29gb of disk space dissappeared and PC crawling like a baby.

Unknown

Hi

Noticed that a huge chunk of space on my hard drive has been used, without me downloading or installing anything. About 20gb. PC is running very slowly as well. Recently had my Hotmail account hacked, not sure if this is connected?

HJT log here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:31, on 10/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{852EF6E5-2A61-4CE5-B200-22EB7C7DDDBA}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9120 bytes


PLEASE HELP!!!!!

Thanks

Spicer

SPICERCDC

I've run Disc Clean Up but only managed to recover about 5gb of free space.

Katana

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. Please Read All Instructions Carefully
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you
4. Failure to reply within 5 days will result in the topic being closed.
5. Please continue to respond until I give you the "All Clear"
   (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

---

Download and Run RSIT

• Please download Random's System Information Tool by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.
  ( They can also be found in the C:\RSIT folder )

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click Yes.
  
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
  
• GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

• Click the Scan button and let the program do its work. GMER will produce a log.
• Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

---

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

• RSIT Logs
• GMER Log

SPICERCDC

RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by SPICER at 2009-08-11 14:07:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 57 GB (40%) free of 145 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:33, on 11/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\SPICER\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\SPICER.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /ns
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{852EF6E5-2A61-4CE5-B200-22EB7C7DDDBA}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9017 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GlaryInitialize.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-03-12 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-06-01 341312]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-05-27 13781536]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStartupSound"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-08-11 14:07:28 ----D---- C:\rsit
2009-08-10 23:06:38 ----A---- C:\Windows\system32\dciman32.dll
2009-07-23 12:37:26 ----D---- C:\Program Files\chameleoni
2009-07-23 12:36:37 ----D---- C:\Users\SPICER\AppData\Roaming\Autorec Outlook Plugin
2009-07-20 11:39:26 ----D---- C:\Program Files\Common Files\Intel
2009-07-17 14:41:17 ----D---- C:\Users\SPICER\AppData\Roaming\BitTorrent
2009-07-17 14:41:11 ----D---- C:\Program Files\BitTorrent
2009-07-14 23:38:26 ----D---- C:\Program Files\Avira
2009-07-13 16:57:22 ----D---- C:\Program Files\Ghostgum
2009-07-09 13:48:41 ----D---- C:\Program Files\CounterPath
2009-06-25 16:49:21 ----D---- C:\Program Files\omniformat
2009-06-25 16:46:57 ----D---- C:\Program Files\pdf995
2009-06-25 16:46:57 ----A---- C:\Windows\system32\pdfmona.dll
2009-06-25 16:46:57 ----A---- C:\Windows\system32\pdf995mon.dll
2009-06-23 16:55:02 ----D---- C:\Program Files\Foxit Software
2009-06-22 23:49:26 ----D---- C:\Windows\system32\AGEIA
2009-06-22 23:49:26 ----D---- C:\Program Files\AGEIA Technologies
2009-06-22 22:51:44 ----D---- C:\Users\SPICER\AppData\Roaming\nHancer
2009-06-22 13:16:59 ----A---- C:\Windows\system32\localspl.dll
2009-06-22 13:16:57 ----A---- C:\Windows\system32\mshtml.dll
2009-06-22 13:16:56 ----A---- C:\Windows\system32\ieframe.dll
2009-06-22 13:16:55 ----A---- C:\Windows\system32\iertutil.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\wininet.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\urlmon.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\ieui.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\iesetup.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\iernonce.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-22 13:16:54 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-22 13:14:51 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-19 14:15:36 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-06-19 14:15:35 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-06-19 14:15:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-06-19 14:15:35 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-06-19 14:15:35 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-06-19 14:15:35 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-06-19 14:15:34 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-06-19 14:15:33 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-06-19 14:15:33 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-06-16 23:42:13 ----D---- C:\Users\SPICER\AppData\Roaming\WinPatrol
2009-06-16 23:42:04 ----D---- C:\Program Files\BillP Studios
2009-06-16 23:36:00 ----SD---- C:\ComboFix
2009-06-16 18:31:55 ----A---- C:\Windows\system32\javaws.exe
2009-06-16 18:31:55 ----A---- C:\Windows\system32\javaw.exe
2009-06-16 18:31:55 ----A---- C:\Windows\system32\java.exe
2009-06-14 22:13:16 ----D---- C:\Users\SPICER\AppData\Roaming\BitDefender
2009-06-14 22:12:54 ----D---- C:\Program Files\BitDefender
2009-06-14 22:12:19 ----D---- C:\Program Files\Common Files\BitDefender
2009-06-14 04:28:27 ----D---- C:\Windows\temp
2009-06-14 04:27:30 ----SHD---- C:\$RECYCLE.BIN
2009-06-14 04:07:32 ----A---- C:\Windows\system32\deploytk.dll
2009-06-14 04:06:39 ----D---- C:\Program Files\AskBarDis
2009-06-14 04:06:20 ----D---- C:\Users\SPICER\AppData\Roaming\Foxit
2009-06-14 04:04:09 ----D---- C:\Windows\Sun
2009-06-11 23:29:50 ----A---- C:\Windows\system32\xfcodec.dll
2009-05-28 22:03:17 ----D---- C:\Windows\system32\eu-ES
2009-05-28 22:03:17 ----D---- C:\Windows\system32\ca-ES
2009-05-28 22:03:13 ----D---- C:\Windows\system32\vi-VN
2009-05-28 21:57:46 ----D---- C:\Windows\system32\SPReview
2009-05-28 21:41:17 ----A---- C:\Windows\system32\scavenge.dll
2009-05-28 21:41:13 ----A---- C:\Windows\system32\compcln.exe
2009-05-28 21:40:52 ----A---- C:\Windows\system32\secur32.dll
2009-05-28 21:40:52 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-05-28 21:40:52 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-05-28 21:40:52 ----A---- C:\Windows\system32\secproc_isv.dll
2009-05-28 21:40:52 ----A---- C:\Windows\system32\secproc.dll
2009-05-28 21:40:52 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-28 21:40:52 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-28 21:40:52 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-28 21:40:52 ----A---- C:\Windows\system32\sdohlp.dll
2009-05-28 21:40:51 ----A---- C:\Windows\system32\sdclt.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\samlib.dll
2009-05-28 21:40:51 ----A---- C:\Windows\system32\rtutils.dll
2009-05-28 21:40:51 ----A---- C:\Windows\system32\rtffilt.dll
2009-05-28 21:40:51 ----A---- C:\Windows\system32\rsaenh.dll
2009-05-28 21:40:51 ----A---- C:\Windows\system32\rrinstaller.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\RMActivate.exe
2009-05-28 21:40:51 ----A---- C:\Windows\system32\riched20.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\scrrun.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\scksp.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\schedsvc.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\SCardSvr.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\scansetting.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\samsrv.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\rpcss.dll
2009-05-28 21:40:50 ----A---- C:\Windows\system32\rpchttp.dll
2009-05-28 21:40:49 ----A---- C:\Windows\system32\scrobj.dll
2009-05-28 21:40:49 ----A---- C:\Windows\system32\schannel.dll
2009-05-28 21:40:49 ----A---- C:\Windows\system32\scesrv.dll
2009-05-28 21:40:49 ----A---- C:\Windows\system32\scecli.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\powercpl.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PnPutil.exe
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pnpui.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pnpsetup.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pnidui.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PkgMgr.exe
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pidgenx.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\photowiz.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\perfdisk.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pdh.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\pcaui.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\p2psvc.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\P2PGraph.dll
2009-05-28 21:40:48 ----A---- C:\Windows\system32\nslookup.exe
2009-05-28 21:40:47 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-05-28 21:40:47 ----A---- C:\Windows\system32\ntdll.dll
2009-05-28 21:40:46 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\osk.exe
2009-05-28 21:40:44 ----A---- C:\Windows\system32\oobefldr.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\onex.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\olepro32.dll

SPICERCDC

2009-05-28 21:40:44 ----A---- C:\Windows\system32\oleprn.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\oleaut32.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\ole32.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\offfilt.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\odbccp32.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\odbcconf.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\odbc32.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-05-28 21:40:44 ----A---- C:\Windows\system32\nlhtml.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\RelMon.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rekeywiz.exe
2009-05-28 21:40:43 ----A---- C:\Windows\system32\regsvc.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rastls.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rastapi.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasppp.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasplap.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasmontr.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasmans.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasgcw.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasdlg.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasdial.exe
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasdiag.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\raschap.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\rasapi32.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\RacEngn.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\Query.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\quartz.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\qmgr.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\qedit.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\ocsetup.exe
2009-05-28 21:40:43 ----A---- C:\Windows\system32\ntprint.dll
2009-05-28 21:40:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-05-28 21:40:43 ----A---- C:\Windows\system32\ntmarta.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\regapi.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\reg.exe
2009-05-28 21:40:42 ----A---- C:\Windows\system32\rdpwsx.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\rdpencom.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-05-28 21:40:42 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-05-28 21:40:42 ----A---- C:\Windows\system32\PresentationHost.exe
2009-05-28 21:40:41 ----A---- C:\Windows\system32\prnntfy.dll
2009-05-28 21:40:41 ----A---- C:\Windows\system32\printui.dll
2009-05-28 21:40:41 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-05-28 21:40:41 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-05-28 21:40:41 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-28 21:40:41 ----A---- C:\Windows\system32\powrprof.dll
2009-05-28 21:40:40 ----A---- C:\Windows\system32\qdvd.dll
2009-05-28 21:40:40 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-05-28 21:40:40 ----A---- C:\Windows\system32\puiapi.dll
2009-05-28 21:40:39 ----A---- C:\Windows\system32\psisdecd.dll
2009-05-28 21:40:39 ----A---- C:\Windows\system32\PSHED.DLL
2009-05-28 21:40:39 ----A---- C:\Windows\system32\propsys.dll
2009-05-28 21:40:39 ----A---- C:\Windows\system32\propdefs.dll
2009-05-28 21:40:39 ----A---- C:\Windows\system32\profsvc.dll
2009-05-28 21:40:38 ----A---- C:\Windows\system32\sendmail.dll
2009-05-28 21:40:37 ----A---- C:\Windows\system32\shlwapi.dll
2009-05-28 21:40:37 ----A---- C:\Windows\system32\shell32.dll
2009-05-28 21:40:37 ----A---- C:\Windows\system32\shdocvw.dll
2009-05-28 21:40:36 ----A---- C:\Windows\system32\sethc.exe
2009-05-28 21:40:36 ----A---- C:\Windows\system32\services.exe
2009-05-28 21:40:35 ----A---- C:\Windows\system32\setupapi.dll
2009-05-28 21:40:28 ----A---- C:\Windows\system32\eapphost.dll
2009-05-28 21:40:28 ----A---- C:\Windows\system32\eappgnui.dll
2009-05-28 21:40:25 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-05-28 21:40:25 ----A---- C:\Windows\system32\eappcfg.dll
2009-05-28 21:40:25 ----A---- C:\Windows\system32\eapp3hst.dll
2009-05-28 21:40:24 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-05-28 21:40:24 ----A---- C:\Windows\system32\evr.dll
2009-05-28 21:40:24 ----A---- C:\Windows\system32\eudcedit.exe
2009-05-28 21:40:24 ----A---- C:\Windows\system32\dxmasf.dll
2009-05-28 21:40:24 ----A---- C:\Windows\system32\dwm.exe
2009-05-28 21:40:24 ----A---- C:\Windows\system32\dsprop.dll
2009-05-28 21:40:24 ----A---- C:\Windows\system32\dsound.dll
2009-05-28 21:40:24 ----A---- C:\Windows\explorer.exe
2009-05-28 21:40:23 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-05-28 21:40:23 ----A---- C:\Windows\system32\esent.dll
2009-05-28 21:40:23 ----A---- C:\Windows\system32\emdmgmt.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\es.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\EncDec.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\EhStorShell.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\dimsroam.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\diagperf.dll
2009-05-28 21:40:22 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-05-28 21:40:21 ----A---- C:\Windows\system32\diskraid.exe
2009-05-28 21:40:21 ----A---- C:\Windows\system32\diskpart.exe
2009-05-28 21:40:21 ----A---- C:\Windows\system32\dfshim.dll
2009-05-28 21:40:21 ----A---- C:\Windows\system32\devmgr.dll
2009-05-28 21:40:20 ----A---- C:\Windows\system32\drvstore.dll
2009-05-28 21:40:20 ----A---- C:\Windows\system32\dpapimig.exe
2009-05-28 21:40:20 ----A---- C:\Windows\system32\dot3svc.dll
2009-05-28 21:40:20 ----A---- C:\Windows\system32\dot3msm.dll
2009-05-28 21:40:20 ----A---- C:\Windows\system32\dot3cfg.dll
2009-05-28 21:40:20 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\hbaapi.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\drvinst.exe
2009-05-28 21:40:19 ----A---- C:\Windows\system32\drmv2clt.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\dnsapi.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\dmusic.dll
2009-05-28 21:40:19 ----A---- C:\Windows\system32\dmsynth.dll
2009-05-28 21:40:18 ----A---- C:\Windows\system32\iasdatastore.dll
2009-05-28 21:40:18 ----A---- C:\Windows\system32\iasads.dll
2009-05-28 21:40:18 ----A---- C:\Windows\system32\iasacct.dll
2009-05-28 21:40:18 ----A---- C:\Windows\system32\gpupdate.exe
2009-05-28 21:40:18 ----A---- C:\Windows\system32\gpsvc.dll
2009-05-28 21:40:18 ----A---- C:\Windows\system32\gpresult.exe
2009-05-28 21:40:17 ----A---- C:\Windows\system32\iasnap.dll
2009-05-28 21:40:17 ----A---- C:\Windows\system32\IasMigReader.exe
2009-05-28 21:40:17 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-05-28 21:40:17 ----A---- C:\Windows\system32\iashlpr.dll
2009-05-28 21:40:17 ----A---- C:\Windows\system32\hdwwiz.exe
2009-05-28 21:40:16 ----A---- C:\Windows\system32\hidserv.dll
2009-05-28 21:40:16 ----A---- C:\Windows\system32\fontext.dll
2009-05-28 21:40:16 ----A---- C:\Windows\system32\findstr.exe
2009-05-28 21:40:16 ----A---- C:\Windows\system32\feclient.dll
2009-05-28 21:40:16 ----A---- C:\Windows\system32\fdWCN.dll
2009-05-28 21:40:16 ----A---- C:\Windows\system32\fdSSDP.dll
2009-05-28 21:40:16 ----A---- C:\Windows\system32\fc.exe
2009-05-28 21:40:16 ----A---- C:\Windows\system32\Faultrep.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\gpedit.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\gpapi.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\gdi32.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\fdWSD.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\fdProxy.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\fdeploy.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-05-28 21:40:15 ----A---- C:\Windows\system32\fdBth.dll
2009-05-28 21:40:14 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-05-28 21:40:14 ----A---- C:\Windows\system32\fundisc.dll
2009-05-28 21:40:14 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-05-28 21:40:14 ----A---- C:\Windows\system32\ftp.exe
2009-05-28 21:40:14 ----A---- C:\Windows\system32\fsquirt.exe
2009-05-28 21:40:13 ----A---- C:\Windows\system32\gameux.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-05-28 21:40:13 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\autofmt.exe
2009-05-28 21:40:13 ----A---- C:\Windows\system32\autochk.exe
2009-05-28 21:40:13 ----A---- C:\Windows\system32\authz.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\authui.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\audiosrv.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\AudioSes.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\audiodg.exe
2009-05-28 21:40:13 ----A---- C:\Windows\system32\atmlib.dll
2009-05-28 21:40:13 ----A---- C:\Windows\system32\atmfd.dll
2009-05-28 21:40:12 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-05-28 21:40:12 ----A---- C:\Windows\system32\autoplay.dll
2009-05-28 21:40:12 ----A---- C:\Windows\system32\autoconv.exe
2009-05-28 21:40:11 ----A---- C:\Windows\system32\bthci.dll
2009-05-28 21:40:11 ----A---- C:\Windows\system32\browseui.dll
2009-05-28 21:40:11 ----A---- C:\Windows\system32\brcpl.dll
2009-05-28 21:40:11 ----A---- C:\Windows\system32\basecsp.dll
2009-05-28 21:40:10 ----A---- C:\Windows\system32\blackbox.dll
2009-05-28 21:40:10 ----A---- C:\Windows\system32\bitsigd.dll
2009-05-28 21:40:10 ----A---- C:\Windows\system32\BFE.DLL
2009-05-28 21:40:10 ----A---- C:\Windows\system32\bcrypt.dll
2009-05-28 21:40:10 ----A---- C:\Windows\system32\azroles.dll
2009-05-28 21:40:09 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-05-28 21:40:09 ----A---- C:\Windows\system32\aaclient.dll
2009-05-28 21:40:08 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-05-28 21:40:08 ----A---- C:\Windows\system32\apphelp.dll
2009-05-28 21:40:08 ----A---- C:\Windows\system32\apds.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\conime.exe
2009-05-28 21:40:06 ----A---- C:\Windows\system32\comuid.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\comsvcs.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\advapi32.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\adtschema.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\adsmsext.dll
2009-05-28 21:40:06 ----A---- C:\Windows\system32\adsldpc.dll
2009-05-28 21:40:05 ----A---- C:\Windows\system32\crypt32.dll
2009-05-28 21:40:05 ----A---- C:\Windows\system32\credui.dll
2009-05-28 21:40:05 ----A---- C:\Windows\system32\connect.dll
2009-05-28 21:40:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\dbgeng.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\davclnt.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\dataclen.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\d3d9.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\comdlg32.dll
2009-05-28 21:40:04 ----A---- C:\Windows\system32\cmmon32.exe
2009-05-28 21:40:03 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-05-28 21:40:03 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-05-28 21:40:03 ----A---- C:\Windows\system32\DevicePairing.dll
2009-05-28 21:40:03 ----A---- C:\Windows\system32\DeviceEject.exe
2009-05-28 21:40:03 ----A---- C:\Windows\system32\csrstub.exe
2009-05-28 21:40:03 ----A---- C:\Windows\system32\cscript.exe
2009-05-28 21:40:03 ----A---- C:\Windows\system32\cscdll.dll
2009-05-28 21:40:03 ----A---- C:\Windows\system32\cscapi.dll
2009-05-28 21:40:03 ----A---- C:\Windows\system32\cryptui.dll
2009-05-28 21:40:03 ----A---- C:\Windows\system32\cryptsvc.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\certmgr.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\CertEnroll.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\certcli.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\cdd.dll
2009-05-28 21:40:02 ----A---- C:\Windows\system32\bthudtask.exe
2009-05-28 21:40:02 ----A---- C:\Windows\system32\bthserv.dll
2009-05-28 21:40:01 ----A---- C:\Windows\system32\cipher.exe
2009-05-28 21:40:01 ----A---- C:\Windows\system32\ci.dll
2009-05-28 21:40:01 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-05-28 21:40:01 ----A---- C:\Windows\system32\chsbrkr.dll
2009-05-28 21:40:01 ----A---- C:\Windows\system32\cbsra.exe
2009-05-28 21:40:00 ----A---- C:\Windows\system32\chtbrkr.dll
2009-05-28 21:40:00 ----A---- C:\Windows\system32\certreq.exe
2009-05-28 21:40:00 ----A---- C:\Windows\system32\certprop.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msihnd.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msiexec.exe
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msftedit.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msexcl40.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msexch40.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\msdtctm.dll
2009-05-28 21:39:59 ----A---- C:\Windows\system32\certutil.exe
2009-05-28 21:39:58 ----A---- C:\Windows\system32\msi.dll
2009-05-28 21:39:57 ----A---- C:\Windows\system32\msdtcprx.dll
2009-05-28 21:39:57 ----A---- C:\Windows\system32\msdrm.dll
2009-05-28 21:39:57 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-05-28 21:39:56 ----A---- C:\Windows\system32\msimsg.dll
2009-05-28 21:39:56 ----A---- C:\Windows\system32\msctfui.dll
2009-05-28 21:39:56 ----A---- C:\Windows\system32\msctfp.dll
2009-05-28 21:39:56 ----A---- C:\Windows\system32\msctf.dll
2009-05-28 21:39:55 ----A---- C:\Windows\system32\MPSSVC.dll
2009-05-28 21:39:55 ----A---- C:\Windows\system32\mprapi.dll
2009-05-28 21:39:55 ----A---- C:\Windows\system32\mpr.dll
2009-05-28 21:39:54 ----A---- C:\Windows\system32\modemui.dll
2009-05-28 21:39:54 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-05-28 21:39:53 ----A---- C:\Windows\system32\mscories.dll
2009-05-28 21:39:53 ----A---- C:\Windows\system32\mscorier.dll
2009-05-28 21:39:53 ----A---- C:\Windows\system32\mscoree.dll
2009-05-28 21:39:53 ----A---- C:\Windows\system32\mscms.dll
2009-05-28 21:39:53 ----A---- C:\Windows\system32\mscandui.dll
2009-05-28 21:39:52 ----A---- C:\Windows\system32\netapi32.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\NetProjW.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\netplwiz.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\netlogon.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\netiohlp.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\netcenter.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\ncryptui.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\ncrypt.dll
2009-05-28 21:39:51 ----A---- C:\Windows\system32\mtxclu.dll
2009-05-28 21:39:50 ----A---- C:\Windows\system32\netshell.dll
2009-05-28 21:39:50 ----A---- C:\Windows\system32\NcdProp.dll
2009-05-28 21:39:50 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-05-28 21:39:50 ----A---- C:\Windows\system32\msxml6.dll
2009-05-28 21:39:50 ----A---- C:\Windows\system32\msxml3.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\newdev.exe
2009-05-28 21:39:49 ----A---- C:\Windows\system32\newdev.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\networkmap.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\networkexplorer.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msscb.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msrepl40.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msrd3x40.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msrd2x40.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\mspbde40.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msnetobj.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msltus40.dll
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msinfo32.exe
2009-05-28 21:39:49 ----A---- C:\Windows\system32\msimtf.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msxbde40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mswstr10.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mswsock.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mswdat10.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msvcrt.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msvcp60.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msv1_0.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msutb.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mstscax.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mssrch.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mssprxy.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mssph.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\mssitlb.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msshooks.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msscp.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msjtes40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msjter40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msjint40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msjet40.dll
2009-05-28 21:39:48 ----A---- C:\Windows\system32\msisip.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\mstsc.exe
2009-05-28 21:39:47 ----A---- C:\Windows\system32\mstlsapi.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\mstext40.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\mssvp.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\msstrc.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\msshsq.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\InkEd.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\infocardapi.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\inetppui.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\inetpp.dll
2009-05-28 21:39:47 ----A---- C:\Windows\system32\inetcomm.dll
2009-05-28 21:39:46 ----A---- C:\Windows\system32\imm32.dll
2009-05-28 21:39:45 ----A---- C:\Windows\system32\iscsilog.dll
2009-05-28 21:39:45 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-05-28 21:39:45 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-05-28 21:39:45 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-05-28 21:39:45 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-05-28 21:39:45 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-05-28 21:39:45 ----A---- C:\Windows\system32\ipconfig.exe
2009-05-28 21:39:45 ----A---- C:\Windows\system32\input.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\ifmon.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\icardres.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\icardagt.exe
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iassvcs.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iassdo.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iassam.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iasrecst.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iasrad.dll
2009-05-28 21:39:44 ----A---- C:\Windows\system32\iaspolcy.dll
2009-05-28 21:39:43 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-05-28 21:39:43 ----A---- C:\Windows\system32\imapi2fs.dll
2009-05-28 21:39:43 ----A---- C:\Windows\system32\imapi2.dll
2009-05-28 21:39:43 ----A---- C:\Windows\system32\imapi.dll
2009-05-28 21:39:43 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mfps.dll
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mfpmp.exe
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mfplat.dll
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mferror.dll
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mfc42u.dll
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mfc42.dll
2009-05-28 21:39:42 ----A---- C:\Windows\system32\mf.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\mmcico.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\mmci.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\mimefilt.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\milcore.dll
2009-05-28 21:39:41 ----A---- C:\Windows\system32\midimap.dll
2009-05-28 21:39:40 ----A---- C:\Windows\system32\mmc.exe
2009-05-28 21:39:40 ----A---- C:\Windows\system32\korwbrkr.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\mcmde.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\mblctr.exe
2009-05-28 21:39:39 ----A---- C:\Windows\system32\l2nacp.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\kernel32.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\kerberos.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\kdusb.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\kdcom.dll
2009-05-28 21:39:39 ----A---- C:\Windows\system32\kd1394.dll
2009-05-28 21:39:38 ----A---- C:\Windows\system32\shsetup.dll
2009-05-28 21:39:38 ----A---- C:\Windows\system32\Magnify.exe
2009-05-28 21:39:38 ----A---- C:\Windows\system32\lsasrv.dll
2009-05-28 21:39:38 ----A---- C:\Windows\system32\logman.exe
2009-05-28 21:39:38 ----A---- C:\Windows\system32\logagent.exe
2009-05-28 21:39:36 ----A---- C:\Windows\system32\wercon.exe
2009-05-28 21:39:36 ----A---- C:\Windows\system32\wer.dll
2009-05-28 21:39:36 ----A---- C:\Windows\system32\WebClnt.dll
2009-05-28 21:39:36 ----A---- C:\Windows\system32\wdscore.dll
2009-05-28 21:39:36 ----A---- C:\Windows\system32\wdc.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\winhttp.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\win32spl.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\whealogr.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\wevtutil.exe
2009-05-28 21:39:35 ----A---- C:\Windows\system32\wevtsvc.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\wevtapi.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\wersvc.dll
2009-05-28 21:39:35 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-05-28 21:39:35 ----A---- C:\Windows\system32\WerFault.exe
2009-05-28 21:39:34 ----A---- C:\Windows\system32\wiaservc.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\wiaaut.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\version.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\vdsutil.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\vdsdyn.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\vds.exe
2009-05-28 21:39:34 ----A---- C:\Windows\system32\vdmdbg.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\uxsms.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\Utilman.exe
2009-05-28 21:39:34 ----A---- C:\Windows\system32\usp10.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\userenv.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\usercpl.dll
2009-05-28 21:39:34 ----A---- C:\Windows\system32\user32.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\wcnwiz.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\wcncsvc.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\w32time.dll
2009-05-28 21:39:33 ----A---- C:\Windows\system32\VSSVC.exe
2009-05-28 21:39:33 ----A---- C:\Windows\system32\vssapi.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WSDMon.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wsdchngr.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WSDApi.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wscsvc.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wscript.exe
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wscntfy.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wscisvif.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WscEapPr.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wscapi.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\wow32.dll
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-05-28 21:39:32 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-05-28 21:39:31 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-05-28 21:39:30 ----A---- C:\Windows\system32\xmlfilter.dll
2009-05-28 21:39:30 ----A---- C:\Windows\system32\wusa.exe
2009-05-28 21:39:30 ----A---- C:\Windows\system32\wpcsvc.dll
2009-05-28 21:39:30 ----A---- C:\Windows\system32\wpccpl.dll
2009-05-28 21:39:30 ----A---- C:\Windows\system32\wpcao.dll
2009-05-28 21:39:28 ----A---- C:\Windows\system32\wshext.dll
2009-05-28 21:39:28 ----A---- C:\Windows\system32\wshbth.dll
2009-05-28 21:39:28 ----A---- C:\Windows\system32\wsepno.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\wsnmp32.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\WsmSvc.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\wlanui.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\wlanpref.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\wlanmsm.dll
2009-05-28 21:39:26 ----A---- C:\Windows\system32\wlanhlp.dll
2009-05-28 21:39:25 ----A---- C:\Windows\system32\wlansvc.dll
2009-05-28 21:39:25 ----A---- C:\Windows\system32\wlangpui.dll
2009-05-28 21:39:25 ----A---- C:\Windows\system32\wisptis.exe
2009-05-28 21:39:23 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-05-28 21:39:23 ----A---- C:\Windows\system32\Wldap32.dll
2009-05-28 21:39:22 ----A---- C:\Windows\system32\winrnr.dll
2009-05-28 21:39:22 ----A---- C:\Windows\system32\winresume.exe
2009-05-28 21:39:21 ----A---- C:\Windows\system32\WinSCard.dll
2009-05-28 21:39:19 ----A---- C:\Windows\system32\WinSAT.exe
2009-05-28 21:39:19 ----A---- C:\Windows\system32\winmm.dll
2009-05-28 21:39:19 ----A---- C:\Windows\system32\winlogon.exe
2009-05-28 21:39:19 ----A---- C:\Windows\system32\winload.exe
2009-05-28 21:39:18 ----A---- C:\Windows\system32\winsrv.dll
2009-05-28 21:39:16 ----A---- C:\Windows\system32\WMPhoto.dll
2009-05-28 21:39:16 ----A---- C:\Windows\system32\wmpeffects.dll
2009-05-28 21:39:16 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\wmpmde.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\wmploc.DLL
2009-05-28 21:39:15 ----A---- C:\Windows\system32\wmp.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\sud.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\Storprop.dll
2009-05-28 21:39:15 ----A---- C:\Windows\system32\stobject.dll
2009-05-28 21:39:14 ----A---- C:\Windows\system32\srvsvc.dll
2009-05-28 21:39:14 ----A---- C:\Windows\system32\srcore.dll
2009-05-28 21:39:14 ----A---- C:\Windows\system32\srchadmin.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\sysmain.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\sysclass.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\SyncCenter.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\swprv.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-05-28 21:39:13 ----A---- C:\Windows\system32\slwmi.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\spp.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\spoolsv.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\spoolss.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\spinstall.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\spcmsg.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\smss.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SmiEngine.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\slwga.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLUINotify.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLUI.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLsvc.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\slmgr.vbs
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLLUA.exe
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\slcinst.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLCExt.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\slcc.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\SLC.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\shwebsvc.dll
2009-05-28 21:39:12 ----A---- C:\Windows\system32\shsvcs.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\TSTheme.exe
2009-05-28 21:39:11 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\spwmp.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\spwizui.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\spwinsat.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\spreview.exe
2009-05-28 21:39:11 ----A---- C:\Windows\system32\sperror.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\softkbd.dll
2009-05-28 21:39:11 ----A---- C:\Windows\system32\SnippingTool.exe
2009-05-28 21:39:11 ----A---- C:\Windows\system32\SndVol.exe
2009-05-28 21:39:10 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-05-28 21:39:10 ----A---- C:\Windows\system32\tsgqec.dll
2009-05-28 21:39:10 ----A---- C:\Windows\system32\tscupgrd.exe
2009-05-28 21:39:09 ----A---- C:\Windows\system32\zipfldr.dll
2009-05-28 21:39:09 ----A---- C:\Windows\system32\untfs.dll
2009-05-28 21:39:09 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-05-28 21:39:09 ----A---- C:\Windows\system32\ulib.dll
2009-05-28 21:39:09 ----A---- C:\Windows\system32\uDWM.dll
2009-05-28 21:39:09 ----A---- C:\Windows\system32\systemcpl.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\tsbyuv.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\tquery.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\themeui.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\themecpl.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\thawbrkr.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\termsrv.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\telnet.exe
2009-05-28 21:39:07 ----A---- C:\Windows\system32\tcpmon.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\taskeng.exe
2009-05-28 21:39:07 ----A---- C:\Windows\system32\taskcomp.dll
2009-05-28 21:39:07 ----A---- C:\Windows\system32\tapisrv.dll
2009-05-28 20:55:14 ----D---- C:\Windows\system32\EventProviders
2009-05-28 18:18:29 ----D---- C:\Program Files\Ratajik Software
2009-05-28 18:05:10 ----D---- C:\Users\SPICER\AppData\Roaming\streamripper
2009-05-28 17:59:38 ----D---- C:\Program Files\Conduit
2009-05-28 17:59:29 ----D---- C:\Windows\Freecorder Toolbar
2009-05-28 17:59:29 ----D---- C:\Program Files\Freecorder Toolbar
2009-05-27 18:00:46 ----A---- C:\Windows\system32\nvcpluir.dll
2009-05-27 18:00:46 ----A---- C:\Windows\system32\nvcplui.exe
2009-05-27 18:00:44 ----A---- C:\Windows\system32\nvsvsr.dll
2009-05-27 18:00:44 ----A---- C:\Windows\system32\nvsvs.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvwssr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvwss.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvvsvc.exe
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvvitvsr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvvitvs.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvmoblsr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvmobls.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvmccssr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvmccss.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvgamesr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvgames.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvdispsr.dll
2009-05-27 18:00:32 ----A---- C:\Windows\system32\nvdisps.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvsvcr.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvsvc.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvshext.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvmctray.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvhotkey.dll
2009-05-27 18:00:30 ----A---- C:\Windows\system32\nvcpl.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvudisp.exe
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvoglv32.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvd3dum.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuvid.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuvenc.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcuda.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcod151.dll
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvcod.dll
2009-05-22 14:15:34 ----D---- C:\Users\SPICER\AppData\Roaming\dBpoweramp
2009-05-22 13:59:34 ----D---- C:\Users\SPICER\AppData\Roaming\AccurateRip
2009-05-22 13:59:34 ----A---- C:\Windows\system32\SpoonUninstall.exe
2009-05-22 13:59:31 ----D---- C:\Program Files\Illustrate
2009-05-21 22:27:12 ----D---- C:\Users\SPICER\AppData\Roaming\Malwarebytes
2009-05-21 22:27:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-21 22:26:39 ----D---- C:\Windows\ERDNT
2009-05-21 22:26:10 ----D---- C:\Program Files\ERUNT
2009-05-21 20:51:11 ----D---- C:\Users\SPICER\AppData\Roaming\FileZilla
2009-05-21 20:51:06 ----D---- C:\Program Files\FileZilla FTP Client
2009-05-20 09:04:01 ----A---- C:\Windows\system32\mshtmler.dll
2009-05-20 09:04:01 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-20 09:04:01 ----A---- C:\Windows\system32\icardie.dll
2009-05-20 09:04:01 ----A---- C:\Windows\system32\admparse.dll
2009-05-20 09:04:00 ----A---- C:\Windows\system32\msls31.dll
2009-05-20 09:04:00 ----A---- C:\Windows\system32\ieakeng.dll
2009-05-20 09:04:00 ----A---- C:\Windows\system32\corpol.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\occache.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\msrating.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\licmgr10.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\inseng.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\imgutil.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\iepeers.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\ieaksie.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-20 09:03:59 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-05-20 09:03:58 ----A---- C:\Windows\system32\wextract.exe
2009-05-20 09:03:58 ----A---- C:\Windows\system32\webcheck.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\mstime.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\msfeedssync.exe
2009-05-20 09:03:58 ----A---- C:\Windows\system32\msfeeds.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\ieakui.dll
2009-05-20 09:03:58 ----A---- C:\Windows\system32\advpack.dll
2009-05-20 09:03:57 ----A---- C:\Windows\system32\vbscript.dll
2009-05-20 09:03:57 ----A---- C:\Windows\system32\url.dll
2009-05-20 09:03:57 ----A---- C:\Windows\system32\jscript.dll
2009-05-20 09:03:57 ----A---- C:\Windows\system32\ieapfltr.dll
2009-05-20 09:03:55 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\SetDepNx.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\PDMSetup.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\mshta.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\iexpress.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\ieUnatt.exe
2009-05-20 09:03:55 ----A---- C:\Windows\system32\iesysprep.dll
2009-05-13 23:04:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-13 22:56:12 ----D---- C:\Program Files\Trend Micro
2009-05-13 01:17:49 ----DC---- C:\Windows\system32\DRVSTORE
2009-05-13 01:16:03 ----D---- C:\Program Files\Lavasoft

======List of files/folders modified in the last 3 months======

2009-08-11 13:15:19 ----D---- C:\Windows\system32\LogFiles
2009-08-11 13:15:19 ----D---- C:\Windows\Debug
2009-08-11 11:58:43 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-08-11 11:56:38 ----D---- C:\Program Files\Steam
2009-08-11 11:45:42 ----A---- C:\Windows\system32\pbsvc.exe
2009-08-11 10:19:21 ----D---- C:\Windows\system32\config
2009-08-11 10:19:08 ----D---- C:\Windows\Tasks
2009-08-11 10:19:08 ----D---- C:\Windows\system32\spool
2009-08-11 10:19:08 ----D---- C:\Windows\system32\drivers
2009-08-11 10:19:08 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-11 10:19:08 ----D---- C:\Windows\System32
2009-08-11 10:19:08 ----D---- C:\Windows\inf
2009-08-11 10:19:08 ----D---- C:\WINDOWS
2009-08-11 10:19:08 ----D---- C:\Program Files\Glary Utilities
2009-08-11 10:19:05 ----D---- C:\Windows\system32\wbem
2009-08-11 10:19:05 ----D---- C:\Windows\registration
2009-08-11 01:37:33 ----SHD---- C:\System Volume Information
2009-08-11 01:26:25 ----D---- C:\Windows\system32\catroot2
2009-08-10 23:11:05 ----D---- C:\Windows\winsxs
2009-08-10 23:10:49 ----D---- C:\Windows\Microsoft.NET
2009-08-10 23:10:34 ----SHD---- C:\Windows\Installer
2009-08-10 23:10:13 ----D---- C:\Windows\system32\catroot
2009-08-10 11:53:58 ----D---- C:\Windows\system32\Tasks
2009-08-10 11:39:43 ----HD---- C:\ProgramData
2009-08-10 11:39:41 ----D---- C:\Program Files\IObit
2009-08-10 11:01:52 ----D---- C:\Program Files\Mozilla Firefox
2009-08-06 16:28:33 ----SD---- C:\Users\SPICER\AppData\Roaming\Microsoft
2009-08-06 10:24:22 ----D---- C:\Users\SPICER\AppData\Roaming\Adobe
2009-08-05 13:18:45 ----D---- C:\Users\SPICER\AppData\Roaming\Macromedia
2009-07-30 14:39:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-29 16:08:43 ----RD---- C:\Program Files
2009-07-23 19:44:07 ----D---- C:\Program Files\Microsoft Office
2009-07-23 19:44:07 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-23 19:44:05 ----D---- C:\Windows\Help
2009-07-22 21:03:13 ----RD---- C:\Users
2009-07-20 11:39:26 ----D---- C:\Program Files\Common Files
2009-07-19 16:23:08 ----D---- C:\Program Files\Common Files\Steam
2009-07-14 11:21:09 ----D---- C:\Program Files\EA GAMES
2009-07-14 11:19:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 01:44:01 ----A---- C:\Windows\system32\PnkBstrA.exe
2009-07-02 23:49:02 ----D---- C:\Users\SPICER\AppData\Roaming\Xfire
2009-06-24 03:41:13 ----RSD---- C:\Windows\Fonts
2009-06-24 01:06:22 ----D---- C:\Program Files\Xfire
2009-06-22 23:49:05 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-06-22 23:47:29 ----D---- C:\NVIDIA
2009-06-22 23:33:29 ----D---- C:\Program Files\Hewlett-Packard
2009-06-22 23:18:51 ----D---- C:\Program Files\SystemRequirementsLab
2009-06-22 23:16:33 ----D---- C:\Users\SPICER\AppData\Roaming\SystemRequirementsLab
2009-06-22 20:07:01 ----SHD---- C:\boot
2009-06-22 13:37:35 ----RSD---- C:\Windows\assembly
2009-06-22 13:25:39 ----D---- C:\Windows\ehome
2009-06-22 13:25:38 ----D---- C:\Windows\system32\migration
2009-06-22 13:25:38 ----D---- C:\Program Files\Internet Explorer
2009-06-19 14:13:56 ----D---- C:\Windows\Logs
2009-06-18 14:39:08 ----D---- C:\Users\SPICER\AppData\Roaming\.oit
2009-06-18 01:38:47 ----D---- C:\Users\SPICER\AppData\Roaming\teamspeak2
2009-06-16 23:36:22 ----D---- C:\Windows\system32\en-US
2009-06-16 18:41:29 ----D---- C:\Program Files\Java
2009-06-14 04:26:46 ----A---- C:\Windows\system.ini
2009-06-14 04:24:34 ----D---- C:\Windows\AppPatch
2009-06-11 20:45:40 ----D---- C:\Program Files\Teamspeak2_RC2
2009-06-09 11:16:34 ----D---- C:\Program Files\CCleaner
2009-06-01 17:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-28 23:34:50 ----D---- C:\Program Files\Xara
2009-05-28 22:28:38 ----D---- C:\Windows\rescache
2009-05-28 22:06:16 ----D---- C:\Program Files\Windows Mail
2009-05-28 22:06:16 ----D---- C:\Program Files\Windows Calendar
2009-05-28 22:06:15 ----D---- C:\Program Files\Movie Maker
2009-05-28 22:06:13 ----D---- C:\Program Files\Windows Sidebar
2009-05-28 22:06:12 ----D---- C:\Program Files\Windows Media Player
2009-05-28 22:06:12 ----D---- C:\Program Files\Windows Journal
2009-05-28 22:06:09 ----D---- C:\Program Files\Common Files\System
2009-05-28 22:06:08 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-28 22:06:04 ----D---- C:\Windows\servicing
2009-05-28 22:06:04 ----D---- C:\Program Files\Windows Defender
2009-05-28 22:05:41 ----D---- C:\Windows\IME
2009-05-28 22:05:40 ----D---- C:\Windows\system32\XPSViewer
2009-05-28 22:05:40 ----D---- C:\Windows\system32\sk-SK
2009-05-28 22:05:40 ----D---- C:\Windows\system32\lv-LV
2009-05-28 22:05:40 ----D---- C:\Windows\system32\ko-KR
2009-05-28 22:05:40 ----D---- C:\Windows\system32\hr-HR
2009-05-28 22:05:40 ----D---- C:\Windows\system32\et-EE
2009-05-28 22:05:40 ----D---- C:\Windows\system32\da-DK
2009-05-28 22:05:38 ----D---- C:\Windows\system32\oobe
2009-05-28 22:05:38 ----D---- C:\Windows\system32\it-IT
2009-05-28 22:05:38 ----D---- C:\Windows\system32\el-GR
2009-05-28 22:05:38 ----D---- C:\Windows\system32\de-DE
2009-05-28 22:05:31 ----D---- C:\Windows\system32\AdvancedInstallers
2009-05-28 22:05:30 ----D---- C:\Windows\system32\sv-SE
2009-05-28 22:05:30 ----D---- C:\Windows\system32\SLUI
2009-05-28 22:05:30 ----D---- C:\Windows\system32\setup
2009-05-28 22:05:30 ----D---- C:\Windows\system32\ru-RU
2009-05-28 22:05:30 ----D---- C:\Windows\system32\pt-PT
2009-05-28 22:05:30 ----D---- C:\Windows\system32\hu-HU
2009-05-28 22:05:30 ----D---- C:\Windows\system32\he-IL
2009-05-28 22:05:30 ----D---- C:\Windows\system32\fr-FR
2009-05-28 22:05:30 ----D---- C:\Windows\system32\fi-FI
2009-05-28 22:05:30 ----D---- C:\Windows\system32\cs-CZ
2009-05-28 22:05:29 ----D---- C:\Windows\system32\zh-TW
2009-05-28 22:05:29 ----D---- C:\Windows\system32\zh-CN
2009-05-28 22:05:29 ----D---- C:\Windows\system32\uk-UA
2009-05-28 22:05:29 ----D---- C:\Windows\system32\sr-Latn-CS
2009-05-28 22:05:29 ----D---- C:\Windows\system32\sl-SI
2009-05-28 22:05:29 ----D---- C:\Windows\system32\ro-RO
2009-05-28 22:05:29 ----D---- C:\Windows\system32\pl-PL
2009-05-28 22:05:29 ----D---- C:\Windows\system32\manifeststore
2009-05-28 22:05:29 ----D---- C:\Windows\system32\ja-JP
2009-05-28 22:05:29 ----D---- C:\Windows\system32\es-ES
2009-05-28 22:05:29 ----D---- C:\Windows\system32\en
2009-05-28 22:05:29 ----D---- C:\Windows\system32\bg-BG
2009-05-28 22:05:27 ----D---- C:\Windows\system32\th-TH
2009-05-28 22:05:26 ----D---- C:\Windows\system32\tr-TR
2009-05-28 22:05:22 ----D---- C:\Windows\system32\nl-NL
2009-05-28 22:05:22 ----D---- C:\Windows\system32\nb-NO
2009-05-28 22:05:22 ----D---- C:\Windows\system32\lt-LT
2009-05-28 22:05:22 ----D---- C:\Windows\system32\ar-SA
2009-05-28 22:05:19 ----D---- C:\Windows\system32\migwiz
2009-05-28 22:05:18 ----D---- C:\Windows\system32\pt-BR
2009-05-28 22:03:13 ----D---- C:\Windows\system32\Boot
2009-05-27 16:04:00 ----A---- C:\Windows\system32\nvapi.dll
2009-05-27 11:56:16 ----A---- C:\Windows\system32\nvuninst.exe
2009-05-20 09:15:40 ----D---- C:\Windows\panther
2009-05-20 09:07:31 ----D---- C:\Windows\PolicyDefinitions
2009-05-14 11:16:44 ----D---- C:\Program Files\Spyware Doctor
2009-05-12 18:10:18 ----D---- C:\System Recovery Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]

SPICERCDC

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-09-21 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-09-21 36240]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-09-21 28432]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-05-27 9850240]
R3 NVR0Dev;NVR0Dev; \??\C:\Windows\nvoclock.sys [2007-09-04 29696]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 12032]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-19 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-10-23 1331192]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-10 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-10 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 79664]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 16432]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 emusba10;E-MU USB-Audio 1.0 Driver; C:\Windows\system32\DRIVERS\emusba10.sys [2007-11-26 163352]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-04-12 160768]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 inyafakj;inyafakj; \??\C:\Users\SPICER\AppData\Local\Temp\inyafakj.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.22\RivaTuner32.sys [2008-12-29 9088]
S3 SaiK0004;SaiK0004; C:\Windows\system32\DRIVERS\SaiK0004.sys [2008-04-04 104960]
S3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2008-04-04 14080]
S3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2008-04-04 35456]
S3 SaiU0004;SaiU0004; C:\Windows\system32\DRIVERS\SaiU0004.sys [2008-04-04 28544]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM); C:\Windows\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 39808]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-27 211488]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-14 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-26 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-26 170480]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 BthServ;Bluetooth Support Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-24 262243]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-15 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-12 138168]
S3 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2007-11-15 121360]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-26 1108464]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-13 316664]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-24 106593]
S4 emaudsv;E-MU Audio Service; C:\Windows\system32\emaudsv.exe [2007-11-26 20992]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 wwSecSvc;Washer Security Access; C:\Windows\system32\wwSecure.exe [2005-05-20 486400]

---

EOF

---

Katana

Do you have the GMER log ?

SPICERCDC

GMER:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-08-11 15:12:06
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 9A9F7CC4 ZwCreateThread
SSDT 9A9F7CB0 ZwOpenProcess
SSDT 9A9F7CB5 ZwOpenThread
SSDT 9A9F7CBF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 818B3964 4 Bytes [C4, 7C, 9F, 9A] {LES EDI, DWORD [EDI+EBX*4-0x66]}
.text ntkrnlpa.exe!KeSetEvent + 3F1 818B3B34 4 Bytes [B0, 7C, 9F, 9A]
.text ntkrnlpa.exe!KeSetEvent + 40D 818B3B50 4 Bytes [B5, 7C, 9F, 9A]
.text ntkrnlpa.exe!KeSetEvent + 621 818B3D64 2 Bytes [BF, 7C]
.text ntkrnlpa.exe!KeSetEvent + 624 818B3D67 1 Byte [9A]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7489F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7489E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [748D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [748ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7489FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7489FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7492CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [748CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7489D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74896853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7489687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[464] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf2a941
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bf2a941@000f86b18582 0x77 0x79 0x0C 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf2a941
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001a6bf2a941@000f86b18582 0x77 0x79 0x0C 0x82 ...

---- EOF - GMER 1.0.15 ----

SPICERCDC

Thanks Katana.

Katana

There are no signs of infection there, let's see what is using the space


Download WinDirStat form HERE
If you need help using it visit HERE

It won't produce any log for you to post, but it will show you where the bulk of the files are.

Let me know how you get on.

SPICERCDC

Thanks for checking for me, and thanks for the app link. All looks OK after running it. Will run disk cleanup again see if I missed something out.

Spice

lordbean

If your disk usage has jumped with no discernable reason, it could be that windows has simply "decided" to increase the size of the page file for some reason known only to itself. The page file is a large system file that windows uses as a sort of virtual RAM to store things that don't need accessing very often. The size of this file is usually on the order of gigabytes, and could explain the loss of space.