Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Infection

Started by SEV7N , Mar 18 2009 08:48 AM

  • Please log in to reply

#1
SEV7N
Posted 18 March 2009 - 08:48 AM

SEV7N

    Member

  • Member
  • PipPip
  • 18 posts
Hey, I believe I have a trojan infection.. my Ad-Aware program alerted me of a trojan so I ran a scan with it after updating its definitions and came up with nothing.. after restarting the computer and logging back on windows would start freezing and not allow me do anything.. right now I am in safe mode..

I have included my Rooter log and OtListIt2 log for assistance.. any help would be great...

Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
B:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:305242 Mo/Free:657 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:28 Mo/Free:2 Mo)
J:\ [Removable] (Total:1905 Mo/Free:5 Mo)

Wed 03/18/2009|10:41

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Windows\system32\PnkBstrA.exe
---------- C:\Windows\system32\PnkBstrB.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
---------- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
---------- C:\Windows\system32\wbem\wmiprvse.exe
---------- C:\Windows\system32\wbem\unsecapp.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Windows\System32\wpcumi.exe
---------- C:\Program Files\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\Opera\opera.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\ADMINI~1\Desktop\Ad-Aware_Portable_Pro_7.0\AdAware2007Portable\AdAware2007\update-cracked.exe


1 - "C:\Rooter$\Rooter_1.txt" - Wed 03/18/2009|10:41

----------------------\\ Scan completed at 10:41









OTListIt logfile created on: 3/18/2009 10:44:26 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.6.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.73% Memory free
4.00 Gb Paging File | 3.14 Gb Available in Paging File | 78.51% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 164.64 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 28.92 Mb Total Space | 2.66 Mb Free Space | 9.19% Space Free | Partition Type: FAT
Drive J: | 1.86 Gb Total Space | 0.01 Gb Free Space | 0.30% Space Free | Partition Type: FAT

Computer Name: SEVEN-PC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/12/26 19:20:00 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2008/12/26 19:20:00 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/18 02:00:11 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/08 09:29:05 | 00,075,064 | ---- | M] () -- C:\Windows\system32\PnkBstrA.exe
PRC - [2009/03/16 14:51:32 | 00,189,072 | ---- | M] () -- C:\Windows\system32\PnkBstrB.exe
PRC - [2009/03/18 02:00:11 | 00,485,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/03/18 02:00:11 | 00,594,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2008/02/01 13:11:28 | 00,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/02/01 13:11:02 | 00,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/01/20 22:24:28 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/01/20 22:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/03/06 16:23:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/11/02 08:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2009/03/18 02:00:11 | 01,932,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/03/09 15:06:55 | 00,515,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2008/01/20 22:25:11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008/01/20 22:25:11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/04/30 20:43:54 | 03,450,608 | ---- | M] (Stardock) -- C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
PRC - [2008/01/20 22:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/02/11 10:19:32 | 01,273,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/03/18 10:32:32 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AdobeActiveFileMonitor4.0 [Auto | Stopped])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/03/18 02:00:11 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 01:29:51 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service [On_Demand | Stopped])
SRV - [2008/01/20 22:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2007/09/01 06:58:00 | 00,152,832 | ---- | M] (Avanquest Software USA, Inc.) -- C:\Program Files\Avanquest\Fix-It\mxtask.exe -- (Fix-It Task Manager [Disabled | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/02/01 13:11:28 | 00,598,016 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 15:06:55 | 00,951,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [Auto | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/03/09 11:20:26 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Disabled | Stopped])
SRV - [2008/02/01 13:11:02 | 00,163,840 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2008/12/26 19:20:00 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2009/03/08 09:29:05 | 00,075,064 | ---- | M] () -- C:\Windows\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/03/16 14:51:32 | 00,189,072 | ---- | M] () -- C:\Windows\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2009/03/10 22:13:51 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2008/01/20 22:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Disabled | Stopped])
SRV - [2008/01/20 22:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/20 22:23:23 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/01/20 22:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2008/11/16 01:08:40 | 00,279,712 | ---- | M] () -- C:\Windows\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2008/01/20 22:23:20 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2009/03/18 02:00:16 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/03/18 02:00:16 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/03/18 02:00:19 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/06/18 11:49:16 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\Windows\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008/01/20 22:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2008/01/20 22:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/11/25 17:18:24 | 00,009,728 | ---- | M] () -- C:\Windows\system32\epmntdrv.sys -- (epmntdrv [On_Demand | Stopped])
DRV - [2008/11/25 17:18:24 | 00,003,072 | ---- | M] () -- C:\Windows\system32\EuGdiDrv.sys -- (EuGdiDrv [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/01/20 22:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2007/11/26 15:16:50 | 00,072,704 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV - [2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2008/11/16 01:08:39 | 00,025,888 | ---- | M] () -- C:\Windows\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008/01/20 22:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008/01/20 22:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/01/20 22:23:26 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/08/01 12:51:00 | 01,052,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvmfdx32.sys -- (NVENETFD [On_Demand | Running])
DRV - [2008/12/26 19:20:00 | 09,535,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2008/01/20 22:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008/01/20 22:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Boot | Running])
DRV - [2008/08/18 18:58:00 | 00,145,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32 [Boot | Running])
DRV - [2007/11/14 22:49:38 | 01,136,128 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\system32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2008/01/20 22:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008/01/20 22:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008/01/20 22:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/20 22:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/07/23 09:23:44 | 00,012,416 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/07/23 09:23:46 | 00,019,840 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/07/23 09:23:46 | 00,021,632 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2008/01/20 22:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008/01/20 22:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3280929101-379900600-1830909776-500\S-1-5-21-3280929101-379900600-1830909776-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {8E5E470D-7C21-4E54-BD76-986B9FA5609B}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/06 16:28:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/18 02:00:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/09 01:00:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/11 00:31:16 | 00,000,000 | ---D | M]

[2008/12/27 10:34:10 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2008/12/27 10:34:10 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/27 10:34:10 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\fonw07np.default\extensions
[2009/03/18 03:56:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/18 02:59:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8E5E470D-7C21-4E54-BD76-986B9FA5609B}
[2009/03/09 01:00:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/01 16:32:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/03/06 16:23:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/09 01:00:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/09 01:00:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 01:00:51 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/09 01:00:51 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/09 01:00:51 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/09 01:00:51 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/09 01:00:51 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/09 01:00:51 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/09 01:00:51 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
O4 - HKU\S-1-5-21-3280929101-379900600-1830909776-500..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3280929101-379900600-1830909776-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///D:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///D:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative....15102/CTPID.cab (Creative Software AutoUpdate Support Package)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/25 01:12:24 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9910e522-5a1c-11dd-9bad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9910e522-5a1c-11dd-9bad-806e6f6e6963}\Shell\AutoRun\command - "" = D:\FalloutLauncher.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/18 10:40:32 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/18 10:32:30 | 00,498,176 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTListIt2.exe
[2009/03/18 10:32:17 | 00,267,612 | ---- | C] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/03/18 10:29:05 | 00,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
[2009/03/18 10:25:44 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Opera
[2009/03/18 10:25:44 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Opera
[2009/03/18 10:24:24 | 00,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009/03/18 08:55:44 | 00,040,448 | ---- | C] (Johnson-Grace Company) -- C:\Windows\Xdakohekafo.dll
[2009/03/18 08:55:42 | 00,040,448 | ---- | C] (Johnson-Grace Company) -- C:\Windows\System32\KuzSmall.exe
[2009/03/18 04:39:03 | 02,868,471 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/03/18 04:36:36 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/03/18 04:33:48 | 00,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/03/18 04:33:48 | 00,000,000 | -H-D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/18 04:26:50 | 00,000,386 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2009/03/18 04:24:10 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\backups
[2009/03/18 03:52:08 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/03/18 03:51:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/18 03:51:48 | 00,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 03:51:45 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/18 03:51:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/03/18 03:51:41 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/18 03:46:04 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2009/03/18 03:45:14 | 00,251,392 | ---- | C] () -- C:\Users\Administrator\Desktop\hijackthis_sfx.exe
[2009/03/18 03:30:36 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2009/03/18 03:03:45 | 00,001,610 | ---- | C] () -- C:\Users\Public\Desktop\TweakVI.lnk
[2009/03/18 03:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\TweakVI
[2009/03/18 03:02:05 | 00,000,052 | ---- | C] () -- C:\Windows\System32\acttvi.ini
[2009/03/18 02:59:49 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/18 02:47:08 | 00,002,306 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2009/03/18 02:46:22 | 00,003,411 | ---- | C] () -- C:\Windows\System32\nvnrm.nvu
[2009/03/18 02:26:22 | 00,048,887 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/03/18 02:25:56 | 00,048,887 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/18 02:24:26 | 00,039,202 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2009/03/18 02:24:21 | 00,009,241 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2009/03/18 02:24:19 | 00,211,067 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2009/03/18 02:24:18 | 00,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2009/03/18 02:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2009/03/18 02:00:20 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/18 02:00:19 | 00,107,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/18 02:00:16 | 34,164,994 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/18 02:00:16 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/18 02:00:16 | 00,401,372 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/18 02:00:16 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/18 02:00:16 | 00,041,163 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/18 02:00:16 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/18 02:00:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/03/18 02:00:11 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/18 02:00:10 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/03/18 01:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/03/16 18:31:19 | 00,222,552 | ---- | C] () -- C:\Windows\RM.exe
[2009/03/16 18:31:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2009/03/16 18:31:17 | 00,000,000 | ---D | C] -- C:\Program Files\Sprint Instinct Applications
[2009/03/16 18:23:23 | 00,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2009/03/16 18:23:12 | 01,609,728 | ---- | C] () -- C:\Windows\MEDB.mdb
[2009/03/16 18:23:10 | 00,000,000 | ---D | C] -- C:\Program Files\Sprint music manager
[2009/03/16 07:23:21 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/03/16 07:22:43 | 00,000,200 | ---- | C] () -- C:\Windows\tasks\Launch 19695.job
[2009/03/16 07:21:57 | 00,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2009/03/16 07:19:40 | 00,000,000 | ---D | C] -- C:\Program Files\RegScrubXP
[2009/03/16 02:52:31 | 00,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2009/03/15 08:42:56 | 00,000,446 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{D19B99F0-6764-4C5E-AFB6-714479FB0D6F}.job
[2009/03/15 08:42:53 | 00,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2009/03/15 05:11:25 | 00,000,000 | ---D | C] -- C:\Program Files\XdN Software
[2009/03/14 06:06:34 | 00,000,197 | ---- | C] () -- C:\prefs.js
[2009/03/14 05:59:21 | 00,000,000 | ---D | C] -- C:\Windows\TweakVI
[2009/03/14 05:41:17 | 19,395,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2009/03/14 05:37:05 | 00,472,064 | ---- | C] () -- C:\Windows\System32\NTFSFormat.dll
[2009/03/14 05:37:05 | 00,225,280 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2009/03/14 05:37:05 | 00,180,736 | ---- | C] () -- C:\Windows\System32\DeviceManager.dll
[2009/03/14 05:37:05 | 00,139,776 | ---- | C] () -- C:\Windows\System32\NTFSCopy.dll
[2009/03/14 05:37:05 | 00,093,184 | ---- | C] () -- C:\Windows\System32\Partition.dll
[2009/03/14 05:37:05 | 00,086,528 | ---- | C] () -- C:\Windows\System32\NTFSLib.dll
[2009/03/14 05:37:05 | 00,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2009/03/14 05:37:05 | 00,086,016 | ---- | C] () -- C:\Windows\System32\ResizeNTFS.dll
[2009/03/14 05:37:05 | 00,068,096 | ---- | C] () -- C:\Windows\System32\Device.dll
[2009/03/14 05:37:05 | 00,065,536 | ---- | C] () -- C:\Windows\System32\FatCopy.dll
[2009/03/14 05:37:05 | 00,061,952 | ---- | C] () -- C:\Windows\System32\FatResizeMove.dll
[2009/03/14 05:37:05 | 00,045,568 | ---- | C] () -- C:\Windows\System32\FileSystemCheck.dll
[2009/03/14 05:37:05 | 00,031,744 | ---- | C] () -- C:\Windows\System32\FatLib.dll
[2009/03/14 05:37:05 | 00,025,088 | ---- | C] () -- C:\Windows\System32\FATFileSystemAnalyser.dll
[2009/03/14 05:37:05 | 00,024,576 | ---- | C] () -- C:\Windows\System32\NTFSFileSystemAnalyser.dll
[2009/03/14 05:37:05 | 00,022,016 | ---- | C] () -- C:\Windows\System32\FatFormat.dll
[2009/03/14 05:37:05 | 00,021,504 | ---- | C] () -- C:\Windows\System32\Fixup.dll
[2009/03/14 05:37:05 | 00,017,920 | ---- | C] () -- C:\Windows\System32\SectorCopy.dll
[2009/03/14 05:37:05 | 00,014,848 | ---- | C] () -- C:\Windows\System32\FileSystemAnalyser.dll
[2009/03/14 05:37:05 | 00,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2009/03/14 05:37:05 | 00,010,752 | ---- | C] () -- C:\Windows\System32\DeviceAdapter.dll
[2009/03/14 05:37:05 | 00,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2009/03/14 05:37:05 | 00,006,656 | ---- | C] () -- C:\Windows\System32\CallbackOperator.dll
[2009/03/14 05:37:05 | 00,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2009/03/14 05:37:03 | 00,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2009/03/14 05:35:44 | 00,567,040 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbocx.ocx
[2009/03/14 05:35:44 | 00,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2009/03/14 05:35:44 | 00,001,127 | ---- | C] () -- C:\Users\Administrator\Desktop\LogonStudio Vista.lnk
[2009/03/14 05:35:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2009/03/13 05:32:36 | 00,000,000 | ---D | C] -- C:\Windows\Temp
[2009/03/13 02:19:25 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/03/11 14:49:25 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 14:49:24 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/11 10:01:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2009/03/11 07:41:19 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/03/11 00:56:18 | 00,033,340 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmsqlgc.dll
[2009/03/11 00:56:18 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbmsgnet.dll
[2009/03/11 00:56:18 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.728
[2009/03/11 00:56:06 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/03/11 00:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Sony
[2009/03/11 00:47:48 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/03/11 00:47:34 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/03/11 00:46:48 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/03/11 00:35:30 | 00,000,000 | ---D | C] -- C:\Program Files\iPod Access for Windows
[2009/03/11 00:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/03/10 23:21:55 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2009/03/10 23:19:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2009/03/10 23:09:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Blizzard Entertainment
[2009/03/10 22:54:55 | 00,000,172 | R--- | C] () -- C:\Users\Administrator\Desktop\Router Login.url
[2009/03/10 22:54:54 | 00,005,886 | ---- | C] () -- C:\Users\Administrator\Desktop\Router_Setup.html
[2009/03/10 21:49:26 | 00,049,904 | R--- | C] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS
[2009/03/10 21:48:04 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/03/10 16:28:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/10 16:28:09 | 00,000,000 | ---D | C] -- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/10 16:28:09 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/10 16:25:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/03/10 16:25:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/03/10 16:25:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/03/09 08:58:48 | 00,001,670 | ---- | C] () -- C:\Users\Administrator\Desktop\LimeWire PRO 5.0.11.lnk
[2009/03/09 08:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/03/08 11:13:46 | 00,000,785 | ---- | C] () -- C:\Users\Administrator\Desktop\Miranda IM.lnk
[2009/03/08 11:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Miranda IM
[2009/03/08 11:07:36 | 00,000,708 | ---- | C] () -- C:\Users\Administrator\Desktop\Ares.lnk
[2009/03/08 11:07:36 | 00,000,000 | ---D | C] -- C:\Program Files\Ares
[2009/03/08 09:29:13 | 00,189,072 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/03/08 08:03:14 | 00,000,472 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/03/08 08:03:09 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009/03/08 07:25:27 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/08 06:53:35 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/03/07 06:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2009/03/07 06:22:37 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/03/07 06:21:21 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/07 06:21:20 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/07 06:21:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/07 06:21:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/07 06:21:20 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/06 16:31:14 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/03/06 16:30:57 | 00,001,000 | ---- | C] () -- C:\Users\Administrator\Desktop\DVDVideoSoft Free Studio.lnk
[2009/03/06 16:30:57 | 00,000,000 | ---D | C] -- C:\Users\Administrator\Documents\DVDVideoSoft
[2009/03/06 16:26:18 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/06 16:26:18 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/06 16:26:18 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/06 16:26:18 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/06 16:26:18 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/06 16:26:18 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/06 16:26:17 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/06 16:26:16 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/06 16:24:05 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/06 16:24:05 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/06 16:24:04 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/06 16:24:01 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/06 16:24:00 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/06 16:23:42 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/03/06 15:58:12 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/03/06 15:58:12 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/03/06 15:58:12 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/03/06 15:58:12 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/03/06 15:58:11 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/03/06 15:57:56 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/03/06 15:57:55 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/03/06 15:57:54 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/03/06 15:57:54 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/03/06 15:57:52 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/06 15:57:51 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/06 15:57:51 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/06 15:57:51 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/06 15:57:51 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/06 15:57:51 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/06 15:57:51 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/06 15:57:51 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/06 15:57:51 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/06 15:57:48 | 00,885,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/03/06 15:57:48 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/03/06 15:57:48 | 00,009,127 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/03/06 15:57:48 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/03/06 15:57:47 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/03/06 15:57:47 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/03/06 15:57:46 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/03/06 15:57:46 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/03/06 15:57:43 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/03/06 15:57:42 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/03/06 15:57:41 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/03/06 15:57:39 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/03/06 15:57:37 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/03/06 15:57:36 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/03/06 15:57:36 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/03/06 15:57:36 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/03/06 15:57:36 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/03/06 15:57:36 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/03/06 15:57:36 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/03/06 15:57:33 | 00,625,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/03/06 15:57:33 | 00,565,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/03/06 15:57:33 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/03/06 15:57:33 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/03/06 15:57:33 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/03/06 15:57:31 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/03/06 15:57:31 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/03/06 15:57:30 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/03/06 15:57:30 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/03/06 15:57:30 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/03/06 15:57:30 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/03/06 15:57:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/03/06 15:57:28 | 03,601,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/03/06 15:57:27 | 03,549,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/03/06 15:57:27 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/03/06 15:54:47 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/03/06 15:53:17 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009/03/06 15:53:17 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009/03/06 15:53:17 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009/03/06 15:53:17 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009/03/06 15:53:14 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009/03/06 15:53:14 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009/03/06 15:53:14 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009/03/06 15:53:12 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009/03/06 15:53:12 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009/03/04 06:48:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2009/03/04 05:17:14 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/03/04 05:17:14 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/03/04 05:14:13 | 00,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 14:47:56 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

========== Files - Modified Within 30 Days ==========

[2009/03/18 10:40:43 | 00,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/03/18 10:40:43 | 00,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/03/18 10:32:32 | 00,498,176 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTListIt2.exe
[2009/03/18 10:32:17 | 00,267,612 | ---- | M] () -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/03/18 10:29:07 | 00,708,868 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/03/18 10:29:07 | 00,613,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/03/18 10:29:07 | 00,108,828 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/03/18 10:29:05 | 00,002,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
[2009/03/18 09:14:12 | 34,164,994 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/03/18 08:55:44 | 00,040,448 | ---- | M] (Johnson-Grace Company) -- C:\Windows\Xdakohekafo.dll
[2009/03/18 08:55:44 | 00,040,448 | ---- | M] (Johnson-Grace Company) -- C:\Windows\System32\KuzSmall.exe
[2009/03/18 04:41:10 | 00,048,887 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/03/18 04:41:10 | 00,048,887 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/03/18 04:40:41 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/18 04:39:03 | 02,868,471 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/03/18 04:36:41 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/03/18 04:33:48 | 00,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/03/18 04:26:50 | 00,000,386 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2009/03/18 04:18:04 | 00,332,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/18 03:51:48 | 00,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/18 03:38:53 | 00,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2009/03/18 03:07:30 | 00,046,080 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2009/03/18 03:05:52 | 00,089,088 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2009/03/18 03:03:45 | 00,001,610 | ---- | M] () -- C:\Users\Public\Desktop\TweakVI.lnk
[2009/03/18 03:02:05 | 00,000,052 | ---- | M] () -- C:\Windows\System32\acttvi.ini
[2009/03/18 02:03:11 | 00,041,163 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/03/18 02:00:20 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/03/18 02:00:19 | 00,107,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/03/18 02:00:16 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/03/18 02:00:16 | 00,401,372 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/03/18 02:00:16 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/03/18 02:00:16 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/03/17 03:16:40 | 01,609,728 | ---- | M] () -- C:\Windows\MEDB.mdb
[2009/03/16 14:51:32 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/03/16 14:51:32 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/03/16 14:16:40 | 00,138,920 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/03/16 07:23:22 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2009/03/16 07:22:43 | 00,000,200 | ---- | M] () -- C:\Windows\tasks\Launch 19695.job
[2009/03/15 08:42:59 | 00,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D19B99F0-6764-4C5E-AFB6-714479FB0D6F}.job
[2009/03/14 20:14:15 | 00,000,287 | ---- | M] () -- C:\Windows\game.ini
[2009/03/14 06:06:34 | 00,000,197 | ---- | M] () -- C:\prefs.js
[2009/03/14 05:52:41 | 00,615,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/03/14 05:52:41 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/03/14 05:52:41 | 00,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
[2009/03/14 05:41:18 | 19,395,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2009/03/14 05:35:44 | 00,001,127 | ---- | M] () -- C:\Users\Administrator\Desktop\LogonStudio Vista.lnk
[2009/03/11 00:56:18 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cliconfg.728
[2009/03/10 22:54:55 | 00,005,886 | ---- | M] () -- C:\Users\Administrator\Desktop\Router_Setup.html
[2009/03/10 16:26:16 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/03/09 15:06:57 | 00,015,688 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/03/09 15:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/03/09 08:58:48 | 00,001,670 | ---- | M] () -- C:\Users\Administrator\Desktop\LimeWire PRO 5.0.11.lnk
[2009/03/08 11:13:46 | 00,000,785 | ---- | M] () -- C:\Users\Administrator\Desktop\Miranda IM.lnk
[2009/03/08 11:07:36 | 00,000,708 | ---- | M] () -- C:\Users\Administrator\Desktop\Ares.lnk
[2009/03/08 09:29:05 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009/03/08 07:25:27 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/03/08 06:44:27 | 00,251,392 | ---- | M] () -- C:\Users\Administrator\Desktop\hijackthis_sfx.exe
[2009/03/06 16:30:57 | 00,001,000 | ---- | M] () -- C:\Users\Administrator\Desktop\DVDVideoSoft Free Studio.lnk
[2009/03/04 05:17:14 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/03/04 05:14:13 | 00,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 14:47:56 | 00,042,320 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009/02/25 16:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:61435A52
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP