I thought I had the Conficker virus, although I have not used any stick media. I have had trouble since last week with Firefox being redirected to bogus websites. I was also experiencing browser and email crashes (I use Eudora Light). I can't run regedit, and I can't navigate to many security update websites, unless I type them in manually. (Searches redirect.) I see a phantom IEexplorer running under my name whenever I reboot, but I do not have IE Explorer in my startup, and I do not even use it! (I use Firefox) I have gone through the Malware removal steps, and also tried steps recommended by my PC Tech. While my PC performance is improved, the virus/bug still exists. I am running Windows XP Professional. I have tried:
Norton Internet Security 2005 (with Antivirus)
updating Windows (virus prevented me from installing IE7)
installed and ran Spybot Search and Destroy
CWshredder
HijackThis
MalwareBytes
AVG (can't get updates, though)
ATF cleaner
ERUNT
rooter (log attached)
OLTI2 (log attached)
There is a suspicious System file running in my task list that is consuming 63386 K of memory. My laptop System file uses 164 K of memory. Besides that and the phantom IE Explorer, I can't find the source.
Ann
OTListIt logfile created on: 4/14/2009 11:53:59 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\bin\olti
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy
511.49 Mb Total Physical Memory | 230.34 Mb Available Physical Memory | 45.03% Memory free
1.22 Gb Paging File | 0.96 Gb Available in Paging File | 78.81% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 41.06 Gb Free Space | 55.11% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: AMD
Current User Name: heinke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\FaxTalk Messenger Pro 7.5\FTMSGSVC.EXE (Thought Communications, Inc.)
PRC - C:\Program Files\FaxTalk Messenger Pro 7.5\FAPIEXE.EXE (Thought Communications, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
PRC - C:\Program Files\FaxTalk Messenger Pro 7.5\FTClCtrl.exe (Thought Communications, Inc.)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Windows\Backup\sched95.exe ()
PRC - C:\Windows\Backup\Csdm32.exe (Computer Associates International, Inc.)
PRC - C:\Program Files\Mke\Ls120\Mkewatch.exe (Matsushita-Kotobuki Electronics)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\bin\olti\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (DOORS DB Server 9.0 00001 [Auto | Stopped]) -- C:\Program Files\Telelogic\DOORS 9.0\bin\doorsd.exe (Telelogic AB)
SRV - (FaxTalk Messenger Pro 7.5 [Auto | Running]) -- C:\Program Files\FaxTalk Messenger Pro 7.5\FTMSGSVC.EXE (Thought Communications, Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
========== Driver Services (SafeList) ==========
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ati2mtaa [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Roxio)
DRV - (FETNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (HCF_MSFT [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys (Conexant)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Roxio)
DRV - (NtApm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NtApm.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Roxio)
DRV - (scsiscan [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\scsiscan.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (Udfreadr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ac97via.sys (VIA Technologies, Inc.)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.zacksadvisor.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://64.29.17.141/search.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://stockcharts.c...com/index.html"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {1d5287d1-8a92-0001-1f31-1cec198018d8}:2.0.20080710
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/06 17:08:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/13 16:22:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\PROGRAM FILES\AVG\AVG8\TOOLBARFF [2009/04/13 16:22:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2005/01/28 16:44:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2005/01/28 16:44:28 | 00,000,000 | ---D | M]
[2009/02/03 09:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\heinke\Application Data\mozilla\Extensions
[2009/02/03 09:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\heinke\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/11 22:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\heinke\Application Data\mozilla\Firefox\Profiles\3dctn35j.default\extensions
[2005/01/28 16:49:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2005/01/28 16:49:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/06 17:08:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/09 09:52:56 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/09 09:52:56 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/09 09:53:02 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/09 09:53:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/09 09:53:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/09 09:53:02 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/09 09:53:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/09 09:53:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/09 09:53:02 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (760 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.61.4 SPHYNX
O1 - Hosts:
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
O4 - HKLM..\Run: [%%DELETE_VALUE%%] CreateCD50 File not found
O4 - HKLM..\Run: [AdaptecDirectCD] c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FaxTalk Messenger Pro 7.5] "C:\Program Files\FaxTalk Messenger Pro 7.5\FTClCtrl.exe" (Thought Communications, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cheyenne Backup Scheduler.lnk = C:\Windows\Backup\sched95.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\Osa9.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice\Office\Fastboot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Drive Monitor.lnk = C:\Windows\Backup\Csdm32.exe (Computer Associates International, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver Configuration.lnk = C:\Program Files\Mke\Ls120\Mkewatch.exe (Matsushita-Kotobuki Electronics)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\heinke\Start Menu\Programs\Startup\MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe (SharewareOnline.com, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {31564D57-0000-0010-8000-00AA00389B71} http://codecs.micros.../i386/wmvax.cab (Reg Error: Key error.)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwha.ops.pl...quicksilver.cab (Quicksilver Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1239464171155 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7874.4541550926 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CEBC955E-58AF-11D2-A30A-00A0C903492B} http://windowsupdate...en/actsetup.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://c:\windows\SYSTEM\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://c:\windows\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM\Userinit.exe) - C:\WINDOWS\SYSTEM\Userinit.exe File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\ebxcicoy.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\PROGRAM FILES\QUALCOMM\EUDORA\EUSHLEXT.DLL (Qualcomm Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.DOS () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.VIA () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.NS0 () - [ FAT32 ]
O32 - Autorun File - C:\autoexec.pbf () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.OLD () - [ FAT32 ]
O32 - Autorun File - C:\autoexec.nai () - [ FAT32 ]
O32 - Autorun File - C:\Autoexec.bat () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.NS1 () - [ FAT32 ]
O32 - Autorun File - C:\AUTOEXEC.BAK () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/04/14 11:49:44 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/14 09:40:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/14 09:36:35 | 00,000,515 | ---- | C] () -- C:\DOCUME~1\heinke\Desktop\NTREGOPT.lnk
[2009/04/14 09:36:35 | 00,000,496 | ---- | C] () -- C:\DOCUME~1\heinke\Desktop\ERUNT.lnk
[2009/04/14 09:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/13 19:20:00 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/13 16:40:42 | 53,639,9872 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 16:22:54 | 00,001,411 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/04/13 16:22:53 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/13 16:22:51 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/13 16:22:35 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/13 16:22:34 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/13 16:22:31 | 34,395,507 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/13 16:22:31 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/13 16:22:31 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/13 16:22:31 | 00,057,798 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/13 16:22:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/13 16:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\heinke\Application Data\AVGTOOLBAR
[2009/04/13 16:22:22 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/13 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/04/13 13:11:51 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/04/13 13:05:53 | 00,000,163 | ---- | C] () -- C:\WINDOWS\_ISNU.INI
[2009/04/13 13:05:49 | 00,282,206 | ---- | C] () -- C:\WINDOWS\_detmp.1
[2009/04/13 13:05:49 | 00,258,048 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\_detmp.2
[2009/04/13 08:18:39 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/13 08:18:39 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/11 18:50:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/04/11 15:49:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/04/11 15:25:39 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/11 15:25:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/04/11 15:24:50 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/04/11 15:24:13 | 00,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2009/04/11 15:24:12 | 00,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2009/04/11 15:24:04 | 00,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2009/04/11 15:24:04 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2009/04/11 15:24:04 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2009/04/11 15:24:02 | 00,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2009/04/11 15:23:59 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2009/04/11 14:30:30 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/04/11 14:29:44 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/04/11 14:29:21 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/04/11 14:29:21 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/04/11 14:29:21 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/04/11 14:29:21 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/04/11 14:29:21 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/04/11 14:29:17 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/04/11 14:29:17 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/04/11 14:29:17 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/04/11 14:29:17 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/04/11 14:29:16 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/04/11 14:29:16 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/04/11 14:29:16 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/04/11 14:29:16 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/04/11 14:29:16 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/04/11 14:29:16 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/04/11 14:29:05 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/04/11 14:29:05 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/04/11 14:29:05 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/04/11 14:29:05 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/04/11 14:29:02 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/04/11 14:28:11 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/04/11 14:28:11 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/04/11 14:28:11 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/04/11 14:28:11 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/04/11 14:28:11 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/04/11 14:28:11 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/04/11 14:28:07 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/04/11 14:28:07 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/04/11 14:28:07 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/04/11 14:28:07 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/04/11 14:28:07 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/04/11 14:28:06 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/04/11 14:28:05 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/04/11 14:28:05 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/04/11 14:28:05 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/04/11 14:28:04 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/04/11 14:28:04 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/04/11 14:28:04 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/04/11 14:28:04 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/04/11 14:28:04 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/04/11 14:28:04 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/04/11 14:28:04 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/04/11 14:28:04 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/04/11 14:28:04 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/04/11 14:28:04 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/04/11 14:28:04 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/04/11 14:28:04 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/04/11 14:28:04 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/04/11 14:28:03 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/04/11 14:28:03 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/04/11 14:28:03 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/04/11 14:28:03 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/04/11 14:28:03 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/04/11 14:28:03 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/04/11 14:28:03 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/04/11 14:28:03 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/04/11 14:28:03 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/04/11 14:28:03 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/04/11 14:28:03 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/04/11 14:28:03 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/04/11 14:28:03 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/04/11 14:28:03 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/04/11 14:28:03 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/04/11 14:28:03 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/04/11 14:28:03 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/04/11 14:28:03 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/04/11 14:28:03 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/04/11 14:28:03 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/04/11 14:28:03 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/04/11 14:28:03 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/04/11 14:28:03 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/04/11 14:28:03 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/04/11 14:28:03 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/04/11 14:28:03 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/04/11 14:28:03 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/04/11 14:28:00 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/04/11 14:27:59 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/04/11 14:27:59 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/04/11 14:27:59 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/04/11 14:27:59 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/04/11 14:27:59 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/04/11 14:27:59 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/04/11 14:27:59 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/04/11 14:27:59 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/04/11 14:27:59 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/04/11 14:27:59 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/04/11 14:19:14 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/04/11 14:11:16 | 00,666,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/04/11 14:11:14 | 00,619,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/04/11 14:11:09 | 01,499,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/04/11 14:10:44 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/11 14:10:42 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/11 14:10:41 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/11 14:10:39 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/04/11 14:10:33 | 03,067,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/04/11 12:24:02 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/04/11 12:23:52 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/04/11 11:41:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\heinke\Application Data\Malwarebytes
[2009/04/11 11:41:05 | 00,000,600 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/11 11:41:04 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 11:41:01 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 11:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 11:40:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 09:45:44 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/04/11 09:37:20 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2009/04/11 09:28:31 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2009/04/10 15:52:44 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/04/10 15:38:08 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/10 15:14:48 | 00,001,638 | ---- | C] () -- C:\DOCUME~1\heinke\Desktop\HijackThis.lnk
[2009/04/10 15:14:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/10 14:41:42 | 00,011,264 | -HS- | C] () -- C:\Thumbs.db
[2009/04/10 13:18:20 | 00,000,374 | ---- | C] () -- C:\beige111.html
[2009/04/09 15:31:03 | 00,000,153 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/09 12:06:05 | 00,000,837 | ---- | C] () -- C:\DOCUME~1\heinke\Desktop\Spybot - Search & Destroy.lnk
[2009/04/09 12:05:50 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/09 12:05:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/09 09:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/08/27 16:28:40 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/07/15 09:04:39 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2008/07/14 08:29:17 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/07/11 22:57:29 | 00,000,457 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/07/11 22:41:57 | 00,004,018 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2008/07/11 22:41:57 | 00,001,633 | ---- | C] () -- C:\WINDOWS\PPAAT130.ini
[2008/07/11 22:41:57 | 00,000,517 | ---- | C] () -- C:\WINDOWS\EPSQ20.INI
[2008/07/11 22:41:57 | 00,000,124 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/07/11 22:41:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRINTSERVER.INI
[2008/07/11 22:41:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Eudora.ini
[2008/07/11 22:41:56 | 00,012,918 | ---- | C] () -- C:\WINDOWS\Opera.ini
[2008/07/11 22:41:56 | 00,012,476 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2008/07/11 22:41:56 | 00,004,309 | ---- | C] () -- C:\WINDOWS\IF40LE.INI
[2008/07/11 22:41:56 | 00,003,455 | ---- | C] () -- C:\WINDOWS\WPR.INI
[2008/07/11 22:41:56 | 00,002,129 | ---- | C] () -- C:\WINDOWS\ascd_tmp.ini
[2008/07/11 22:41:56 | 00,001,367 | ---- | C] () -- C:\WINDOWS\Mpcwin99.ini
[2008/07/11 22:41:56 | 00,001,325 | ---- | C] () -- C:\WINDOWS\VTWAIN.INI
[2008/07/11 22:41:56 | 00,001,147 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2008/07/11 22:41:56 | 00,001,045 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/11 22:41:56 | 00,000,892 | ---- | C] () -- C:\WINDOWS\HPFDJC02.INI
[2008/07/11 22:41:56 | 00,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2008/07/11 22:41:56 | 00,000,612 | ---- | C] () -- C:\WINDOWS\BUSWTY97.INI
[2008/07/11 22:41:56 | 00,000,467 | ---- | C] () -- C:\WINDOWS\qbwcd.ini
[2008/07/11 22:41:56 | 00,000,366 | ---- | C] () -- C:\WINDOWS\sxgma.ini
[2008/07/11 22:41:56 | 00,000,345 | ---- | C] () -- C:\WINDOWS\ezscsi.ini
[2008/07/11 22:41:56 | 00,000,259 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2008/07/11 22:41:56 | 00,000,232 | ---- | C] () -- C:\WINDOWS\NETSCAPE.INI
[2008/07/11 22:41:56 | 00,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2008/07/11 22:41:56 | 00,000,182 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/07/11 22:41:56 | 00,000,177 | ---- | C] () -- C:\WINDOWS\vatwain.ini
[2008/07/11 22:41:56 | 00,000,162 | ---- | C] () -- C:\WINDOWS\VWGSMM.INI
[2008/07/11 22:41:56 | 00,000,122 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2008/07/11 22:41:56 | 00,000,121 | ---- | C] () -- C:\WINDOWS\PEXPLORE.INI
[2008/07/11 22:41:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/07/11 22:41:56 | 00,000,120 | ---- | C] () -- C:\WINDOWS\MSMAIL32.INI
[2008/07/11 22:41:56 | 00,000,114 | ---- | C] () -- C:\WINDOWS\UMAXDRV.INI
[2008/07/11 22:41:56 | 00,000,103 | ---- | C] () -- C:\WINDOWS\WEBLINK.INI
[2008/07/11 22:41:56 | 00,000,066 | ---- | C] () -- C:\WINDOWS\HPCK2.INI
[2008/07/11 22:41:56 | 00,000,066 | ---- | C] () -- C:\WINDOWS\HPCK.INI
[2008/07/11 22:41:56 | 00,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/07/11 22:41:56 | 00,000,050 | ---- | C] () -- C:\WINDOWS\winfile.ini
[2008/07/11 22:41:56 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/07/11 22:41:56 | 00,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/07/11 22:41:56 | 00,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/07/11 22:41:56 | 00,000,027 | ---- | C] () -- C:\WINDOWS\ACROGRAF.INI
[2008/07/11 22:41:56 | 00,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2008/07/11 22:41:56 | 00,000,016 | ---- | C] () -- C:\WINDOWS\QH32.INI
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\RAMDIAG.INI
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PMVIEWER.INI
[2008/07/11 22:41:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2008/07/11 22:41:55 | 00,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2008/07/11 22:41:55 | 00,005,068 | ---- | C] () -- C:\WINDOWS\DELETEFI.INI
[2008/07/11 22:41:55 | 00,003,598 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2008/07/11 22:41:55 | 00,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2008/07/11 21:46:58 | 00,002,843 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/07/11 21:46:24 | 00,000,539 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/07/08 12:07:01 | 00,032,768 | ---- | C] () -- C:\WINDOWS\WebVpnRegKey6-webvpn-emssatcom-com.dll
[2006/04/20 08:34:38 | 00,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2006/04/20 08:34:24 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/04 12:00:00 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\linhexq.dll
[2004/08/04 12:00:00 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\ebxcicoy.dll
[2003/01/17 05:50:44 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/11 10:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2001/03/09 17:50:23 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2000/11/27 11:24:33 | 00,020,556 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
[2000/04/07 16:19:52 | 00,111,104 | ---- | C] () -- C:\WINDOWS\System32\mvcl13n.dll
[2000/04/06 12:19:19 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\PMSBFN32.DLL
[2000/04/06 12:04:15 | 00,049,152 | ---- | C] () -- C:\WINDOWS\UCM_32.DLL
[2000/04/06 12:04:14 | 00,056,832 | ---- | C] () -- C:\WINDOWS\UCM_16.DLL
[2000/04/06 12:04:13 | 00,210,944 | ---- | C] () -- C:\WINDOWS\MSVCRT10.DLL
[2000/04/06 12:04:13 | 00,070,548 | ---- | C] () -- C:\WINDOWS\KPMON.DLL
[2000/04/06 12:04:13 | 00,050,176 | ---- | C] () -- C:\WINDOWS\KPCP.DLL
[2000/04/06 12:04:12 | 00,131,264 | ---- | C] () -- C:\WINDOWS\KCME0.DLL
[2000/04/06 12:04:12 | 00,098,236 | ---- | C] () -- C:\WINDOWS\KCME1.DLL
[2000/04/06 12:04:12 | 00,096,256 | ---- | C] () -- C:\WINDOWS\KPAPI.DLL
[2000/04/06 12:04:12 | 00,017,920 | ---- | C] () -- C:\WINDOWS\KCMS_SYS.DLL
[2000/04/06 12:04:10 | 00,097,914 | ---- | C] () -- C:\WINDOWS\32KCME0.DLL
[2000/04/06 12:04:08 | 00,463,888 | ---- | C] () -- C:\WINDOWS\VSTASCAN.DLL
[2000/04/06 12:04:08 | 00,182,816 | ---- | C] () -- C:\WINDOWS\UDEPP32.DLL
[2000/04/06 12:04:08 | 00,017,920 | ---- | C] () -- C:\WINDOWS\VS32.DLL
[2000/04/06 12:04:08 | 00,011,280 | ---- | C] () -- C:\WINDOWS\VS16.DLL
[2000/04/06 12:04:07 | 00,237,072 | ---- | C] () -- C:\WINDOWS\UDEPP16.DLL
[2000/04/06 12:04:03 | 00,023,552 | ---- | C] () -- C:\WINDOWS\VSCLI32.DLL
[2000/04/06 12:04:03 | 00,019,456 | ---- | C] () -- C:\WINDOWS\UMAX_CLI.DLL
[2000/04/06 11:50:21 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2000/04/06 11:50:10 | 00,093,184 | ---- | C] () -- C:\WINDOWS\KPAPI32.DLL
[2000/02/26 12:14:41 | 00,080,624 | ---- | C] () -- C:\WINDOWS\System32\SH31W32.DLL
[2000/02/25 16:44:20 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\ATIICDXX.SYS
[2000/02/25 16:33:33 | 00,028,672 | ---- | C] () -- C:\WINDOWS\OIDUTS.DLL
[2000/02/25 16:33:20 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\sxgcpu.dll
[2000/02/08 02:05:36 | 00,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[1999/09/23 05:01:00 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\crush32.dll
[1999/09/23 05:01:00 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\scheidle.dll
[1999/09/23 05:01:00 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\format32.dll
[1996/07/31 00:00:00 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1980/01/01 00:00:00 | 00,222,390 | ---- | C] () -- C:\WINDOWS\IO.SYS
[1980/01/01 00:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[1980/01/01 00:00:00 | 00,000,007 | ---- | C] () -- C:\WINDOWS\MSDOS.SYS
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[13 C:\WINDOWS\*.tmp files]
[2009/04/14 10:21:14 | 00,000,743 | ---- | M] () -- C:\Documents and Settings\heinke\Start Menu\Programs\Startup\MemTurbo.lnk
[2009/04/14 10:21:04 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/04/14 10:20:02 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/14 10:19:32 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/14 10:16:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/14 10:16:02 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/14 10:16:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/14 09:36:36 | 00,000,515 | ---- | M] () -- C:\DOCUME~1\heinke\Desktop\NTREGOPT.lnk
[2009/04/14 09:36:36 | 00,000,496 | ---- | M] () -- C:\DOCUME~1\heinke\Desktop\ERUNT.lnk
[2009/04/14 06:47:12 | 00,002,843 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/13 16:22:56 | 00,001,411 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG Free 8.5.lnk
[2009/04/13 16:22:54 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/13 16:22:52 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/13 16:22:36 | 34,395,507 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/13 16:22:36 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/13 16:22:36 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/13 16:22:32 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/13 16:22:32 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/13 16:22:32 | 00,057,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/13 13:05:54 | 00,000,163 | ---- | M] () -- C:\WINDOWS\_ISNU.INI
[2009/04/13 11:24:24 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/13 11:15:48 | 00,429,666 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/13 11:15:48 | 00,374,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/13 11:15:48 | 00,050,532 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/13 10:18:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/13 08:18:40 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/11 18:55:14 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/04/11 18:50:14 | 00,228,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/11 11:41:06 | 00,000,600 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/10 16:42:46 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGULOCS.OLD
[2009/04/10 16:42:46 | 00,000,000 | ---- | M] () -- C:\WINDOWS\REGCARDS.OLD
[2009/04/10 15:14:50 | 00,001,638 | ---- | M] () -- C:\DOCUME~1\heinke\Desktop\HijackThis.lnk
[2009/04/10 14:41:44 | 00,011,264 | -HS- | M] () -- C:\Thumbs.db
[2009/04/10 13:18:22 | 00,000,374 | ---- | M] () -- C:\beige111.html
[2009/04/10 08:16:30 | 00,000,539 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/10 08:16:30 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/04/09 15:31:04 | 00,000,153 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/09 15:10:42 | 00,000,124 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2009/04/09 12:06:06 | 00,000,837 | ---- | M] () -- C:\DOCUME~1\heinke\Desktop\Spybot - Search & Destroy.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/01 14:00:02 | 00,000,502 | ---- | M] () -- C:\WINDOWS\tasks\Tune-up Application Start.job
< End of report >
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - FAT32 - (Total:76297 Mo/Free:1087 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
Tue 04/14/2009|11:50
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\AVG\AVG8\avgrsx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\FaxTalk Messenger Pro 7.5\FTMSGSVC.EXE
---------- C:\Program Files\FaxTalk Messenger Pro 7.5\FAPIEXE.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
---------- C:\Program Files\FaxTalk Messenger Pro 7.5\FTClCtrl.exe
---------- C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Windows\Backup\sched95.exe
---------- C:\Windows\Backup\Csdm32.exe
---------- C:\Program Files\Mke\Ls120\Mkewatch.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\WINDOWS\system32\taskmgr.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Tue 04/14/2009|11:50