[2010/12/09 00:13:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\My Documents[2010/12/09 00:13:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Favorites[2010/12/09 00:13:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IETldCache[2010/12/09 00:13:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\Cookies[2010/12/09 00:13:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Templates[2010/12/09 00:13:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\PrintHood[2010/12/09 00:13:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\NetHood[2010/12/09 00:13:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admin\Local Settings[2010/12/09 00:13:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop[2010/12/09 00:12:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft[2010/12/09 00:12:46 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft[2010/12/08 23:55:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft[2010/12/08 23:55:28 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft[2010/12/08 23:54:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer[2010/12/08 23:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild[2010/12/08 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies[2010/12/08 23:53:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly[2010/12/08 23:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET[2010/12/08 23:52:27 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll[2010/12/08 23:52:27 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll[2010/12/08 23:52:19 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll[2010/12/08 23:52:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll[2010/12/08 23:52:14 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe[2010/12/08 23:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight[2010/12/08 23:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe[2010/12/08 23:50:17 | 000,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010/12/08 23:50:17 | 000,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010/12/08 23:50:17 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010/12/08 23:50:17 | 000,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010/12/08 23:50:17 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010/12/08 23:50:17 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft[2010/12/08 23:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2010/12/08 23:49:36 | 000,717,296 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys[2010/12/08 23:49:27 | 000,232,640 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATLST.OCX[2010/12/08 23:49:27 | 000,119,808 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msstdfmt.dll[2010/12/08 23:49:27 | 000,067,376 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SYSINFO.OCX[2010/12/08 23:49:26 | 001,351,392 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCTL32.OCX[2010/12/08 23:49:26 | 000,275,216 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDATGRD.OCX[2010/12/08 23:49:26 | 000,200,496 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DBLIST32.OCX[2010/12/08 23:49:26 | 000,198,848 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MCI32.OCX[2010/12/08 23:49:26 | 000,164,144 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX[2010/12/08 23:49:26 | 000,152,848 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX[2010/12/08 23:49:26 | 000,083,144 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX[2010/12/08 23:49:26 | 000,004,608 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF32.DLL[2010/12/08 23:49:26 | 000,002,272 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF16.DLL[2010/12/08 23:49:25 | 001,071,088 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.ocx[2010/12/08 23:49:25 | 000,662,288 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX[2010/12/08 23:49:25 | 000,260,880 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX[2010/12/08 23:49:25 | 000,132,880 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX[2010/12/08 23:49:25 | 000,103,744 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX[2010/12/08 23:49:23 | 000,416,528 | --S- | C] (Microsoft Corporation ) -- C:\WINDOWS\System32\COMCT332.OCX[2010/12/08 23:49:22 | 000,224,016 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Tabctl32.ocx[2010/12/08 23:49:22 | 000,212,240 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX[2010/12/08 23:49:22 | 000,166,600 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMASK32.OCX[2010/12/08 23:49:22 | 000,124,688 | --S- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX[2010/12/08 23:49:16 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll[2010/12/08 23:49:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$[2010/12/08 23:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Alky for Applications[2010/12/08 23:48:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll[2010/12/08 23:48:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache[2010/12/08 23:46:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM[2010/12/08 23:45:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures[2010/12/08 23:45:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music[2010/12/08 23:45:20 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate[2010/12/08 23:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services[2010/12/08 23:44:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2[2010/12/08 23:44:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll[2010/12/08 23:44:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll[2010/12/08 23:44:16 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll[2010/12/08 23:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services[2010/12/08 23:44:11 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks[2010/12/08 23:44:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll[2010/12/08 23:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap[2010/12/08 23:43:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed[2010/12/08 23:43:48 | 000,317,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll[2010/12/08 23:43:48 | 000,191,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll[2010/12/08 23:43:46 | 000,343,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe[2010/12/08 23:43:46 | 000,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll[2010/12/08 23:43:44 | 000,555,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll[2010/12/08 23:43:44 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll[2010/12/08 23:43:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll[2010/12/08 23:43:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll[2010/12/08 23:43:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll[2010/12/08 23:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker[2010/12/08 23:43:33 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll[2010/12/08 23:43:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll[2010/12/08 23:43:33 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll[2010/12/08 23:43:33 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll[2010/12/08 23:43:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe[2010/12/08 23:43:21 | 000,581,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll[2010/12/08 23:43:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore[2010/12/08 23:43:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll[2010/12/08 23:43:16 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll[2010/12/08 23:43:16 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll[2010/12/08 23:43:15 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll[2010/12/08 23:43:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll[2010/12/08 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting[2010/12/08 23:43:03 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll[2010/12/08 23:43:03 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll[2010/12/08 23:43:01 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll[2010/12/08 23:42:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe[2010/12/08 23:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express[2010/12/08 23:42:54 | 000,925,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll[2010/12/08 23:42:54 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll[2010/12/08 23:42:54 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll[2010/12/08 23:42:54 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll[2010/12/08 23:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System[2010/12/08 23:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer[2010/12/08 23:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage[2010/12/08 23:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications[2010/12/08 23:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration[2010/12/08 23:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player[2010/12/08 23:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\VistaExperience.org[2010/12/08 23:38:07 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll[2010/12/08 23:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar[2010/12/08 23:37:59 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winUsbCoinstaller.dll[2010/12/08 23:37:58 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll[2010/12/08 23:37:57 | 001,302,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WUDFUpdate_01007.dll[2010/12/08 23:37:57 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\UMDF\wudfusbcciddriver.dll[2010/12/08 23:37:51 | 000,922,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll[2010/12/08 23:37:51 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll[2010/12/08 23:37:50 | 000,192,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_ssp_isv.dll[2010/12/08 23:37:50 | 000,192,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_ssp.dll[2010/12/08 23:37:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM[2010/12/08 23:37:49 | 000,358,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_ssp.exe[2010/12/08 23:37:49 | 000,354,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_ssp_isv.exe[2010/12/08 23:37:48 | 000,531,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate_isv.exe[2010/12/08 23:37:46 | 000,523,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RmActivate.exe[2010/12/08 23:37:46 | 000,519,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc_isv.dll[2010/12/08 23:37:45 | 000,518,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SecProc.dll[2010/12/08 23:37:45 | 000,323,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdrm.dll[2010/12/08 23:37:45 | 000,088,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll[2010/12/08 23:37:43 | 000,934,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe[2010/12/08 23:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0[2010/12/08 23:37:42 | 000,263,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll[2010/12/08 23:37:42 | 000,142,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MicrosoftUpdateCatalogWebControl.dll[2010/12/08 23:37:42 | 000,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui[2010/12/08 23:37:42 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe[2010/12/08 23:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution[2010/12/08 23:37:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall[2010/12/08 23:37:38 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe[2010/12/08 23:37:35 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe[2010/12/08 23:37:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll[2010/12/08 23:37:35 | 000,043,520 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll[2010/12/08 23:37:35 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll[2010/12/08 23:37:34 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll[2010/12/08 23:37:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe[2010/12/08 23:37:27 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll[2010/12/08 23:37:26 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe[2010/12/08 23:37:26 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe[2010/12/08 23:37:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe[2010/12/08 23:37:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe[2010/12/08 23:37:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe[2010/12/08 23:37:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe[2010/12/08 23:37:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe[2010/12/08 23:37:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe[2010/12/08 23:37:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe[2010/12/08 23:37:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe[2010/12/08 23:37:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe[2010/12/08 23:37:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll[2010/12/08 23:37:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe[2010/12/08 23:37:24 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe[2010/12/08 23:37:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll[2010/12/08 23:37:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe[2010/12/08 23:37:12 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe[2010/12/08 23:37:11 | 001,085,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl[2010/12/08 23:37:10 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe[2010/12/08 23:37:09 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe[2010/12/08 23:37:08 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll[2010/12/08 23:37:07 | 000,432,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe[2010/12/08 23:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT[2010/12/08 23:37:04 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe[2010/12/08 23:37:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll[2010/12/08 23:37:00 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll[2010/12/08 23:37:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll[2010/12/08 23:36:59 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll[2010/12/08 23:36:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe[2010/12/08 23:36:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe[2010/12/08 23:36:56 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll[2010/12/08 23:36:55 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll[2010/12/08 23:36:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe[2010/12/08 23:36:55 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll[2010/12/08 23:36:54 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe[2010/12/08 23:36:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll[2010/12/08 23:36:53 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll[2010/12/08 23:36:53 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll[2010/12/08 23:36:53 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll[2010/12/08 23:36:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc[2010/12/08 23:36:52 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll[2010/12/08 23:36:51 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll[2010/12/08 23:36:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll[2010/12/08 23:36:51 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll[2010/12/08 23:36:49 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll[2010/12/08 23:36:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe[2010/12/08 23:36:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll[2010/12/08 23:36:47 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll[2010/12/08 23:36:47 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll[2010/12/08 23:36:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll[2010/12/08 23:36:47 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll[2010/12/08 23:36:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll[2010/12/08 23:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com[2010/12/08 23:36:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll[2010/12/08 23:36:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll[2010/12/08 23:36:45 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll[2010/12/08 23:36:45 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll[2010/12/08 23:36:44 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll[2010/12/08 23:36:43 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll[2010/12/08 23:36:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll[2010/12/08 23:36:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll[2010/12/08 23:36:26 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll[2010/12/08 23:36:26 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll[2010/12/08 23:36:25 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll[2010/12/08 23:36:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos[2010/12/08 15:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices[2010/12/08 15:34:28 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys[2010/12/08 15:34:28 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys[2010/12/08 15:34:26 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax[2010/12/08 15:34:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll[2010/12/08 15:33:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview[2010/12/08 15:32:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll[2010/12/08 15:29:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer[2010/12/08 15:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC[2010/12/08 15:29:03 | 000,000,000 | R--D | C] -- C:\Program Files[2010/12/08 15:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines[2010/12/08 15:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared[2010/12/08 15:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files[2010/12/08 15:28:54 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll[2010/12/08 15:28:54 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll[2010/12/08 15:28:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll[2010/12/08 15:28:48 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll[2010/12/08 15:28:48 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll[2010/12/08 15:28:48 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll[2010/12/08 15:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll[2010/12/08 15:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll[2010/12/08 15:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll[2010/12/08 15:28:47 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll[2010/12/08 15:28:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll[2010/12/08 15:28:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll[2010/12/08 15:28:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll[2010/12/08 15:28:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll[2010/12/08 15:28:46 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll[2010/12/08 15:28:42 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll[2010/12/08 15:28:42 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll[2010/12/08 15:28:42 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll[2010/12/08 15:28:42 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll[2010/12/08 15:28:41 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll[2010/12/08 15:28:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll[2010/12/08 15:28:41 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll[2010/12/08 15:28:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll[2010/12/08 15:28:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll[2010/12/08 15:28:37 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll[2010/12/08 15:28:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll[2010/12/08 15:28:37 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll[2010/12/08 15:28:34 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll[2010/12/08 15:28:34 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL[2010/12/08 15:28:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll[2010/12/08 15:28:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll[2010/12/08 15:28:34 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll[2010/12/08 15:28:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll[2010/12/08 15:28:29 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV[2010/12/08 15:28:29 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL[2010/12/08 15:28:29 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV[2010/12/08 15:28:28 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL[2010/12/08 15:28:28 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL[2010/12/08 15:28:28 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL[2010/12/08 15:28:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL[2010/12/08 15:28:28 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV[2010/12/08 15:28:28 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV[2010/12/08 15:28:28 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV[2010/12/08 15:28:26 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL[2010/12/08 15:28:26 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV[2010/12/08 15:28:26 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV[2010/12/08 15:28:26 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV[2010/12/08 15:28:26 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK[2010/12/08 15:28:25 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL[2010/12/08 15:28:25 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV[2010/12/08 15:28:25 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL[2010/12/08 15:28:25 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL[2010/12/08 15:28:25 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL[2010/12/08 15:28:25 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV[2010/12/08 15:28:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll[2010/12/08 15:28:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE[2010/12/08 15:28:22 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV[2010/12/08 15:28:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll[2010/12/08 15:28:21 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL[2010/12/08 15:28:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu[2010/12/08 15:28:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents[2010/12/08 15:28:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates[2010/12/08 15:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites[2010/12/08 15:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop[2010/12/08 15:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2[2010/12/08 15:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot[2010/12/08 15:27:33 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft[2010/12/08 15:27:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data[2010/12/08 15:25:20 | 000,392,960 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys[2010/12/08 15:25:17 | 000,304,640 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys[2010/12/08 15:25:16 | 000,028,160 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll[2010/12/08 15:25:13 | 000,765,952 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System\crlds3d.dll[2010/12/08 15:25:08 | 000,065,536 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll[2010/12/08 15:23:37 | 000,117,120 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys[2010/12/08 15:23:35 | 000,009,728 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\RtNicProp32.dll[2010/12/08 15:19:41 | 006,058,112 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_dispBACKUP.dll[2010/12/08 15:18:52 | 000,027,904 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\VIAAGP1.SYS[2010/12/08 15:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings[2010/12/08 15:18:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010/12/08 15:07:57 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts[2010/12/08 15:07:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web[2010/12/08 15:07:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages[2010/12/08 15:07:57 | 000,000,000 | R--D | C] -- C:\WINDOWS\Downloaded Program Files[2010/12/08 15:07:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\system[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\security[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\java[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028[2010/12/08 15:07:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025========== Files - Modified Within 30 Days ==========[2010/12/13 07:16:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2010/12/13 07:16:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2010/12/13 05:00:51 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Admin\defogger_reenable[2010/12/13 02:49:41 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Luna Online Indonesia.lnk[2010/12/13 02:00:38 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/12/12 09:32:09 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/12/12 09:32:09 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/12/12 09:32:00 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/12/12 05:49:57 | 000,272,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/12/12 05:39:21 | 000,278,131 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\Tugas remedial - radian priambodo - XI A 2.cdr[2010/12/12 05:28:26 | 000,039,669 | ---- | M] () -- C:\WINDOWS\FontData.fdb[2010/12/12 05:25:08 | 000,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys[2010/12/12 05:25:08 | 000,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\6050E01D68.sys[2010/12/12 04:08:59 | 000,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk[2010/12/12 03:57:03 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Finish Downloading Brothersoft Download Manager.lnk[2010/12/12 02:34:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk[2010/12/11 10:40:52 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS[2010/12/10 16:08:05 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk[2010/12/09 10:14:30 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk[2010/12/09 10:14:30 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk[2010/12/09 10:14:30 | 000,002,279 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk[2010/12/09 06:48:27 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk[2010/12/09 06:48:27 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk[2010/12/09 06:39:40 | 000,000,080 | ---- | M] () -- C:\Documents and Settings\Admin\default.pls[2010/12/09 06:34:34 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini[2010/12/09 01:56:11 | 000,002,088 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 10 Photo Manager.lnk[2010/12/09 01:10:55 | 000,000,998 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk[2010/12/09 01:05:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2010/12/09 00:34:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat[2010/12/09 00:32:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk[2010/12/09 00:32:43 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk[2010/12/09 00:27:30 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/12/09 00:27:30 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/12/09 00:19:29 | 000,414,490 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2010/12/09 00:19:29 | 000,061,512 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2010/12/09 00:16:47 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf[2010/12/09 00:16:46 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/12/09 00:03:23 | 000,001,400 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf[2010/12/08 23:50:09 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll[2010/12/08 23:50:09 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe[2010/12/08 23:50:09 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe[2010/12/08 23:50:09 | 000,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe[2010/12/08 23:50:09 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl[2010/12/08 23:49:38 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys[2010/12/08 23:49:34 | 000,002,156 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat[2010/12/08 23:49:21 | 000,635,337 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe[2010/12/08 23:48:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT[2010/12/08 23:48:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2010/12/08 23:48:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS[2010/12/08 23:48:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS[2010/12/08 23:48:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT[2010/12/08 23:48:33 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb[2010/12/08 23:48:33 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb[2010/12/08 23:48:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx[2010/12/08 23:48:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI[2010/12/08 23:41:43 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat[2010/12/08 23:35:40 | 000,000,232 | -HS- | M] () -- C:\boot.ini[2010/12/08 15:29:23 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys========== Files Created - No Company Name ==========[2010/12/13 05:00:38 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Admin\defogger_reenable[2010/12/13 02:49:41 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Luna Online Indonesia.lnk[2010/12/13 02:00:38 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/12/12 05:39:21 | 000,278,131 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\Tugas remedial - radian priambodo - XI A 2.cdr[2010/12/12 05:28:17 | 000,039,669 | ---- | C] () -- C:\WINDOWS\FontData.fdb[2010/12/12 05:24:15 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys[2010/12/12 05:24:15 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\6050E01D68.sys[2010/12/12 04:08:59 | 000,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk[2010/12/12 03:57:03 | 000,000,983 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Finish Downloading Brothersoft Download Manager.lnk[2010/12/12 02:34:51 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin[2010/12/12 02:34:48 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin[2010/12/12 02:34:47 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin[2010/12/12 02:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk[2010/12/12 02:34:30 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin[2010/12/12 02:34:27 | 000,003,739 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb[2010/12/10 16:08:04 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk[2010/12/09 10:14:30 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk[2010/12/09 10:14:30 | 000,002,373 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk[2010/12/09 10:14:30 | 000,002,279 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home Essentials SE.lnk[2010/12/09 06:48:27 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk[2010/12/09 06:48:27 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk[2010/12/09 06:26:07 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Admin\default.pls[2010/12/09 06:25:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini[2010/12/09 01:56:11 | 000,002,088 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 10 Photo Manager.lnk[2010/12/09 01:10:55 | 000,000,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk[2010/12/09 01:05:02 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk[2010/12/09 00:34:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat[2010/12/09 00:32:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk[2010/12/09 00:32:43 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk[2010/12/09 00:31:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll[2010/12/09 00:31:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini[2010/12/09 00:31:28 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml[2010/12/09 00:31:25 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll[2010/12/09 00:31:25 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll[2010/12/09 00:31:21 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll[2010/12/09 00:31:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll[2010/12/09 00:27:30 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk[2010/12/09 00:27:30 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk[2010/12/09 00:16:47 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf[2010/12/09 00:16:46 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2010/12/09 00:03:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2010/12/08 23:55:41 | 000,068,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat[2010/12/08 23:49:22 | 000,635,337 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe[2010/12/08 23:49:22 | 000,002,156 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat[2010/12/08 23:48:38 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT[2010/12/08 23:48:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS[2010/12/08 23:48:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS[2010/12/08 23:48:38 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS[2010/12/08 23:48:38 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT[2010/12/08 23:48:19 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb[2010/12/08 23:48:19 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb[2010/12/08 23:48:17 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx[2010/12/08 23:41:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat[2010/12/08 23:37:25 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h[2010/12/08 23:37:25 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd[2010/12/08 23:37:24 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h[2010/12/08 23:37:13 | 000,062,694 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc[2010/12/08 15:29:23 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF[2010/12/08 15:29:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI[2010/12/08 15:28:24 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT[2010/12/08 15:18:52 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys[2010/12/08 15:18:24 | 000,272,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2010/12/08 15:16:42 | 000,000,232 | -HS- | C] () -- C:\boot.ini[2010/12/08 15:16:39 | 000,001,400 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf[2009/04/15 12:39:56 | 000,002,245 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini========== LOP Check ==========[2010/12/09 01:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ACD Systems[2010/12/12 04:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DAEMON Tools[2010/12/12 03:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo[2010/12/10 19:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\IObit[2010/12/09 06:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera[2010/12/09 01:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems========== Purity Check ==========< End of report > Link to post Share on other sites More sharing options...
kahdah Posted December 13, 2010 ID:360429 Share Posted December 13, 2010 Ok can you post the extra's .txt please and the gmer log if you can. Link to post Share on other sites More sharing options...
Dayplayer Posted December 13, 2010 Author ID:360455 Share Posted December 13, 2010 here's the extraOTL Extras logfile created on: 12/13/2010 7:21:20 AM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Admin\My Documents\DownloadsWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1,022.00 Mb Total Physical Memory | 646.00 Mb Available Physical Memory | 63.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 53.71 Gb Total Space | 38.89 Gb Free Space | 72.40% Space Free | Partition Type: NTFSDrive D: | 20.81 Gb Total Space | 20.61 Gb Free Space | 99.08% Space Free | Partition Type: NTFSComputer Name: DELUXE | User Name: Admin | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>][HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [Open New Window] -- explorer %1 (Microsoft Corporation)Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 4[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0"DoNotAllowExceptions" = 0"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Photoshop 7.0" = Adobe Photoshop 7.0"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"Advanced SystemCare 3_is1" = Advanced SystemCare 3"Atlantica" = Atlantica"ENTERPRISE" = Microsoft Office Enterprise 2007"IObitBartoolbar Uninstall" = IObit Toolbar"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"VB Runtimes Pack, release 7_is1" = VB Runtimes Pack, release 7"Winamp" = Winamp"Windows Sidebar" = Windows Sidebar"WinRAR archiver" = WinRAR archiver========== Last 10 Event Log Errors ==========[ Application Events ]Error - 12/11/2010 10:32:22 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/11/2010 12:20:11 PM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/11/2010 1:08:06 PM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 4:50:37 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 4:57:07 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 6:31:07 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 6:39:44 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 9:51:16 AM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 2:04:14 PM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error - 12/12/2010 2:10:52 PM | Computer Name = DELUXE | Source = crypt32 | ID = 131080Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. [ OSession Events ]Error - 12/9/2010 1:52:45 PM | Computer Name = DELUXE | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 99 seconds with 60 seconds of active time. This session ended with a crash.[ System Events ]Error - 12/12/2010 8:45:08 PM | Computer Name = DELUXE | Source = Disk | ID = 262151Description = The device, \Device\Harddisk0\D, has a bad block.Error - 12/13/2010 8:02:24 AM | Computer Name = DELUXE | Source = Sr | ID = 1Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.Error - 12/13/2010 9:24:47 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 9:24:50 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 9:25:00 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 9:48:18 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 9:53:49 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 9:53:49 AM | Computer Name = DELUXE | Source = atapi | ID = 262155Description = The driver detected a controller error on \Device\Ide\IdePort0.Error - 12/13/2010 11:07:23 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.Error - 12/13/2010 11:07:24 AM | Computer Name = DELUXE | Source = atapi | ID = 262153Description = The device, \Device\Ide\IdePort0, did not respond within the timeout period.< End of report >i can't seem to post both extra and result log due to the length of post so i'll attach the gmerresults.log Link to post Share on other sites More sharing options...
kahdah Posted December 14, 2010 ID:360785 Share Posted December 14, 2010 That is fine I see no sign of any malware at all.What is the computer doing?How often do you get blue screen's? Link to post Share on other sites More sharing options...
Dayplayer Posted December 14, 2010 Author ID:360791 Share Posted December 14, 2010 Hi, my pc is still acting strangeeverytime i run programs that contains tons of graphical/3d content such as games or when i browse pictures with my browser it either: occasionally lags,simply closes the program without any notice,self restarts, blue screenedi've tested my graphic card on another pc and it worked fine.. btw do you need the minidump files? Link to post Share on other sites More sharing options...
kahdah Posted December 14, 2010 ID:360793 Share Posted December 14, 2010 If it works on another machine then it is not the graphics card but rather software that may be using it.Yes upload a few minidumps I will look them over.You can attach them in your next post. Link to post Share on other sites More sharing options...
Dayplayer Posted December 14, 2010 Author ID:360795 Share Posted December 14, 2010 hi thanks for the quick reply i can't seem to upload the minidump files this always shows up "Upload failed. You are not permitted to upload this type of file"so instead i txt the thing using bluescreenview program. below is the list of the most recent bluescreen'==================================================Dump File : Mini121110-01.dmpCrash Time : 12/11/2010 6:30:35 AMBug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLEDBug Check Code : 0x1000008eParameter 1 : 0xc0000005Parameter 2 : 0xbfb07840Parameter 3 : 0xbae82af8Parameter 4 : 0x00000000Caused By Driver : nv4_disp.dllCaused By Address : nv4_disp.dll+131840File Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121110-01.dmpProcessors Count : 2Major Version : 15Minor Version : 2600====================================================================================================Dump File : Mini121110-02.dmpCrash Time : 12/11/2010 9:06:44 AMBug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUALBug Check Code : 0x100000d1Parameter 1 : 0x505f2100Parameter 2 : 0x00000002Parameter 3 : 0x00000001Parameter 4 : 0xf42a381eCaused By Driver : tcpip.sysCaused By Address : tcpip.sys+81eFile Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121110-02.dmpProcessors Count : 2Major Version : 15Minor Version : 2600====================================================================================================Dump File : Mini121210-01.dmpCrash Time : 12/12/2010 12:47:53 AMBug Check String : PAGE_FAULT_IN_NONPAGED_AREABug Check Code : 0x10000050Parameter 1 : 0xbafc0eb8Parameter 2 : 0x00000000Parameter 3 : 0x8056ed7bParameter 4 : 0x00000000Caused By Driver : nv4_mini.sysCaused By Address : nv4_mini.sys+12167bFile Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121210-01.dmpProcessors Count : 2Major Version : 15Minor Version : 2600====================================================================================================Dump File : Mini121210-02.dmpCrash Time : 12/12/2010 4:28:59 PMBug Check String : PAGE_FAULT_IN_NONPAGED_AREABug Check Code : 0x10000050Parameter 1 : 0xe3244144Parameter 2 : 0x00000000Parameter 3 : 0xf721ae14Parameter 4 : 0x00000000Caused By Driver : Ntfs.sysCaused By Address : Ntfs.sys+22e14File Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121210-02.dmpProcessors Count : 2Major Version : 15Minor Version : 2600====================================================================================================Dump File : Mini121410-01.dmpCrash Time : 12/14/2010 2:34:38 AMBug Check String : NTFS_FILE_SYSTEMBug Check Code : 0x00000024Parameter 1 : 0x001902feParameter 2 : 0xf78ee490Parameter 3 : 0xf78ee18cParameter 4 : 0x804e8d80Caused By Driver : Ntfs.sysCaused By Address : Ntfs.sys+dff0File Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121410-01.dmpProcessors Count : 2Major Version : 15Minor Version : 2600====================================================================================================Dump File : Mini121410-02.dmpCrash Time : 12/14/2010 2:45:21 AMBug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLEDBug Check Code : 0x1000008eParameter 1 : 0xc0000005Parameter 2 : 0xe1dc4019Parameter 3 : 0xf5fbd9b1Parameter 4 : 0x00000000Caused By Driver : Caused By Address : File Description : Product Name : Company : File Version : Processor : 32-bitComputer Name : Full Path : C:\Program Files\minidump\Mini121410-02.dmpProcessors Count : 2Major Version : 15Minor Version : 2600================================================== Link to post Share on other sites More sharing options...
kahdah Posted December 14, 2010 ID:360796 Share Posted December 14, 2010 Those are quite random please try memtest to check for faulty memory please.http://www.memtest86.com/download.htmlI prefer the .iso and burn it to a cd then restart the system and boot from the cd.Let it run at least a few hours.Let me know if any red marks show up. Link to post Share on other sites More sharing options...
Dayplayer Posted December 14, 2010 Author ID:361055 Share Posted December 14, 2010 Hello again,i have run the memtest for 16 passes and found an astounding number of 16432 errors does this means that i have no option than to change the ram? Link to post Share on other sites More sharing options...
kahdah Posted December 15, 2010 ID:361070 Share Posted December 15, 2010 Yep just as I suspected.Yes you will need to run the test with each stick out to narrow down the one that is causing errors.If only one then you will need to replace it. Link to post Share on other sites More sharing options...
Dayplayer Posted December 15, 2010 Author ID:361111 Share Posted December 15, 2010 A Question:how does a faulty ram affect my current problems? Link to post Share on other sites More sharing options...
kahdah Posted December 15, 2010 ID:361113 Share Posted December 15, 2010 Faulty ram causes a number of things Corrupted files,blue screens,sudden restarts.This is why you are having these issues. Link to post Share on other sites More sharing options...
LDTate Posted December 23, 2010 ID:364589 Share Posted December 23, 2010 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts