Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Crush Calculator Re-Direct [Solved]

Started by AgentXu , Jul 17 2009 12:05 AM

  • This topic is locked This topic is locked

#1
AgentXu
Posted 17 July 2009 - 12:05 AM

AgentXu

    Member

  • Member
  • PipPipPip
  • 106 posts

For the last week or so my browser (newest version of FireFox) redirects to a website for a "Crush Calculator." It happens intermittently (maybe once every 500th click?) and nothing has found anything. I've run a full scan with AVG, a full scan with MalwareBytes, and a scan with ComboFix and HijackThis (the last two of which I have logs for... I didn't want to do anything until someone else read them.) Nothing has found anything and the only thing that's wrong is that I'm getting this annoying re-direct.


I've googled this issue and found it isn't an uncommon problem but there doesn't seem to be a solution as no one can even agree whether or not the problem is even really malware.


So... any suggestions you guys have would be appreciated (and if you wouldn't mind I'd love it if someone would put my ease at mind by reading over the logs I've got.) Thanks in advance!


X|u


  • 0

Advertisements

#2
AgentXu
Posted 21 July 2009 - 12:21 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Alright. I was PM'ed by an administrator who said I should post the logs after reading the page with the requirements. I was able to to do all the prerequisites (except create a system restore point) and everything afterward except the Rootkit scan. I'll post the error logs for that at the bottom. I know we're not supposed to reply to our own topics but I was told this would help you to help me. This is what I've got. Hopefully this will get us started.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6002 Service Pack 2

7/21/2009 11:01:20 AM
mbam-log-2009-07-21 (11-01-20).txt

Scan type: Quick Scan
Objects scanned: 72835
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x00429430
Attempt to write to address: 0x023db000

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x775d7409
Attempt to read from address: 0xe8f706dd

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x775d7409
Attempt to read from address: 0xe8f706dd


OTL logfile created on: 7/21/2009 10:36:45 AM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Xu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 187.10 Gb Free Space | 65.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.98 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROXY
Current User Name: Xu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/09/03 11:54:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/04/16 23:05:52 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2009/06/09 07:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/12/08 14:34:40 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2007/12/08 14:34:10 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/02 15:22:15 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/02 15:22:16 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/02 15:22:16 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/02/15 18:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2009/06/16 16:26:31 | 01,320,288 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/07/19 08:40:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/07/02 15:22:16 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2007/12/08 14:34:40 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2007/07/02 13:29:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/03 14:46:38 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/01/29 15:11:32 | 00,052,392 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/05/10 01:01:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 16:43:34 | 00,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2008/02/15 18:23:20 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2008/02/22 17:01:38 | 01,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/04/23 06:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2007/05/22 14:18:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/04/10 23:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2007/04/16 22:55:00 | 00,053,776 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\psqltray.exe
PRC - [2009/04/23 06:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2006/09/08 15:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2007/06/06 16:44:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/07/17 03:29:07 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/21 10:35:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Xu\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/20 15:31:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe -- (AESTFilters [Disabled | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/19 08:40:06 | 00,907,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/07/02 15:22:15 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/06/09 07:11:14 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/07/24 18:02:44 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON [Disabled | Stopped])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/09/03 11:54:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/06/03 14:46:38 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
SRV - [2008/02/15 18:25:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/12/08 14:34:40 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/02 21:44:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/14 17:20:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 03:29:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 15:35:42 | 00,000,000 | ---D | M]

[2009/07/03 23:30:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Extensions
[2009/07/03 23:30:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/20 23:01:37 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions
[2009/07/03 23:33:23 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 21:55:36 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/14 15:33:22 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\mozilla\Firefox\Profiles\9icj02pf.default\extensions\[email protected]
[2009/07/17 10:58:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 03:29:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/15 14:14:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/17 10:58:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/17 03:29:07 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/17 03:29:07 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/17 03:29:08 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/04 00:19:31 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/07/14 21:36:24 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/14 21:36:24 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/14 21:36:24 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/14 21:36:24 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/14 21:36:24 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/14 21:36:24 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/14 21:36:24 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] File not found
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - Startup: C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.146.192.16 24.113.32.29 24.113.32.30 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{db2c032e-685c-11de-8a71-001d095fb069}\Shell\AutoRun\command - "" = F:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\{db2c032e-685c-11de-8a71-001d095fb069}\Shell\opEN\CoMmanD - "" = F:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\RECYCLER\help.exe -- File not found
O33 - MountPoints2\F\Shell\opEN\CoMmanD - "" = F:\RECYCLER\help.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/21 10:31:26 | 00,469,504 | ---- | C] ( ) -- C:\Users\Xu\Desktop\RootRepeal.exe
[2009/07/21 10:05:07 | 37,560,64768 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/21 08:29:12 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/21 08:29:07 | 57,869,1217 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/21 08:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/21 08:01:07 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/21 07:57:34 | 00,000,735 | ---- | C] () -- C:\Users\Xu\Desktop\NTREGOPT.lnk
[2009/07/21 07:57:32 | 00,000,716 | ---- | C] () -- C:\Users\Xu\Desktop\ERUNT.lnk
[2009/07/21 07:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/20 20:31:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/07/20 20:31:51 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/07/20 20:31:48 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/07/20 19:39:41 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\Citrix
[2009/07/19 22:40:42 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/19 11:11:28 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/07/19 06:38:42 | 00,000,000 | ---D | C] -- C:\My Music
[2009/07/19 06:38:25 | 00,000,824 | ---- | C] () -- C:\Users\Xu\Desktop\AudioConverter Studio.lnk
[2009/07/19 06:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\AudioConverter Studio
[2009/07/19 00:18:50 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\Yahoo
[2009/07/19 00:16:00 | 00,000,954 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/07/19 00:15:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009/07/19 00:15:22 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/07/18 18:37:21 | 00,000,833 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2009/07/18 18:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/07/18 18:19:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2009/07/18 18:19:11 | 00,001,024 | ---- | C] () -- C:\Users\Xu\Desktop\World of Warcraft Installer.lnk
[2009/07/18 18:16:55 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2009/07/18 18:16:22 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\WinRAR
[2009/07/18 18:15:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/07/18 18:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/07/17 20:52:17 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/07/17 20:51:01 | 02,499,629 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/07/17 20:50:45 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/07/17 20:50:43 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/07/17 20:50:37 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/07/17 20:50:36 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/17 20:50:36 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/17 20:50:34 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/07/17 20:50:33 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/07/17 20:50:30 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/07/17 20:50:22 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/07/17 20:50:21 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/07/17 20:49:59 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/07/17 20:49:49 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/07/17 00:43:27 | 00,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2009/07/17 00:38:04 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\My Games
[2009/07/17 00:38:04 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\My Games
[2009/07/17 00:05:25 | 00,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2009/07/17 00:05:03 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2009/07/16 23:51:46 | 00,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2009/07/16 23:50:55 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2009/07/16 22:49:30 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/16 21:50:41 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2009/07/16 19:23:45 | 00,017,039 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\UserTile.png
[2009/07/15 22:05:33 | 00,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2009/07/15 21:35:00 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009/07/15 12:41:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2009/07/15 09:09:00 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/07/15 09:09:00 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\temp(144)
[2009/07/15 08:56:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 01:47:20 | 00,027,396 | ---- | C] () -- C:\Users\Xu\Desktop\P090629001.jpg
[2009/07/15 01:46:16 | 00,020,084 | ---- | C] () -- C:\Users\Xu\Desktop\P090703037x.jpg
[2009/07/15 01:46:07 | 00,012,213 | ---- | C] () -- C:\Users\Xu\Desktop\Louisx.jpg
[2009/07/14 22:33:53 | 00,001,030 | ---- | C] () -- C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/07/14 22:33:18 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\OpenOffice.org
[2009/07/14 22:28:58 | 00,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/07/14 22:27:51 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/07/14 22:27:37 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/07/14 22:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/14 21:08:31 | 00,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2009/07/14 19:59:13 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\acccore
[2009/07/14 19:57:48 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\AOL OCP
[2009/07/14 19:57:46 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Local\AOL
[2009/07/14 19:56:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2009/07/14 19:56:34 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/07/14 19:56:33 | 00,000,000 | ---D | C] -- C:\ProgramData\acccore
[2009/07/14 19:56:31 | 00,001,758 | ---- | C] () -- C:\Users\Public\Desktop\AIM 6.lnk
[2009/07/14 19:56:10 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2009/07/14 19:56:09 | 00,000,000 | ---D | C] -- C:\ProgramData\AOL
[2009/07/14 19:55:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/07/14 19:54:48 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/07/14 19:54:43 | 00,000,367 | -H-- | C] () -- C:\IPH.PH
[2009/07/14 17:34:22 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/07/14 17:33:15 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\uTorrent
[2009/07/14 17:29:33 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/14 16:56:19 | 00,000,000 | ---D | C] -- C:\Users\Xu\AppData\Roaming\Malwarebytes
[2009/07/14 16:56:14 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/14 16:56:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/14 16:56:12 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/14 16:45:19 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\My Writing
[2009/07/14 16:44:02 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\My Chat Logs
[2009/07/14 16:44:02 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\Dell Webcam Center
[2009/07/14 16:43:59 | 00,000,000 | R--D | C] -- C:\Users\Xu\Documents\Documents
[2009/07/14 16:43:59 | 00,000,000 | ---D | C] -- C:\Users\Xu\Documents\AIMLogger
[2009/07/14 15:19:34 | 00,000,000 | -H-D | C] -- C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
[2009/07/14 15:16:30 | 10,534,712 | ---- | C] (Stardock Corporation ) -- C:\Users\Xu\Desktop\DellDock15c_setup_ENG.exe

========== Files - Modified Within 14 Days ==========

[2009/07/21 10:32:05 | 00,054,562 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/07/21 10:32:05 | 00,054,562 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/21 10:10:10 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/21 10:10:10 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/21 10:10:10 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/21 10:05:40 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/21 10:05:40 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/21 10:05:38 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/21 10:05:18 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/21 10:05:07 | 37,560,64768 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/21 08:31:51 | 39,107,453 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/21 08:31:51 | 00,034,448 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/21 08:29:07 | 57,869,1217 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/21 08:00:39 | 00,000,735 | ---- | M] () -- C:\Users\Xu\Desktop\NTREGOPT.lnk
[2009/07/21 08:00:39 | 00,000,716 | ---- | M] () -- C:\Users\Xu\Desktop\ERUNT.lnk
[2009/07/20 22:56:53 | 00,041,984 | ---- | M] () -- C:\Users\Xu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/20 20:37:30 | 00,246,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/20 18:40:24 | 00,001,356 | ---- | M] () -- C:\Users\Xu\AppData\Local\d3d9caps.dat
[2009/07/20 18:39:32 | 00,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/07/20 05:44:07 | 00,000,076 | RHS- | M] () -- C:\Windows\CT4CET.bin
[2009/07/19 22:40:43 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/19 11:11:28 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/07/19 08:40:25 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/19 06:38:25 | 00,000,824 | ---- | M] () -- C:\Users\Xu\Desktop\AudioConverter Studio.lnk
[2009/07/19 00:16:00 | 00,000,954 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009/07/18 21:43:00 | 00,000,833 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2009/07/18 20:52:54 | 00,001,024 | ---- | M] () -- C:\Users\Xu\Desktop\World of Warcraft Installer.lnk
[2009/07/17 00:43:27 | 00,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2009/07/17 00:20:42 | 00,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Launch Sid Meier's Civilization 4.lnk
[2009/07/16 23:51:46 | 00,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2009/07/16 19:23:45 | 00,017,039 | ---- | M] () -- C:\Users\Xu\AppData\Roaming\UserTile.png
[2009/07/15 14:05:49 | 00,030,720 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2009/07/15 01:41:33 | 00,052,776 | ---- | M] () -- C:\Users\Xu\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 22:33:53 | 00,001,030 | ---- | M] () -- C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2009/07/14 22:28:58 | 00,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/07/14 19:57:45 | 00,000,367 | -H-- | M] () -- C:\IPH.PH
[2009/07/14 19:56:31 | 00,001,758 | ---- | M] () -- C:\Users\Public\Desktop\AIM 6.lnk
[2009/07/14 17:23:39 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/14 15:16:33 | 10,534,712 | ---- | M] (Stardock Corporation ) -- C:\Users\Xu\Desktop\DellDock15c_setup_ENG.exe
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Users\Xu\Desktop\RootRepeal.exe
[2009/07/12 08:50:29 | 00,012,213 | ---- | M] () -- C:\Users\Xu\Desktop\Louisx.jpg

========== LOP Check ==========

[2009/07/18 18:16:22 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming
[2009/07/14 19:59:15 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\acccore
[2009/07/03 06:30:51 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\Dell
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\Media Center Programs
[2009/07/15 14:14:04 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\OpenOffice.org
[2009/07/02 13:31:01 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\TMP
[2009/07/21 07:32:04 | 00,000,000 | ---D | M] -- C:\Users\Xu\AppData\Roaming\uTorrent
[2009/07/21 10:05:38 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/21 08:32:39 | 00,027,012 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 7/21/2009 10:36:45 AM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Users\Xu\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 187.10 Gb Free Space | 65.53% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.98 Gb Free Space | 49.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PROXY
Current User Name: Xu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{227D3F5D-04C5-4AB4-B340-AA0F81A9F418}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32509FA3-4E43-4B02-AB2D-8A9953E62DAE}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28A3367C-F217-470E-8D97-52365AB5593B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{386C3505-786B-46B9-85DC-FF91AD3D8FF5}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{3D7A3567-52A0-4EEF-A442-96FB73805E6B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4199C6E7-DE5D-4506-A4FF-5B66F44858F9}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{4698FD99-A619-449D-92A1-34F0A980363D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5B36A557-49E6-44E7-9493-8B9718722BC0}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{5CD7C3CD-AC47-4072-81CE-2FFC8673FFF4}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{6D83A240-5CA1-40C0-AB4D-CAC4A431CC37}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{80FB4259-6A16-4169-BD56-36C9E75707D5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{91677F9A-994C-46CC-9619-3D4B56A7E3A7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9588AE9D-5F66-4B2F-A760-51246ED7C3BB}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{968F4FB2-0E14-448F-B1CE-B311E2D14530}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9E651D29-4340-4126-8ED6-559C91E1CC3E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A2F0E961-E872-4D43-80DD-5F5C86F65022}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{A8DBC36C-2A59-4BCD-AE6A-7637270FC9EB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CD0E2211-0D9F-471F-91EA-C479951ACD3C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{D6E7901C-5D8B-4F6D-86E0-DC467FEDF6AF}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{D7BB4A89-80BE-4943-9E55-A1BD081A940D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E2D3D045-3858-4B71-8FF0-CC05E2A98DC9}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EEA3330D-359D-4E12-81A0-227CAD814330}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F5846DCB-8CFF-4B43-A5E2-42122D670822}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F7232E8B-0152-4F18-805C-4DBD818794DF}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{F9EBCEF8-9386-4223-BCFB-72B02C70AAB5}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"TCP Query User{9533DF72-AE9E-4FD2-B9A3-851D1F39AD5E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{D89C3B8E-EE7E-4AAA-AC15-0770701D0136}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIM_6" = AIM 6
"AudioConverter Studio_is1" = AudioConverter Studio 6.0
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Dock" = Dell Dock
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"NVIDIA Drivers" = NVIDIA Drivers
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2009 11:32:34 AM | Computer Name = Proxy | Source = EventSystem | ID = 4621
Description =

Error - 7/21/2009 11:34:17 AM | Computer Name = Proxy | Source = EventSystem | ID = 4609
Description =

Error - 7/21/2009 11:34:53 AM | Computer Name = Proxy | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2009 12:18:45 PM | Computer Name = Proxy | Source = EventSystem | ID = 4609
Description =

Error - 7/21/2009 12:19:21 PM | Computer Name = Proxy | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2009 12:59:09 PM | Computer Name = Proxy | Source = EventSystem | ID = 4609
Description =

Error - 7/21/2009 1:06:41 PM | Computer Name = Proxy | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2009 1:32:16 PM | Computer Name = Proxy | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.2.0, time stamp 0x4a5a9016,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0012da7d, process id 0x1434, application start time 0x01ca0a292b87642d.

Error - 7/21/2009 1:33:00 PM | Computer Name = Proxy | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.2.0, time stamp 0x4a5a9016,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0012da80, process id 0x17c8, application start time 0x01ca0a29485de60d.

Error - 7/21/2009 1:34:21 PM | Computer Name = Proxy | Source = Application Error | ID = 1000
Description = Faulting application RootRepeal.exe, version 1.3.2.0, time stamp 0x4a5a9016,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0012da6f, process id 0x16a4, application start time 0x01ca0a2978d0651d.

[ Broadcom Wireless LAN Events ]
Error - 7/6/2009 4:35:00 AM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 01:35:00, Mon, Jul 06, 09 Error - Unable to gain access to user store


Error - 7/6/2009 12:44:47 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 09:44:47, Mon, Jul 06, 09 Error - Unable to gain access to user store


Error - 7/6/2009 4:52:56 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 13:52:56, Mon, Jul 06, 09 Error - Unable to gain access to user store


Error - 7/6/2009 4:56:58 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 13:56:58, Mon, Jul 06, 09 Error - Unable to gain access to user store


Error - 7/6/2009 6:42:43 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 15:42:42, Mon, Jul 06, 09 Error - Unable to gain access to user store


Error - 7/15/2009 9:51:12 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 18:51:12, Wed, Jul 15, 09 Error - Unable to gain access to user store


Error - 7/15/2009 11:53:03 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 20:53:03, Wed, Jul 15, 09 Error - Unable to gain access to user store


Error - 7/16/2009 1:58:56 AM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 22:58:56, Wed, Jul 15, 09 Error - Unable to gain access to user store


Error - 7/17/2009 6:37:37 PM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 15:37:36, Fri, Jul 17, 09 Error - Unable to gain access to user store


Error - 7/20/2009 6:35:52 AM | Computer Name = Proxy | Source = WLAN-Tray | ID = 0
Description = 03:35:52, Mon, Jul 20, 09 Error - Unable to gain access to user store


[ System Events ]
Error - 7/21/2009 12:19:23 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7001
Description =

Error - 7/21/2009 12:59:09 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7001
Description =

Error - 7/21/2009 12:59:09 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7001
Description =

Error - 7/21/2009 12:59:43 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7001
Description =

Error - 7/21/2009 12:59:45 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7001
Description =

Error - 7/21/2009 1:06:42 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2009 1:06:42 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2009 1:06:42 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2009 1:07:00 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7000
Description =

Error - 7/21/2009 1:07:01 PM | Computer Name = Proxy | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#3
emeraldnzl
Posted 22 July 2009 - 03:11 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AgentXu,

Download Lop S&D by Eric_71 and save it to your desktop.

Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and anti-malware programs so they do not interfere with the running of Lop S&D. You can usually do this via a right click on the System Tray icon.
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 2 to choose Option 2 (Fix + Hosts), then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

Next

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

So when you return please post
  • lop report
  • Goored.txt
  • 0

#4
AgentXu
Posted 22 July 2009 - 03:44 AM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

I cannot get either one of these things to run and I've tried twice with each.

LopSD.exe gets me as far as the "Language select" screen, I hit "E" and then nothing else happens. GooredFix says it was automatically scan and fix problems to which I say okay and then nothing else happens.

This is a problem shared by Malwarebytes and AVG neither one of which can complete a full scan. Malwarebytes stops around the 30 minute mark (give or take a few minutes) every time during a full scan and AVG seems to freeze at random.

What do I do now?

X|u


  • 0

#5
emeraldnzl
Posted 22 July 2009 - 04:28 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, couple of possibilities here. :)

Firstly let's disable AVG Resident Sheild and AVG Security Toolbar and see if that makes a difference.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

Then

How to disable the AVG8 Security Toolbar

Internet Explorer - use the mouse right-click on the toolbar and check-off the AVGTOOLBAR option in the list

Mozilla Firefox - Tools menu -> Add-ons. Find the AVG Toolbar here and click on the Disable button.

Next

For now let's put aside Lop S&D and GooredFix and concentrate on Malwarebytes.

Once you have disabled AVG Resident Shield please see if you can update and then run Malwarebytes. Post the scan report back here.

If you still have a problem, try re-naming MBAM.exe to say MBAM.com and see if that works.

PS: I am going to be away for a bit of sleep (night time here) so won't get back to you for a few hours. :)
  • 0

#6
AgentXu
Posted 22 July 2009 - 01:07 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Alright, here's the story now; I was able to run quick scan on MalwareBytes. It detected 11 things. Before I hit "remove" (which I assumed I would be instructed to do anyway) I hit the "Save" thing which saved what I'll post below. I have -no- idea where the one it says it saved went. All of the 11 infected files were removed. I turned back on AVG's resident shield and tool bars. What's next? (You are -awesome- for helping me out with this by the way. I seriously can't thank you enough. I am ecstatic to be putting this issue to bed.)



Malwarebytes' Anti-Malware 1.39
Database version: 2481
Windows 6.0.6002 Service Pack 2

7/22/2009 11:55:32 AM
MBAMWorked!

Scan type: Quick Scan
Objects scanned: 77343
Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\geyekrifkerwpr.dll (Trojan.TDSS) -> No action taken.

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> No action taken.

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> No action taken.

Files Infected:
\\?\globalroot\systemroot\System32\geyekrifkerwpr.dll (Trojan.TDSS) -> No action taken.
c:\Windows\System32\lowsec\local.ds (Stolen.data) -> No action taken.
c:\Windows\System32\lowsec\user.ds (Stolen.data) -> No action taken.
  • 0

#7
AgentXu
Posted 22 July 2009 - 02:23 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Alright, so as to get the log, I decided to run it again. I re-downloaded Malwarebytes after uninstalling it complete and ran the quick scan. It found two more things it didn't find in the original scan. Here is the complete log (which I felt I should post before it disappeared like the first one upon a restart. Hope this helps.

Malwarebytes' Anti-Malware 1.39
Database version: 2481
Windows 6.0.6002 Service Pack 2

7/22/2009 1:18:36 PM
mbam-log-2009-07-22 (13-18-36).txt

Scan type: Quick Scan
Objects scanned: 77158
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\geyekrifkerwpr.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\System32\geyekrifkerwpr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
  • 0

#8
emeraldnzl
Posted 22 July 2009 - 03:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AgentXu,

Glad to see you got MBAM to run.

Those logs tell me that we need to use a different tool.

So

PLease download Combofix from either of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image

Posted Image
--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for review.

  • 0

#9
AgentXu
Posted 22 July 2009 - 03:47 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
Alright, here we go- round III.


ComboFix 09-07-22.01 - Xu 07/22/2009 14:21.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2727 [GMT -7:00]
Running from: c:\users\Xu\Desktop\kksdsieirjf.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2009-07-22 20:13 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-22 20:13 . 2009-07-22 20:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 20:13 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-22 09:21 . 2009-07-22 09:21 -------- d-----w- C:\Lop SD
2009-07-21 14:57 . 2009-07-21 15:00 -------- d-----w- c:\program files\ERUNT
2009-07-21 03:31 . 2009-07-21 03:34 -------- d-----w- c:\windows\system32\ca-ES
2009-07-21 03:31 . 2009-07-21 03:34 -------- d-----w- c:\windows\system32\eu-ES
2009-07-21 03:31 . 2009-07-21 03:34 -------- d-----w- c:\windows\system32\vi-VN
2009-07-21 02:39 . 2009-07-21 02:39 -------- d-----w- c:\users\Xu\AppData\Local\Citrix
2009-07-19 13:38 . 2009-07-19 13:38 -------- d-----w- C:\My Music
2009-07-19 13:38 . 2009-07-19 13:38 -------- d-----w- c:\program files\AudioConverter Studio
2009-07-19 07:18 . 2009-07-19 07:18 -------- d-----w- c:\users\Xu\AppData\Local\Yahoo
2009-07-19 07:15 . 2009-07-19 07:18 -------- d-----w- c:\progra~2\Yahoo!
2009-07-19 07:15 . 2009-07-19 07:15 -------- d-----w- c:\program files\Yahoo!
2009-07-19 01:37 . 2009-07-19 03:12 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-19 01:37 . 2009-07-19 02:59 -------- d-----w- c:\users\Public\Games
2009-07-19 01:19 . 2009-07-19 01:19 -------- d-----w- c:\progra~2\Blizzard
2009-07-19 01:11 . 2009-07-19 01:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-18 03:52 . 2009-07-18 03:52 -------- d-----w- c:\windows\system32\EventProviders
2009-07-18 03:50 . 2009-04-11 06:28 2868224 ----a-w- c:\windows\system32\mf.dll
2009-07-18 03:49 . 2009-04-11 06:28 49152 ----a-w- c:\windows\system32\wbem\wbemsvc.dll
2009-07-17 07:38 . 2009-07-17 07:38 -------- d-----w- c:\users\Xu\AppData\Local\My Games
2009-07-17 07:20 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-07-17 07:20 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-07-17 07:20 . 2007-03-15 23:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-07-17 07:20 . 2007-03-12 23:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-07-17 07:20 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-07-17 07:20 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-07-17 07:20 . 2006-12-08 19:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-07-17 07:20 . 2006-11-29 20:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
2009-07-17 07:20 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-17 07:05 . 2009-07-17 07:05 -------- d-----w- c:\program files\Firaxis Games
2009-07-17 07:04 . 2005-05-26 22:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-07-17 06:50 . 2009-07-17 06:50 -------- d-----w- c:\program files\Elaborate Bytes
2009-07-17 05:49 . 2009-07-17 05:49 -------- d-----w- c:\program files\Trend Micro
2009-07-16 06:45 . 2009-07-22 20:36 -------- d-----w- c:\users\Xu\Tracing
2009-07-16 05:04 . 2009-07-16 05:06 -------- d-----w- c:\users\Xu\dwhelper
2009-07-16 04:35 . 2009-07-20 06:00 -------- d-----w- c:\windows\Downloaded Installations
2009-07-15 19:41 . 2009-07-15 19:41 -------- d-----w- c:\progra~2\Agnitum
2009-07-15 16:09 . 2009-07-15 21:07 -------- d-----w- c:\users\Xu\AppData\Local\temp(144)
2009-07-15 05:34 . 2009-07-21 01:44 1 ----a-w- c:\users\Xu\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-15 05:33 . 2009-07-15 21:14 -------- d-----w- c:\users\Xu\AppData\Roaming\OpenOffice.org
2009-07-15 05:27 . 2009-07-15 05:27 -------- d-----w- c:\program files\JRE
2009-07-15 05:27 . 2009-07-15 21:14 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-15 05:26 . 2009-05-21 18:33 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-15 05:26 . 2009-07-17 17:58 -------- d-----w- c:\program files\Java
2009-07-15 04:08 . 2009-07-15 21:14 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-07-15 02:59 . 2009-07-15 02:59 -------- d-----w- c:\users\Xu\AppData\Roaming\acccore
2009-07-15 02:57 . 2009-07-15 02:57 -------- d-----w- c:\users\Xu\AppData\Local\AOL OCP
2009-07-15 02:57 . 2009-07-15 02:57 -------- d-----w- c:\users\Xu\AppData\Local\AOL
2009-07-15 02:56 . 2009-07-22 20:45 -------- d-----w- c:\progra~2\Viewpoint
2009-07-15 02:56 . 2009-07-15 21:14 -------- d-----w- c:\progra~2\acccore
2009-07-15 02:56 . 2009-07-15 02:58 -------- d-----w- c:\progra~2\AOL OCP
2009-07-15 02:56 . 2009-07-15 02:56 -------- d-----w- c:\progra~2\AOL
2009-07-15 02:55 . 2009-07-15 21:14 -------- d-----w- c:\program files\Common Files\AOL
2009-07-15 02:54 . 2009-07-15 21:14 -------- d-----w- c:\program files\AIM6
2009-07-15 00:34 . 2009-07-15 00:34 -------- d-----w- c:\program files\uTorrent
2009-07-15 00:33 . 2009-07-22 21:17 -------- d-----w- c:\users\Xu\AppData\Roaming\uTorrent
2009-07-15 00:29 . 2009-07-22 16:05 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\users\Xu\AppData\Roaming\Malwarebytes
2009-07-14 23:56 . 2009-07-14 23:56 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-14 22:19 . 2009-07-14 22:19 -------- dc-h--w- c:\progra~2\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-14 21:37 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 21:37 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 21:37 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 21:37 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 21:37 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-14 21:37 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-04 10:13 . 2009-07-04 10:13 -------- d-----w- c:\users\Xu\AppData\Roaming\Reallusion
2009-07-04 10:06 . 2009-07-04 10:06 -------- d-----w- c:\users\Xu\AppData\Roaming\Creative
2009-07-04 07:20 . 2009-07-19 18:15 -------- d-----w- c:\users\Xu\AppData\Roaming\Apple Computer
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\users\Xu\AppData\Local\Apple Computer
2009-07-04 06:54 . 2009-07-04 06:54 -------- d-----r- C:\Music
2009-07-04 06:48 . 2009-07-04 06:53 -------- d-----r- C:\Videos
2009-07-04 06:32 . 2009-07-04 06:32 -------- d-----w- c:\program files\Microsoft
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\program files\Windows Live
2009-07-04 06:31 . 2009-07-04 06:31 -------- d-----w- c:\windows\PCHEALTH
2009-07-04 06:29 . 2009-07-04 06:29 -------- d-----w- c:\users\Xu\AppData\Local\Mozilla
2009-07-04 06:28 . 2009-07-04 06:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-03 13:36 . 2009-07-03 13:36 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-07-03 13:30 . 2009-07-03 13:30 -------- d-----w- c:\program files\Cisco
2009-07-03 13:13 . 2008-02-16 01:25 102400 ----a-w- c:\windows\system32\stacsv.exe
2009-07-03 13:13 . 2007-09-20 22:31 647168 ----a-w- c:\windows\system32\aestecap.dll
2009-07-03 13:13 . 2007-09-20 22:31 131072 ----a-w- c:\windows\system32\aestacap.dll
2009-07-03 13:13 . 2007-09-20 22:31 73728 ----a-w- c:\windows\system32\AEstSrv.exe
2009-07-03 13:13 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-07-03 13:12 . 2008-02-16 01:26 328704 ----a-w- c:\windows\system32\stcplx.dll
2009-07-03 13:12 . 2008-02-16 01:25 527872 ----a-w- c:\windows\system32\stapo.dll
2009-07-03 13:12 . 2008-02-16 01:23 312320 ----a-w- c:\windows\system32\stapi32.dll
2009-07-03 13:07 . 2009-07-20 12:44 76 --sh--r- c:\windows\CT4CET.bin
2009-07-03 13:07 . 2009-07-03 13:07 -------- d-----w- c:\program files\Common Files\Reallusion
2009-07-03 13:05 . 2003-03-19 15:19 1060864 ------w- c:\windows\system32\MFC71.DLL
2009-07-03 13:05 . 2003-03-19 06:14 499712 ------w- c:\windows\system32\msvcp71.dll
2009-07-03 13:05 . 2003-02-21 06:42 348160 ------w- c:\windows\system32\msvcr71.dll
2009-07-03 13:05 . 2009-07-20 12:42 -------- d-----w- c:\program files\Creative Live! Cam
2009-07-03 13:05 . 2009-07-20 12:41 -------- d-----w- c:\program files\Creative
2009-07-03 12:44 . 2009-07-03 12:44 -------- d-----w- c:\users\Xu\AppData\Local\Dell
2009-07-03 12:41 . 2009-07-03 12:41 -------- d-----w- c:\users\Xu\AppData\Local\SupportSoft
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\progra~2\SupportSoft
2009-07-03 12:40 . 2009-07-03 12:40 -------- d-----w- c:\progra~2\PCDr
2009-07-03 12:39 . 2009-07-03 12:40 -------- d-----w- c:\program files\Dell Support Center
2009-07-03 12:39 . 2009-07-03 12:39 -------- d-----w- c:\program files\Common Files\supportsoft
2009-07-03 04:44 . 2008-09-03 18:54 768544 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-03 04:44 . 2008-09-03 18:54 313888 ----a-w- c:\windows\system32\nvexpbar.dll
2009-07-03 04:44 . 2008-09-03 18:54 1079840 ----a-w- c:\windows\system32\nvcpluir.dll
2009-07-03 04:37 . 2008-08-22 09:00 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-02 22:44 . 2009-07-03 03:50 -------- d-----w- c:\windows\system32\Macromed
2009-07-02 22:22 . 2009-07-02 22:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 22:22 . 2009-07-02 22:22 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-02 22:22 . 2009-07-19 15:40 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 22:22 . 2009-07-02 22:22 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-02 22:22 . 2009-07-22 15:12 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-02 22:22 . 2009-07-02 22:22 -------- d-----w- c:\program files\AVG
2009-07-02 22:22 . 2009-07-15 00:18 -------- d-----w- c:\progra~2\avg8
2009-07-02 22:19 . 2009-07-02 22:19 -------- d-----w- c:\users\Xu\AppData\Local\Stardock_Corporation
2009-07-02 22:14 . 2009-07-03 13:30 -------- d-----w- c:\users\Xu\AppData\Roaming\Dell
2009-07-02 22:12 . 2009-07-03 12:41 -------- d-----w- c:\progra~2\Dell
2009-07-02 21:30 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-07-02 21:05 . 2009-07-02 21:05 -------- d-----w- c:\program files\DellTPad
2009-07-02 21:00 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-02 20:56 . 2009-04-23 12:15 828416 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 20:56 . 2009-04-24 16:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-02 20:56 . 2009-07-02 20:56 -------- d-----w- c:\progra~2\Citrix
2009-07-02 20:55 . 2009-07-21 03:56 -------- d-----w- c:\users\Xu\AppData\Local\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 18:37 . 2009-07-03 04:48 54562 ----a-w- c:\progra~2\nvModes.dat
2009-07-21 03:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-21 03:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-21 03:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-21 03:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-21 03:25 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-21 01:40 . 2009-07-02 19:17 1356 ----a-w- c:\users\Xu\AppData\Local\d3d9caps.dat
2009-07-19 18:11 . 2009-07-19 18:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-19 18:10 . 2009-07-04 07:17 -------- d-----w- c:\progra~2\Apple
2009-07-15 08:41 . 2009-07-02 19:17 52776 ----a-w- c:\users\Xu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\program files\iTunes
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-04 07:20 . 2009-07-04 07:20 -------- d-----w- c:\program files\iPod
2009-07-04 07:20 . 2009-07-04 07:17 -------- d-----w- c:\program files\Common Files\Apple
2009-07-04 07:20 . 2009-07-04 07:19 -------- d-----w- c:\progra~2\Apple Computer
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\Bonjour
2009-07-04 07:19 . 2009-07-04 07:19 -------- d-----w- c:\program files\QuickTime
2009-07-04 07:18 . 2009-07-04 07:18 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 21:05 . 2009-07-02 21:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-07-02 20:24 . 2009-07-02 20:24 -------- d-----w- c:\users\Xu\AppData\Roaming\InstallShield
2009-06-05 18:42 . 2009-06-05 18:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-05 18:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-07-17 10:29 . 2009-07-04 06:29 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:50 2957312 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]

c:\users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-16 1320288]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 06:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Xu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0a,de,69,3f,5e,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CD0E2211-0D9F-471F-91EA-C479951ACD3C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{28A3367C-F217-470E-8D97-52365AB5593B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F7232E8B-0152-4F18-805C-4DBD818794DF}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{D7BB4A89-80BE-4943-9E55-A1BD081A940D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3D7A3567-52A0-4EEF-A442-96FB73805E6B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8DBC36C-2A59-4BCD-AE6A-7637270FC9EB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6D83A240-5CA1-40C0-AB4D-CAC4A431CC37}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{91677F9A-994C-46CC-9619-3D4B56A7E3A7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E2D3D045-3858-4B71-8FF0-CC05E2A98DC9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{80FB4259-6A16-4169-BD56-36C9E75707D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E651D29-4340-4126-8ED6-559C91E1CC3E}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D6E7901C-5D8B-4F6D-86E0-DC467FEDF6AF}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{5B36A557-49E6-44E7-9493-8B9718722BC0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{9588AE9D-5F66-4B2F-A760-51246ED7C3BB}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{386C3505-786B-46B9-85DC-FF91AD3D8FF5}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{F9EBCEF8-9386-4223-BCFB-72B02C70AAB5}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{5CD7C3CD-AC47-4072-81CE-2FFC8673FFF4}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{A2F0E961-E872-4D43-80DD-5F5C86F65022}"= UDP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{4199C6E7-DE5D-4506-A4FF-5B66F44858F9}"= TCP:c:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"TCP Query User{9533DF72-AE9E-4FD2-B9A3-851D1F39AD5E}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{D89C3B8E-EE7E-4AAA-AC15-0770701D0136}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{968F4FB2-0E14-448F-B1CE-B311E2D14530}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EEA3330D-359D-4E12-81A0-227CAD814330}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/2/2009 3:22 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/2/2009 3:22 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/2/2009 3:22 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/2/2009 3:22 PM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [6/9/2009 7:11 AM 155648]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [7/2/2009 1:22 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [7/2/2009 1:22 PM 7424]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\AEstSrv.exe [7/3/2009 6:12 AM 73728]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Xu\AppData\Roaming\Mozilla\Firefox\Profiles\9icj02pf.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 14:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
geyekrifkerwpr.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrifkerwpr.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2009-07-22 14:45
ComboFix-quarantined-files.txt 2009-07-22 21:45
ComboFix2.txt 2009-07-15 16:08

Pre-Run: 200,954,830,848 bytes free
Post-Run: 200,975,777,792 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=7 Sets=1,2,3,4,5,6,7
331 --- E O F --- 2009-07-21 08:00
  • 0

#10
emeraldnzl
Posted 22 July 2009 - 04:26 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi AgentXu,

Lets run GooredFix now.

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

After that

  • Please download random's system information tool (RSIT) by random/random from here.
  • It is important that it is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
So when you return please post
  • Goored.txt
  • the two RSIT logs - lot.txt and info.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

Advertisements

#11
AgentXu
Posted 22 July 2009 - 04:41 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
It is simply not having the Goored business. It fails before I ever get the chance to do anything. If what Windows says helps...

Files that help describe the problem:
C:\Users\Xu\AppData\Local\Temp\WER7D.tmp.version.txt
C:\Users\Xu\AppData\Local\Temp\WERE25.tmp.appcompat.txt
C:\Users\Xu\AppData\Local\Temp\WERE45.tmp.hdmp

So, that's that. I tried downloading it twice. I even re-started. No dice. I did get the other two logs though.





Logfile of random's system information tool 1.06 (written by random/random)
Run by Xu at 2009-07-22 15:34:26
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 192 GB (66%) free of 292 GB
Total RAM: 3581 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:39 PM, on 7/22/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Xu\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Xu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 5636 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-24 174616]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-02 1948440]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-06-03 206064]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-01-29 52392]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"OEM02Mon.exe"=C:\Windows\OEM02Mon.exe [2007-05-10 36864]
"DELL Webcam Manager"=C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-02-15 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2008-09-03 13552160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
C:\Windows\system32\nvHotkey.dll [2008-09-03 96800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-09-03 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\Windows\OEM02Mon.exe [2007-05-10 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-02-15 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Xu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
C:\PROGRA~1\Dell\DellDock\DellDock.exe [2009-06-16 1320288]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

C:\Users\Xu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-16 86528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-07-22 15:34:26 ----D---- C:\rsit
2009-07-22 14:46:01 ----SHD---- C:\$RECYCLE.BIN
2009-07-22 14:45:52 ----A---- C:\ComboFix.txt
2009-07-22 14:38:47 ----D---- C:\Windows\temp
2009-07-22 14:15:10 ----A---- C:\Windows\NIRCMD.exe
2009-07-22 14:15:09 ----A---- C:\Windows\zip.exe
2009-07-22 14:15:09 ----A---- C:\Windows\SWXCACLS.exe
2009-07-22 14:15:09 ----A---- C:\Windows\SWSC.exe
2009-07-22 14:15:09 ----A---- C:\Windows\SWREG.exe
2009-07-22 14:15:09 ----A---- C:\Windows\sed.exe
2009-07-22 14:15:09 ----A---- C:\Windows\PEV.exe
2009-07-22 14:15:09 ----A---- C:\Windows\grep.exe
2009-07-22 14:14:15 ----D---- C:\Qoobox
2009-07-22 13:13:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-22 02:21:43 ----D---- C:\Lop SD
2009-07-21 08:29:12 ----D---- C:\Windows\Minidump
2009-07-21 08:01:07 ----D---- C:\Windows\ERDNT
2009-07-21 07:57:26 ----D---- C:\Program Files\ERUNT
2009-07-20 20:31:51 ----D---- C:\Windows\system32\eu-ES
2009-07-20 20:31:51 ----D---- C:\Windows\system32\ca-ES
2009-07-20 20:31:48 ----D---- C:\Windows\system32\vi-VN
2009-07-20 18:18:25 ----A---- C:\Windows\system32\avgrep.txt
2009-07-19 06:38:42 ----D---- C:\My Music
2009-07-19 06:38:20 ----D---- C:\Program Files\AudioConverter Studio
2009-07-19 00:15:29 ----D---- C:\ProgramData\Yahoo!
2009-07-19 00:15:22 ----D---- C:\Program Files\Yahoo!
2009-07-18 18:37:21 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-07-18 18:19:22 ----D---- C:\ProgramData\Blizzard
2009-07-18 18:16:22 ----D---- C:\Users\Xu\AppData\Roaming\WinRAR
2009-07-18 18:15:52 ----D---- C:\Program Files\WinRAR
2009-07-18 18:11:18 ----D---- C:\Program Files\Windows Live Safety Center
2009-07-17 20:52:17 ----D---- C:\Windows\system32\EventProviders
2009-07-17 20:51:17 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-17 20:51:13 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-17 20:51:13 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-17 20:51:11 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-17 20:51:11 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-17 20:51:10 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-17 20:51:07 ----A---- C:\Windows\system32\mssrch.dll
2009-07-17 20:51:05 ----A---- C:\Windows\system32\tquery.dll
2009-07-17 20:51:04 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-17 20:51:04 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-17 20:51:04 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-17 20:51:03 ----A---- C:\Windows\system32\scavenge.dll
2009-07-17 20:51:03 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-17 20:51:02 ----A---- C:\Windows\system32\msi.dll
2009-07-17 20:51:01 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-17 20:51:01 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-17 20:51:01 ----A---- C:\Windows\system32\sysmain.dll
2009-07-17 20:51:01 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-17 20:51:01 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-17 20:50:59 ----A---- C:\Windows\system32\mf.dll
2009-07-17 20:50:59 ----A---- C:\Windows\system32\icardagt.exe
2009-07-17 20:50:59 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-17 20:50:59 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-17 20:50:58 ----A---- C:\Windows\system32\ieframe.dll
2009-07-17 20:50:57 ----A---- C:\Windows\system32\spwizui.dll
2009-07-17 20:50:57 ----A---- C:\Windows\system32\spreview.exe
2009-07-17 20:50:57 ----A---- C:\Windows\system32\spinstall.exe
2009-07-17 20:50:57 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-17 20:50:57 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-17 20:50:56 ----A---- C:\Windows\system32\shell32.dll
2009-07-17 20:50:56 ----A---- C:\Windows\system32\secproc.dll
2009-07-17 20:50:55 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-17 20:50:55 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-17 20:50:55 ----A---- C:\Windows\system32\mssvp.dll
2009-07-17 20:50:54 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-17 20:50:54 ----A---- C:\Windows\system32\mssph.dll
2009-07-17 20:50:54 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-17 20:50:54 ----A---- C:\Windows\system32\mscoree.dll
2009-07-17 20:50:54 ----A---- C:\Windows\system32\imapi2.dll
2009-07-17 20:50:53 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-17 20:50:53 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-17 20:50:53 ----A---- C:\Windows\system32\esent.dll
2009-07-17 20:50:52 ----A---- C:\Windows\system32\sperror.dll
2009-07-17 20:50:52 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-17 20:50:52 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-17 20:50:52 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-17 20:50:52 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\wmp.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\SLC.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-17 20:50:51 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\msshsq.dll
2009-07-17 20:50:51 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-17 20:50:50 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-17 20:50:49 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-17 20:50:49 ----A---- C:\Windows\system32\msjet40.dll
2009-07-17 20:50:49 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-17 20:50:48 ----A---- C:\Windows\system32\Query.dll
2009-07-17 20:50:48 ----A---- C:\Windows\system32\qmgr.dll
2009-07-17 20:50:48 ----A---- C:\Windows\system32\msxml6.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\ole32.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\ntdll.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\msxml3.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\msexch40.dll
2009-07-17 20:50:47 ----A---- C:\Windows\system32\diagperf.dll
2009-07-17 20:50:46 ----A---- C:\Windows\system32\winload.exe
2009-07-17 20:50:46 ----A---- C:\Windows\system32\uDWM.dll
2009-07-17 20:50:46 ----A---- C:\Windows\system32\mmc.exe
2009-07-17 20:50:46 ----A---- C:\Windows\system32\mblctr.exe
2009-07-17 20:50:46 ----A---- C:\Windows\system32\EncDec.dll
2009-07-17 20:50:46 ----A---- C:\Windows\system32\dfsr.exe
2009-07-17 20:50:45 ----A---- C:\Windows\system32\riched20.dll
2009-07-17 20:50:45 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-17 20:50:45 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-17 20:50:45 ----A---- C:\Windows\system32\fdBth.dll
2009-07-17 20:50:44 ----A---- C:\Windows\system32\spoolss.dll
2009-07-17 20:50:44 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-17 20:50:44 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-17 20:50:44 ----A---- C:\Windows\system32\milcore.dll
2009-07-17 20:50:44 ----A---- C:\Windows\system32\kernel32.dll
2009-07-17 20:50:44 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-17 20:50:44 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\jscript.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\gpedit.dll
2009-07-17 20:50:43 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-17 20:50:42 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-17 20:50:41 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-17 20:50:41 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-17 20:50:41 ----A---- C:\Windows\system32\mstext40.dll
2009-07-17 20:50:41 ----A---- C:\Windows\system32\Magnify.exe
2009-07-17 20:50:41 ----A---- C:\Windows\system32\es.dll
2009-07-17 20:50:41 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-17 20:50:41 ----A---- C:\Windows\system32\advapi32.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\vssapi.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\slwmi.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-17 20:50:39 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-17 20:50:38 ----A---- C:\Windows\system32\vbscript.dll
2009-07-17 20:50:38 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-17 20:50:38 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-17 20:50:38 ----A---- C:\Windows\system32\mstscax.dll
2009-07-17 20:50:38 ----A---- C:\Windows\system32\msrepl40.dll
2009-07-17 20:50:38 ----A---- C:\Windows\system32\authui.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\setupapi.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\rpcss.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\propsys.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\newdev.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-17 20:50:37 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-17 20:50:37 ----A---- C:\Windows\system32\crypt32.dll
2009-07-17 20:50:37 ----A---- C:\Windows\explorer.exe
2009-07-17 20:50:36 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\msltus40.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\mfc42.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\davclnt.dll
2009-07-17 20:50:36 ----A---- C:\Windows\system32\d3d9.dll
2009-07-17 20:50:35 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-17 20:50:35 ----A---- C:\Windows\system32\photowiz.dll
2009-07-17 20:50:35 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-17 20:50:35 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-17 20:50:35 ----A---- C:\Windows\system32\browseui.dll
2009-07-17 20:50:34 ----A---- C:\Windows\system32\user32.dll
2009-07-17 20:50:34 ----A---- C:\Windows\system32\samsrv.dll
2009-07-17 20:50:34 ----A---- C:\Windows\system32\quartz.dll
2009-07-17 20:50:34 ----A---- C:\Windows\system32\ci.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\win32spl.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-17 20:50:33 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\netshell.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\kerberos.dll
2009-07-17 20:50:33 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-17 20:50:32 ----A---- C:\Windows\system32\winhttp.dll
2009-07-17 20:50:32 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-17 20:50:32 ----A---- C:\Windows\system32\compcln.exe
2009-07-17 20:50:32 ----A---- C:\Windows\system32\apds.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-17 20:50:31 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-17 20:50:31 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\msctf.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\gdi32.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-17 20:50:31 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\winresume.exe
2009-07-17 20:50:30 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\SLUI.exe
2009-07-17 20:50:30 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\propdefs.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\odbc32.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-17 20:50:30 ----A---- C:\Windows\system32\eapphost.dll
2009-07-17 20:50:29 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-17 20:50:29 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-17 20:50:29 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-17 20:50:28 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-17 20:50:28 ----A---- C:\Windows\system32\usp10.dll
2009-07-17 20:50:28 ----A---- C:\Windows\system32\swprv.dll
2009-07-17 20:50:28 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\vds.exe
2009-07-17 20:50:27 ----A---- C:\Windows\system32\schannel.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\netlogon.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\msscb.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\msctfp.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\evr.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\drvinst.exe
2009-07-17 20:50:27 ----A---- C:\Windows\system32\devmgr.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-17 20:50:27 ----A---- C:\Windows\system32\BFE.DLL
2009-07-17 20:50:27 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-17 20:50:26 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\wercon.exe
2009-07-17 20:50:26 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\services.exe
2009-07-17 20:50:26 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\iertutil.dll
2009-07-17 20:50:26 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\taskeng.exe
2009-07-17 20:50:25 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\reg.exe
2009-07-17 20:50:25 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\msjter40.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\msdrm.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\certutil.exe
2009-07-17 20:50:25 ----A---- C:\Windows\system32\certcli.dll
2009-07-17 20:50:25 ----A---- C:\Windows\system32\adtschema.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\w32time.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-17 20:50:24 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\msstrc.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\msshooks.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\msihnd.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-17 20:50:24 ----A---- C:\Windows\system32\bthserv.dll
2009-07-17 20:50:24 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\termsrv.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\profsvc.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\netapi32.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\mscories.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\inetpp.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\hidserv.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\fundisc.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\dfshim.dll
2009-07-17 20:50:23 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\wdc.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\msiexec.exe
2009-07-17 20:50:22 ----A---- C:\Windows\system32\imapi.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\iassdo.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\gameux.dll
2009-07-17 20:50:22 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\wersvc.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-17 20:50:21 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-17 20:50:21 ----A---- C:\Windows\system32\scrrun.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\rasmans.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-17 20:50:21 ----A---- C:\Windows\system32\pnidui.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\pdh.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\icardres.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\azroles.dll
2009-07-17 20:50:21 ----A---- C:\Windows\system32\autofmt.exe
2009-07-17 20:50:20 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-17 20:50:20 ----A---- C:\Windows\system32\winlogon.exe
2009-07-17 20:50:20 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-17 20:50:20 ----A---- C:\Windows\system32\pidgenx.dll
2009-07-17 20:50:19 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-17 20:50:19 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-17 20:50:19 ----A---- C:\Windows\system32\comuid.dll
2009-07-17 20:50:19 ----A---- C:\Windows\system32\certmgr.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\wisptis.exe
2009-07-17 20:50:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\untfs.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\spp.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\sethc.exe
2009-07-17 20:50:18 ----A---- C:\Windows\system32\scrobj.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\rtutils.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\kd1394.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\iassam.dll
2009-07-17 20:50:18 ----A---- C:\Windows\system32\dwm.exe
2009-07-17 20:50:18 ----A---- C:\Windows\system32\autochk.exe
2009-07-17 20:50:17 ----A---- C:\Windows\system32\winsrv.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\printui.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\onex.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\kdcom.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\iasnap.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\cscript.exe
2009-07-17 20:50:17 ----A---- C:\Windows\system32\basecsp.dll
2009-07-17 20:50:17 ----A---- C:\Windows\system32\autoconv.exe
2009-07-17 20:50:16 ----A---- C:\Windows\system32\wow32.dll
2009-07-17 20:50:16 ----A---- C:\Windows\system32\userenv.dll
2009-07-17 20:50:16 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-17 20:50:16 ----A---- C:\Windows\system32\osk.exe
2009-07-17 20:50:16 ----A---- C:\Windows\system32\mswsock.dll
2009-07-17 20:50:16 ----A---- C:\Windows\system32\kdusb.dll
2009-07-17 20:50:16 ----A---- C:\Windows\system32\audiodg.exe
2009-07-17 20:50:15 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\winmm.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-17 20:50:15 ----A---- C:\Windows\system32\RelMon.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\offfilt.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\msftedit.dll
2009-07-17 20:50:15 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\wsepno.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\WerFault.exe
2009-07-17 20:50:14 ----A---- C:\Windows\system32\Utilman.exe
2009-07-17 20:50:14 ----A---- C:\Windows\system32\sysclass.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\stobject.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\SndVol.exe
2009-07-17 20:50:14 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\mscms.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\mfplat.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\mcmde.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\diskraid.exe
2009-07-17 20:50:14 ----A---- C:\Windows\system32\apphelp.dll
2009-07-17 20:50:14 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\wscript.exe
2009-07-17 20:50:13 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\ulib.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\secur32.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\rastapi.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-17 20:50:13 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\dsound.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\cryptui.dll
2009-07-17 20:50:13 ----A---- C:\Windows\system32\brcpl.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\wusa.exe
2009-07-17 20:50:12 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-17 20:50:12 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\regsvc.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\rastls.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\ntprint.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\mscorier.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\logman.exe
2009-07-17 20:50:12 ----A---- C:\Windows\system32\iepeers.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\iasrad.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\gpapi.dll
2009-07-17 20:50:12 ----A---- C:\Windows\system32\findstr.exe
2009-07-17 20:50:12 ----A---- C:\Windows\system32\diskpart.exe
2009-07-17 20:50:11 ----A---- C:\Windows\system32\wshext.dll
2009-07-17 20:50:11 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-17 20:50:11 ----A---- C:\Windows\system32\webcheck.dll
2009-07-17 20:50:11 ----A---- C:\Windows\system32\netcenter.dll
2009-07-17 20:50:10 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-17 20:50:10 ----A---- C:\Windows\system32\wer.dll
2009-07-17 20:50:10 ----A---- C:\Windows\system32\themecpl.dll
2009-07-17 20:50:10 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-17 20:50:10 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\uxsms.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\slcc.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\scansetting.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\powrprof.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\powercpl.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\networkmap.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\msutb.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\mstsc.exe
2009-07-17 20:50:09 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\iasads.dll
2009-07-17 20:50:09 ----A---- C:\Windows\system32\iasacct.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\themeui.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\sud.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\pcaui.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\newdev.exe
2009-07-17 20:50:08 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\connect.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\authz.dll
2009-07-17 20:50:08 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\usercpl.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\samlib.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\regapi.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\qdvd.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\mmci.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-17 20:50:07 ----A---- C:\Windows\system32\autoplay.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\wpcao.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\sdclt.exe
2009-07-17 20:50:06 ----A---- C:\Windows\system32\scksp.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\scesrv.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-17 20:50:06 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\oleprn.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-17 20:50:06 ----A---- C:\Windows\system32\mpr.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\imm32.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\feclient.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-17 20:50:06 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-17 20:50:06 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-17 20:50:06 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\whealogr.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-17 20:50:05 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\srcore.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\scecli.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\rasplap.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\qedit.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-17 20:50:05 ----A---- C:\Windows\system32\pnpui.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-17 20:50:05 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-17 20:50:05 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\extmgr.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-17 20:50:05 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-17 20:50:05 ----A---- C:\Windows\system32\certreq.exe
2009-07-17 20:50:04 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-17 20:50:04 ----A---- C:\Windows\system32\wlanui.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-17 20:50:04 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\rasppp.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\raschap.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-17 20:50:04 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\occache.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\fontext.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\dsprop.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-17 20:50:04 ----A---- C:\Windows\system32\conime.exe
2009-07-17 20:50:03 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\shsetup.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\mscandui.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\modemui.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\dataclen.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-17 20:50:03 ----A---- C:\Windows\system32\blackbox.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\wscapi.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\smss.exe
2009-07-17 20:50:02 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\mstime.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\msscp.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\msrating.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\msimtf.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\logagent.exe
2009-07-17 20:50:02 ----A---- C:\Windows\system32\InkEd.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\ifmon.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\gpresult.exe
2009-07-17 20:50:02 ----A---- C:\Windows\system32\credui.dll
2009-07-17 20:50:02 ----A---- C:\Windows\system32\cipher.exe
2009-07-17 20:50:02 ----A---- C:\Windows\system32\certprop.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\wshbth.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\version.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\softkbd.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-17 20:50:01 ----A---- C:\Windows\system32\sendmail.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\puiapi.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\olepro32.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\msisip.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\msctfui.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\mprapi.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\input.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\fc.exe
2009-07-17 20:50:01 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\cdd.dll
2009-07-17 20:50:01 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\Storprop.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\slcinst.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\rasdial.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\nslookup.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\msjint40.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\mfps.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\ftp.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\dmusic.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\cscdll.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\cscapi.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-17 20:50:00 ----A---- C:\Windows\system32\bthci.dll
2009-07-17 20:50:00 ----A---- C:\Windows\system32\aaclient.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\winrnr.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\slwga.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\mmcico.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\midimap.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-17 20:49:59 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\inetppui.dll
2009-07-17 20:49:59 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-17 20:49:59 ----A---- C:\Windows\system32\csrstub.exe
2009-07-17 20:49:59 ----A---- C:\Windows\system32\cbsra.exe
2009-07-17 20:49:59 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-17 20:49:58 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-17 20:49:58 ----A---- C:\Windows\system32\spwmp.dll
2009-07-17 20:49:58 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-17 20:49:50 ----A---- C:\Windows\system32\msimsg.dll
2009-07-17 20:49:50 ----A---- C:\Windows\system32\mferror.dll
2009-07-17 20:49:50 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-17 20:49:36 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-17 20:49:33 ----A---- C:\Windows\system32\wdscore.dll
2009-07-17 20:49:33 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-17 20:49:24 ----A---- C:\Windows\system32\drvstore.dll
2009-07-17 10:58:44 ----A---- C:\Windows\system32\javaws.exe
2009-07-17 10:58:44 ----A---- C:\Windows\system32\javaw.exe
2009-07-17 10:58:44 ----A---- C:\Windows\system32\java.exe
2009-07-17 00:20:04 ----A---- C:\Windows\system32\xinput1_3.dll
2009-07-17 00:20:03 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-07-17 00:20:03 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-07-17 00:20:03 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-07-17 00:20:02 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-07-17 00:20:01 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-07-17 00:20:01 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-07-17 00:20:00 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-07-17 00:20:00 ----A---- C:\Windows\system32\d3dx10.dll
2009-07-17 00:19:59 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-07-17 00:19:59 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-07-17 00:19:58 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-07-17 00:19:58 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-07-17 00:19:57 ----A---- C:\Windows\system32\xinput1_2.dll
2009-07-17 00:19:57 ----A---- C:\Windows\system32\xinput1_1.dll
2009-07-17 00:19:57 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-07-17 00:19:56 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-07-17 00:19:44 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-07-17 00:19:43 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-07-17 00:19:43 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-07-17 00:19:42 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-07-17 00:19:41 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-07-17 00:19:41 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-07-17 00:19:39 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-07-17 00:19:38 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-07-17 00:05:03 ----D---- C:\Program Files\Firaxis Games
2009-07-17 00:04:40 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-07-16 23:50:55 ----D---- C:\Program Files\Elaborate Bytes
2009-07-16 22:49:30 ----D---- C:\Program Files\Trend Micro
2009-07-15 21:35:00 ----D---- C:\Windows\Downloaded Installations
2009-07-15 12:41:37 ----D---- C:\ProgramData\Agnitum
2009-07-14 22:33:18 ----D---- C:\Users\Xu\AppData\Roaming\OpenOffice.org
2009-07-14 22:27:51 ----D---- C:\Program Files\JRE
2009-07-14 22:27:37 ----D---- C:\Program Files\OpenOffice.org 3
2009-07-14 22:26:49 ----A---- C:\Windows\system32\deploytk.dll
2009-07-14 22:26:22 ----D---- C:\Program Files\Java
2009-07-14 21:08:31 ----D---- C:\Program Files\Combined Community Codec Pack
2009-07-14 19:59:13 ----D---- C:\Users\Xu\AppData\Roaming\acccore
2009-07-14 19:56:36 ----D---- C:\ProgramData\Viewpoint
2009-07-14 19:56:33 ----D---- C:\ProgramData\acccore
2009-07-14 19:56:10 ----D---- C:\ProgramData\AOL OCP
2009-07-14 19:56:09 ----D---- C:\ProgramData\AOL
2009-07-14 19:55:39 ----D---- C:\Program Files\Common Files\AOL
2009-07-14 19:54:48 ----D---- C:\Program Files\AIM6
2009-07-14 17:34:22 ----D---- C:\Program Files\uTorrent
2009-07-14 17:33:15 ----D---- C:\Users\Xu\AppData\Roaming\uTorrent
2009-07-14 17:29:33 ----HD---- C:\$AVG8.VAULT$
2009-07-14 16:56:19 ----D---- C:\Users\Xu\AppData\Roaming\Malwarebytes
2009-07-14 16:56:13 ----D---- C:\ProgramData\Malwarebytes
2009-07-14 15:19:34 ----HDC---- C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}
2009-07-14 14:37:35 ----A---- C:\Windows\system32\t2embed.dll
2009-07-14 14:37:35 ----A---- C:\Windows\system32\lpk.dll
2009-07-14 14:37:35 ----A---- C:\Windows\system32\fontsub.dll
2009-07-14 14:37:35 ----A---- C:\Windows\system32\atmlib.dll
2009-07-14 14:37:35 ----A---- C:\Windows\system32\atmfd.dll
2009-07-14 14:37:34 ----A---- C:\Windows\system32\dciman32.dll
2009-07-04 03:13:15 ----D---- C:\Users\Xu\AppData\Roaming\Reallusion
2009-07-04 03:06:00 ----D---- C:\Users\Xu\AppData\Roaming\Creative
2009-07-04 00:20:40 ----D---- C:\Users\Xu\AppData\Roaming\Apple Computer
2009-07-04 00:20:33 ----DC---- C:\Windows\system32\DRVSTORE
2009-07-04 00:20:33 ----A---- C:\Windows\system32\GEARAspi.dll
2009-07-04 00:20:16 ----D---- C:\Program Files\iPod
2009-07-04 00:20:14 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-04 00:20:14 ----D---- C:\Program Files\iTunes
2009-07-04 00:19:41 ----D---- C:\Program Files\Bonjour
2009-07-04 00:19:09 ----D---- C:\Program Files\QuickTime
2009-07-04 00:19:07 ----D---- C:\ProgramData\Apple Computer
2009-07-04 00:18:46 ----D---- C:\Program Files\Apple Software Update
2009-07-04 00:17:14 ----D---- C:\ProgramData\Apple
2009-07-04 00:17:14 ----D---- C:\Program Files\Common Files\Apple
2009-07-03 23:54:28 ----RD---- C:\Music
2009-07-03 23:48:32 ----RD---- C:\Videos
2009-07-03 23:32:00 ----D---- C:\Program Files\Microsoft
2009-07-03 23:31:45 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-03 23:31:28 ----D---- C:\Program Files\Windows Live
2009-07-03 23:31:15 ----D---- C:\Windows\PCHEALTH
2009-07-03 23:29:56 ----D---- C:\Users\Xu\AppData\Roaming\Mozilla
2009-07-03 23:29:49 ----D---- C:\Program Files\Mozilla Firefox
2009-07-03 23:28:19 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-03 06:36:10 ----D---- C:\Program Files\Fingerprint Reader Suite
2009-07-03 06:30:19 ----D---- C:\Program Files\Cisco
2009-07-03 06:13:19 ----A---- C:\Windows\system32\stlang.dll
2009-07-03 06:13:19 ----A---- C:\Windows\system32\stacsv.exe
2009-07-03 06:13:19 ----A---- C:\Windows\system32\AEstSrv.exe
2009-07-03 06:13:19 ----A---- C:\Windows\system32\aestecap.dll
2009-07-03 06:13:19 ----A---- C:\Windows\system32\aestacap.dll
2009-07-03 06:12:21 ----A---- C:\Windows\system32\stcplx.dll
2009-07-03 06:12:21 ----A---- C:\Windows\system32\stapo.dll
2009-07-03 06:12:21 ----A---- C:\Windows\system32\stapi32.dll
2009-07-03 06:07:21 ----D---- C:\Program Files\Common Files\Reallusion
2009-07-03 06:05:56 ----N---- C:\Windows\system32\msvcr71.dll
2009-07-03 06:05:56 ----N---- C:\Windows\system32\msvcp71.dll
2009-07-03 06:05:56 ----N---- C:\Windows\system32\MFC71.DLL
2009-07-03 06:05:48 ----D---- C:\Program Files\Creative Live! Cam
2009-07-03 06:05:17 ----D---- C:\Program Files\Creative
2009-07-03 05:40:50 ----D---- C:\ProgramData\SupportSoft
2009-07-03 05:40:45 ----D---- C:\ProgramData\PCDr
2009-07-03 05:39:55 ----D---- C:\Program Files\Dell Support Center
2009-07-03 05:39:54 ----D---- C:\Program Files\Common Files\supportsoft
2009-07-02 21:44:08 ----A---- C:\Windows\system32\nvexpbar.dll
2009-07-02 21:44:08 ----A---- C:\Windows\system32\nvcpluir.dll
2009-07-02 21:44:08 ----A---- C:\Windows\system32\nvcplui.exe
2009-07-02 21:37:28 ----A---- C:\Windows\system32\NVUNINST.EXE
2009-07-02 20:55:49 ----D---- C:\Windows\pss
2009-07-02 15:44:26 ----D---- C:\Users\Xu\AppData\Roaming\Macromedia
2009-07-02 15:44:26 ----D---- C:\Users\Xu\AppData\Roaming\Adobe
2009-07-02 15:44:17 ----D---- C:\Windows\system32\Macromed
2009-07-02 15:22:27 ----A---- C:\Windows\system32\avgrsstx.dll
2009-07-02 15:22:15 ----D---- C:\Program Files\AVG
2009-07-02 15:22:14 ----D---- C:\ProgramData\avg8
2009-07-02 15:14:42 ----D---- C:\Users\Xu\AppData\Roaming\Dell
2009-07-02 15:12:37 ----D---- C:\ProgramData\Dell
2009-07-02 14:05:40 ----D---- C:\Program Files\DellTPad
2009-07-02 14:00:58 ----A---- C:\Windows\system32\netfxperf.dll
2009-07-02 13:56:50 ----A---- C:\Windows\system32\mshtml.dll
2009-07-02 13:56:46 ----A---- C:\Windows\system32\wininet.dll
2009-07-02 13:56:46 ----A---- C:\Windows\system32\urlmon.dll
2009-07-02 13:56:44 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-02 13:56:44 ----A---- C:\Windows\system32\ieencode.dll
2009-07-02 13:56:14 ----D---- C:\ProgramData\Citrix
2009-07-02 13:54:42 ----A---- C:\Windows\system32\kbd106n.dll
2009-07-02 13:54:18 ----A---- C:\Windows\system32\localspl.dll
2009-07-02 13:54:12 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-02 13:47:04 ----A---- C:\Windows\system32\wups2.dll
2009-07-02 13:47:04 ----A---- C:\Windows\system32\wucltux.dll
2009-07-02 13:47:04 ----A---- C:\Windows\system32\wuaueng.dll
2009-07-02 13:47:04 ----A---- C:\Windows\system32\wuauclt.exe
2009-07-02 13:46:56 ----A---- C:\Windows\system32\wups.dll
2009-07-02 13:46:56 ----A---- C:\Windows\system32\wudriver.dll
2009-07-02 13:46:56 ----A---- C:\Windows\system32\wuapi.dll
2009-07-02 13:46:51 ----A---- C:\Windows\system32\wuwebv.dll
2009-07-02 13:46:51 ----A---- C:\Windows\system32\wuapp.exe
2009-07-02 13:41:24 ----D---- C:\ProgramData\NVIDIA
2009-07-02 13:35:45 ----A---- C:\Windows\system32\dpinst.exe
2009-07-02 13:35:02 ----D---- C:\Windows\system32\ENU
2009-07-02 13:35:00 ----D---- C:\Windows\system32\Lang
2009-07-02 13:35:00 ----A---- C:\Windows\system32\imsmudlg.exe
2009-07-02 13:35:00 ----A---- C:\Windows\system32\difxapi.dll
2009-07-02 13:31:34 ----D---- C:\Program Files\Marvell
2009-07-02 13:31:01 ----D---- C:\Users\Xu\AppData\Roaming\TMP
2009-07-02 13:25:02 ----A---- C:\Windows\system32\BCMLogon.dll
2009-07-02 13:24:52 ----D---- C:\Windows\system32\no-NO
2009-07-02 13:24:47 ----D---- C:\Windows\system32\vs08
2009-07-02 13:24:47 ----A---- C:\Windows\system32\Uninst_EAPModules.bat
2009-07-02 13:24:46 ----A---- C:\Windows\system32\wltrynt.dll
2009-07-02 13:24:46 ----A---- C:\Windows\system32\vcredist_x86.exe
2009-07-02 13:24:46 ----A---- C:\Windows\system32\vcredist_x86.bat
2009-07-02 13:24:46 ----A---- C:\Windows\system32\bcmwlu00.exe
2009-07-02 13:24:46 ----A---- C:\Windows\system32\bcmwlrmt.dll
2009-07-02 13:24:46 ----A---- C:\Windows\system32\bcmttls.dll
2009-07-02 13:24:45 ----A---- C:\Windows\system32\WLTRAY.EXE
2009-07-02 13:24:45 ----A---- C:\Windows\system32\BCMWLTRY.EXE
2009-07-02 13:24:44 ----A---- C:\Windows\system32\WLTRYSVC.EXE
2009-07-02 13:24:44 ----A---- C:\Windows\system32\bcmwlcoi.dll
2009-07-02 13:24:43 ----A---- C:\Windows\system32\bcmihvui.dll
2009-07-02 13:24:43 ----A---- C:\Windows\system32\bcmihvsrv.dll
2009-07-02 13:24:38 ----D---- C:\Users\Xu\AppData\Roaming\InstallShield
2009-07-02 13:22:48 ----A---- C:\Windows\system32\OEM02Srv.exe
2009-07-02 13:22:48 ----A---- C:\Windows\system32\OEM02Pin.dll
2009-07-02 13:22:48 ----A---- C:\Windows\system32\OEM02Hwx.dll
2009-07-02 13:22:48 ----A---- C:\Windows\system32\OEM02Cvw.dll
2009-07-02 13:22:48 ----A---- C:\Windows\system32\cximage.dll
2009-07-02 13:22:48 ----A---- C:\Windows\system32\CtCamMgr.dll
2009-07-02 13:22:48 ----A---- C:\Windows\OEM02Mon.exe
2009-07-02 13:22:48 ----A---- C:\Windows\OEM02Cfg.exe
2009-07-02 13:22:48 ----A---- C:\Windows\CtDrvIns.exe
2009-07-02 13:21:18 ----A---- C:\Windows\system32\snymsico.dll
2009-07-02 13:21:18 ----A---- C:\Windows\system32\rixdicon.dll
2009-07-02 13:19:19 ----D---- C:\Program Files\Intel
2009-07-02 13:19:12 ----D---- C:\Intel
2009-07-02 13:16:15 ----A---- C:\Windows\system32\aestaren.dll
2009-07-02 13:15:51 ----D---- C:\Program Files\SigmaTel
2009-07-02 13:15:51 ----A---- C:\Windows\system32\st325866.dll
2009-07-02 13:15:51 ----A---- C:\Windows\system32\ctppld.dll
2009-07-02 13:15:51 ----A---- C:\Windows\system32\ctapo32.dll
2009-07-02 13:15:50 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-02 13:15:48 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-02 12:55:12 ----D---- C:\Windows\system32\vmm32
2009-07-02 12:55:12 ----D---- C:\Program Files\Dell
2009-07-02 12:54:43 ----SHD---- C:\Windows\Installer
2009-07-02 12:27:29 ----A---- C:\Windows\ntbtlog.txt
2009-07-02 12:17:33 ----D---- C:\Users\Xu\AppData\Roaming\Identities
2009-07-02 12:17:14 ----SD---- C:\Users\Xu\AppData\Roaming\Microsoft
2009-07-02 12:17:14 ----D---- C:\Users\Xu\AppData\Roaming\Media Center Programs
2009-07-02 02:58:55 ----D---- C:\Windows\Panther
2009-07-02 02:58:09 ----D---- C:\Windows\system32\OEM
2009-07-02 02:50:56 ----D---- C:\Windows.old
2009-07-02 02:14:00 ----D---- C:\Windows\Debug
2009-07-02 02:06:43 ----D---- C:\Windows\SoftwareDistribution
2009-07-02 02:01:27 ----D---- C:\Windows\Prefetch
2009-07-01 23:40:16 ----RAS---- C:\BOOTSECT.BAK
2009-07-01 20:55:57 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2009-07-01 20:55:57 ----A---- C:\Windows\system32\Vxdif.dll
2009-07-01 20:29:56 ----SHD---- C:\System Volume Information

======List of files/folders modified in the last 1 months======

2009-07-22 15:04:02 ----D---- C:\Windows\System32
2009-07-22 14:58:51 ----D---- C:\Windows\inf
2009-07-22 14:58:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-22 14:46:10 ----D---- C:\Windows\system32\en-US
2009-07-22 14:39:28 ----D---- C:\Windows
2009-07-22 14:39:28 ----A---- C:\Windows\system.ini
2009-07-22 14:30:07 ----D---- C:\Windows\system32\drivers
2009-07-22 14:30:07 ----D---- C:\Windows\AppPatch
2009-07-22 14:30:05 ----D---- C:\Program Files\Common Files
2009-07-22 13:46:33 ----RD---- C:\Program Files
2009-07-22 11:39:58 ----D---- C:\Windows\system32\catroot2
2009-07-22 02:26:44 ----D---- C:\Windows\system32\Tasks
2009-07-21 09:17:16 ----HD---- C:\ProgramData
2009-07-20 23:42:27 ----D---- C:\Windows\LiveKernelReports
2009-07-20 21:01:20 ----D---- C:\Windows\rescache
2009-07-20 21:00:05 ----D---- C:\Windows\winsxs
2009-07-20 20:44:15 ----RSD---- C:\Windows\assembly
2009-07-20 20:41:23 ----D---- C:\Windows\Microsoft.NET
2009-07-20 20:40:56 ----D---- C:\Windows\system32\catroot
2009-07-20 20:35:00 ----D---- C:\Program Files\Windows Mail
2009-07-20 20:35:00 ----D---- C:\Program Files\Windows Calendar
2009-07-20 20:35:00 ----D---- C:\Program Files\Movie Maker
2009-07-20 20:34:58 ----D---- C:\Program Files\Windows Sidebar
2009-07-20 20:34:58 ----D---- C:\Program Files\Internet Explorer
2009-07-20 20:34:57 ----D---- C:\Program Files\Windows Media Player
2009-07-20 20:34:57 ----D---- C:\Program Files\Windows Collaboration
2009-07-20 20:34:56 ----D---- C:\Program Files\Windows Journal
2009-07-20 20:34:54 ----D---- C:\Program Files\Common Files\System
2009-07-20 20:34:53 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-20 20:34:48 ----D---- C:\Windows\servicing
2009-07-20 20:34:48 ----D---- C:\Program Files\Windows Defender
2009-07-20 20:34:47 ----D---- C:\Windows\ehome
2009-07-20 20:34:31 ----D---- C:\Windows\system32\XPSViewer
2009-07-20 20:34:31 ----D---- C:\Windows\system32\sk-SK
2009-07-20 20:34:31 ----D---- C:\Windows\system32\lv-LV
2009-07-20 20:34:31 ----D---- C:\Windows\system32\ko-KR
2009-07-20 20:34:31 ----D---- C:\Windows\system32\hr-HR
2009-07-20 20:34:31 ----D---- C:\Windows\system32\et-EE
2009-07-20 20:34:31 ----D---- C:\Windows\system32\da-DK
2009-07-20 20:34:31 ----D---- C:\Windows\IME
2009-07-20 20:34:30 ----D---- C:\Windows\system32\oobe
2009-07-20 20:34:30 ----D---- C:\Windows\system32\migration
2009-07-20 20:34:30 ----D---- C:\Windows\system32\it-IT
2009-07-20 20:34:30 ----D---- C:\Windows\system32\el-GR
2009-07-20 20:34:30 ----D---- C:\Windows\system32\de-DE
2009-07-20 20:34:24 ----D---- C:\Windows\system32\zh-TW
2009-07-20 20:34:24 ----D---- C:\Windows\system32\zh-CN
2009-07-20 20:34:24 ----D---- C:\Windows\system32\sv-SE
2009-07-20 20:34:24 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-20 20:34:24 ----D---- C:\Windows\system32\SLUI
2009-07-20 20:34:24 ----D---- C:\Windows\system32\sl-SI
2009-07-20 20:34:24 ----D---- C:\Windows\system32\setup
2009-07-20 20:34:24 ----D---- C:\Windows\system32\ru-RU
2009-07-20 20:34:24 ----D---- C:\Windows\system32\pt-PT
2009-07-20 20:34:24 ----D---- C:\Windows\system32\manifeststore
2009-07-20 20:34:24 ----D---- C:\Windows\system32\hu-HU
2009-07-20 20:34:24 ----D---- C:\Windows\system32\he-IL
2009-07-20 20:34:24 ----D---- C:\Windows\system32\fr-FR
2009-07-20 20:34:24 ----D---- C:\Windows\system32\fi-FI
2009-07-20 20:34:24 ----D---- C:\Windows\system32\es-ES
2009-07-20 20:34:24 ----D---- C:\Windows\system32\en
2009-07-20 20:34:24 ----D---- C:\Windows\system32\cs-CZ
2009-07-20 20:34:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-20 20:34:23 ----D---- C:\Windows\system32\uk-UA
2009-07-20 20:34:23 ----D---- C:\Windows\system32\th-TH
2009-07-20 20:34:23 ----D---- C:\Windows\system32\ro-RO
2009-07-20 20:34:23 ----D---- C:\Windows\system32\pl-PL
2009-07-20 20:34:23 ----D---- C:\Windows\system32\ja-JP
2009-07-20 20:34:23 ----D---- C:\Windows\system32\bg-BG
2009-07-20 20:34:21 ----D---- C:\Windows\system32\wbem
2009-07-20 20:34:21 ----D---- C:\Windows\system32\tr-TR
2009-07-20 20:34:18 ----D---- C:\Windows\system32\nl-NL
2009-07-20 20:34:18 ----D---- C:\Windows\system32\nb-NO
2009-07-20 20:34:18 ----D---- C:\Windows\system32\lt-LT
2009-07-20 20:34:18 ----D---- C:\Windows\system32\ar-SA
2009-07-20 20:34:16 ----D---- C:\Windows\system32\migwiz
2009-07-20 20:34:15 ----D---- C:\Windows\system32\pt-BR
2009-07-20 20:31:54 ----RSD---- C:\Windows\Fonts
2009-07-20 20:31:48 ----D---- C:\Windows\system32\Boot
2009-07-20 18:03:18 ----SD---- C:\ProgramData\Microsoft
2009-07-19 22:40:42 ----HD---- C:\Windows\system32\GroupPolicy
2009-07-17 21:14:07 ----SHD---- C:\Boot
2009-07-16 21:41:58 ----D---- C:\Windows\system32\LogFiles
2009-07-15 14:14:32 ----D---- C:\Windows\system32\config
2009-07-15 14:14:18 ----D---- C:\Windows\Tasks
2009-07-15 14:14:18 ----D---- C:\Windows\system32\spool
2009-07-15 14:14:18 ----D---- C:\Windows\system32\Msdtc
2009-07-15 14:14:18 ----D---- C:\Windows\system32\CodeIntegrity
2009-07-15 14:14:14 ----D---- C:\Windows\registration
2009-07-14 19:58:32 ----D---- C:\Windows\system32\WDI
2009-07-14 19:56:13 ----SD---- C:\Windows\Downloaded Program Files
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe
2009-07-04 10:24:57 ----D---- C:\Windows\Logs
2009-07-03 23:31:50 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-03 06:29:16 ----D---- C:\Windows\Help
2009-07-02 14:45:12 ----D---- C:\Windows\PolicyDefinitions
2009-07-02 13:23:09 ----D---- C:\Windows\twain_32
2009-07-02 12:54:57 ----D---- C:\Windows\system32\restore
2009-07-02 12:41:07 ----D---- C:\Windows\system32\NDF
2009-07-02 12:17:14 ----RD---- C:\Users
2009-07-01 21:18:44 ----D---- C:\DELL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-07-02 108552]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-02-15 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 1044984]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-03 7583552]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-02-15 330752]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-09-10 47120]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-04-08 29696]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 catchme;catchme; \??\C:\Users\Xu\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-19 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-02 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-03 196608]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2009-06-03 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [2008-02-15 102400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S4 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
S4 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-24 354840]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-07-22 15:34:45

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AudioConverter Studio 6.0-->"C:\Program Files\AudioConverter Studio\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Dell Dock-->"C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Dock-->C:\ProgramData\{088731A3-EE4A-44A0-9F02-C4181FD3C640}\delldock.exe
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fingerprint Reader Suite 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.06-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Program Files\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0009 -removeonly
Sid Meier's Civilization 4 - Warlords-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe" -l0x9 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Proxy
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 235
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090702091401.765279-000
Event Type: Error
User:

Computer Name: 26L2233B1-13
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 13
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090702090455.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 12
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090702090454.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 11
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090702090451.910289-000
Event Type: Error
User:

Computer Name: 26L2233B1-13
Event Code: 263
Message: The service 'ShellHWDetection' may not have unregistered for device event notifications before it was stopped.
Record Number: 10
Source Name: PlugPlayManager
Time Written: 20090702090451.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Proxy
Event Code: 1000
Message: Faulting application Explorer.EXE, version 6.0.6001.18000, time stamp 0x47918e5d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x9400005a, process id 0x794, application start time 0x01c9fb4aae2716dd.
Record Number: 66
Source Name: Application Error
Time Written: 20090702192517.000000-000
Event Type: Error
User:

Computer Name: Proxy
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 65
Source Name: Microsoft-Windows-WMI
Time Written: 20090702192508.000000-000
Event Type: Error
User:

Computer Name: Proxy
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 26
Source Name: Microsoft-Windows-WMI
Time Written: 20090702091408.000000-000
Event Type: Error
User:

Computer Name: Proxy
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 22
Source Name: Microsoft-Windows-Search
Time Written: 20090702091405.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090702090543.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B1-13
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B1-13$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x244
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090702090420.242086-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x9f0d6
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090702090416.560463-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090702090415.172054-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090702090415.172054-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f2f0

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121025830.171200-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
  • 0

#12
emeraldnzl
Posted 22 July 2009 - 05:04 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again AgentXu,

Let's leave the GooredFix.

Instead

Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:Services

:Reg

:Files

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • OTM report
  • Kaspersky scan results
  • and tell me how your machine is performing now
  • 0

#13
AgentXu
Posted 22 July 2009 - 05:14 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts
o active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Xu
->Temp folder emptied: 74770 bytes
->Temporary Internet Files folder emptied: 2463153 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46546869 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 46.81 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07222009_160934

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#14
AgentXu
Posted 22 July 2009 - 10:48 PM

AgentXu

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 106 posts

I've tried to run Kaspersky but after 5 hours it stalled scanning Windows\System32\Config (a small folder comparatively speaking) at 79%. My anti-virus was disabled. I decided to go test google and the problem remains. What's next?


  • 0

#15
emeraldnzl
Posted 22 July 2009 - 11:37 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Kaspersky can take a very long time. I had one instance where it ran for 35 hours before completion. I think it likely it is just doing its job. It really is a very good tool. Stay with it if you can :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP