Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Live Messenger Virus


  • Please log in to reply

#1
Shnookems

Shnookems

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I recently got a Windows Live virus, and can't seem to shake it from my system. It logs me out at random intervals saying something along the lines of "You have logged in to MSN at another location". Also, my contacts say that I send them spam messages containing links.

I ran AVG, and went through the Malware Cleaning Guide.

Thanks a ton for your help & time! :)


Log:

OTListIt logfile created on: 07/05/2009 9:38:44 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Users\Daniel\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18762)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 68.63% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 111.31 Gb Free Space | 47.80% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 62.87 Gb Free Space | 13.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-PC
Current User Name: Daniel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Razer\Copperhead\razerhid.exe ()
PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Razer\Copperhead\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\Copperhead\razerofa.exe (Razer Inc.)
PRC - C:\Windows\runservice.exe ()
PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Daniel\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (avg8emc [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [Auto | Running]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CscService [Auto | Running]) -- C:\Windows\sysnative\cscsvc.dll ()
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Fax [On_Demand | Stopped]) -- C:\Windows\sysnative\fxssvc.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (LicCtrlService [Auto | Running]) -- C:\Windows\runservice.exe ()
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PerfHost [On_Demand | Stopped]) -- C:\Windows\SysWow64\perfhost.exe (Microsoft Corporation)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UmRdpService [On_Demand | Stopped]) -- C:\Windows\sysnative\umrdp.dll ()
SRV - (wbengine [On_Demand | Stopped]) -- C:\Windows\sysnative\wbengine.exe ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx64 [System | Running]) -- C:\Windows\sysnative\Drivers\avgldx64.sys ()
DRV - (AvgMfx64 [System | Running]) -- C:\Windows\sysnative\Drivers\avgmfx64.sys ()
DRV - (AvgTdiA [System | Running]) -- C:\Windows\sysnative\Drivers\avgtdia.sys ()
DRV - (COMMONFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\COMMONFX.DLL ()
DRV - (copperhd [On_Demand | Running]) -- C:\Windows\sysnative\drivers\copperhd.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\sysnative\drivers\csc.sys ()
DRV - (CT20XUT.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CT20XUT.DLL ()
DRV - (ctac32k [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ctac32k.sys ()
DRV - (ctaud2k [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ctaud2k.sys ()
DRV - (CTAUDFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTAUDFX.DLL ()
DRV - (CTEAPSFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTEAPSFX.DLL ()
DRV - (CTEDSPFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTEDSPFX.DLL ()
DRV - (CTEDSPIO.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTEDSPIO.DLL ()
DRV - (CTEDSPSY.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTEDSPSY.DLL ()
DRV - (CTERFXFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTERFXFX.DLL ()
DRV - (CTEXFIFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTEXFIFX.DLL ()
DRV - (CTHWIUT.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTHWIUT.DLL ()
DRV - (ctprxy2k [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ctprxy2k.sys ()
DRV - (CTSBLFX.DLL [On_Demand | Stopped]) -- C:\Windows\sysnative\CTSBLFX.DLL ()
DRV - (ctsfm2k [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ctsfm2k.sys ()
DRV - (emupia [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\emupia2k.sys ()
DRV - (ENTECH64 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\ENTECH64.sys ()
DRV - (FET5A64 [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\fet5a64.sys ()
DRV - (FETNDISB [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\dlkf5a64.sys ()
DRV - (fvevol [Boot | Running]) -- C:\Windows\sysnative\DRIVERS\fvevol.sys ()
DRV - (ha10kx2k [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ha10kx2k.sys ()
DRV - (hamachi [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\hamachi.sys ()
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\HdAudio.sys ()
DRV - (L1E [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\L1E60x64.sys ()
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\ASACPI.sys ()
DRV - (ossrv [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\ctoss2k.sys ()
DRV - (SCDEmu [System | Running]) -- C:\Windows\sysnative\drivers\scdemu.sys ()
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\sysnative\drivers\usbaudio.sys ()
DRV - (WinRing0_1_2_0 [On_Demand | Stopped]) -- C:\Users\Daniel\Desktop\Daniel\CPU Test\Real Temp 3\WinRing0x64.sys (OpenLibSys.org)
DRV - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\sysnative\DRIVERS\wpdusb.sys ()
DRV - (xnacc [On_Demand | Running]) -- C:\Windows\sysnative\DRIVERS\xnacc.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090428

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES (X86)\AVG\AVG8\FIREFOX [2009/05/03 12:58:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/07 19:26:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\WINDOWS.OLD.000\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/04/28 12:23:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\WINDOWS.OLD.000\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/05/06 18:58:36 | 00,000,000 | ---D | M]

[2009/03/05 21:12:26 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2009/03/05 21:12:26 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/07 01:40:49 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\xzw02adj.default\extensions
[2009/04/29 23:48:48 | 00,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\xzw02adj.default\extensions\nasanightlaunch@example.com

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Copperhead] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe" ()
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe" ()
O4 - HKCU..\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 (Creative Technology Limited)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/13 21:56:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/05/07 21:38:13 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTListIt2.exe
[2009/05/07 21:27:18 | 00,267,612 | ---- | C] () -- C:\Users\Daniel\Desktop\Rooter.exe
[2009/05/07 21:12:19 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2009/05/07 21:12:18 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/07 21:12:18 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 21:12:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/07 21:12:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/07 21:12:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/05/07 21:00:49 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/07 20:59:43 | 00,000,763 | ---- | C] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2009/05/07 20:59:43 | 00,000,744 | ---- | C] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2009/05/07 20:59:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2009/05/07 19:23:31 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/05/07 19:23:30 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/05/07 19:23:30 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/05/07 19:23:30 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/05/07 19:23:30 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/05/07 19:23:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/05/07 19:23:26 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/05/07 19:23:25 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/05/07 19:18:50 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/05/07 19:18:43 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/05/07 19:18:38 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/05/07 19:18:36 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/05/07 19:18:35 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/05/07 19:16:35 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/05/07 19:13:16 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/07 19:13:16 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/07 19:13:16 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/07 19:12:32 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/07 19:12:32 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/07 19:12:32 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/07 19:12:32 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/07 19:12:32 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/07 19:12:32 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/07 19:12:32 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/07 19:12:32 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/07 19:12:32 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/07 19:12:31 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/07 19:12:31 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/07 19:12:31 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/07 19:12:31 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/07 19:12:31 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/07 19:12:31 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/07 19:12:31 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/07 19:12:31 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/07 19:12:31 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/07 19:12:31 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/07 19:12:31 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/07 19:12:31 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/07 19:12:30 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/07 19:12:30 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/07 19:12:30 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/07 19:12:30 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/07 19:12:30 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/07 19:12:30 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/07 19:12:30 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/07 19:12:30 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/07 19:12:30 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/07 19:12:30 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/07 19:12:30 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/07 19:12:30 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/07 19:12:30 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/07 19:12:30 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/07 19:12:30 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/07 19:12:29 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/07 19:12:29 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/07 19:12:29 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/07 19:12:29 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/07 19:12:29 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/07 19:12:29 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/07 19:12:29 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/07 19:12:29 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/07 19:12:29 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/07 19:12:29 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/07 19:12:29 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/07 19:12:29 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/07 19:12:29 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/07 19:12:29 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/07 19:12:28 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/07 19:12:28 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/07 18:53:14 | 01,191,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/05/07 18:52:57 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/05/07 18:52:34 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/05/07 18:52:32 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/05/07 18:52:26 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\traffic.dll
[2009/05/07 18:52:25 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/05/07 18:52:25 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2009/05/07 18:52:25 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshqos.dll
[2009/05/07 18:52:22 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/05/07 18:52:00 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/05/07 18:52:00 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/05/07 18:51:51 | 00,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/05/07 18:50:38 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/05/07 18:50:38 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/05/07 18:50:38 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/05/07 18:50:38 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/05/07 18:50:38 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/05/07 18:50:37 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/05/07 18:50:36 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/05/07 18:50:35 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/05/07 18:50:35 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/05/07 18:50:30 | 00,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/05/07 18:50:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/05/07 18:50:30 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/05/07 18:50:30 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/05/07 18:50:29 | 03,080,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/05/07 18:50:28 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe
[2009/05/07 18:50:27 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/05/07 18:50:27 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/05/07 18:50:27 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/05/07 18:50:27 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/05/07 18:50:27 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/05/07 18:50:27 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/05/07 18:50:26 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/05/07 18:50:22 | 00,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/05/07 18:50:21 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/05/07 18:50:20 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
[2009/05/07 18:50:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
[2009/05/07 18:50:20 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/05/07 18:50:19 | 00,738,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/05/07 18:50:18 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/05/07 18:50:17 | 00,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/05/07 18:50:16 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/05/07 18:49:01 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/05/07 18:48:59 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/05/07 18:48:59 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/05/07 18:44:44 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/05/07 17:39:15 | 00,002,636 | ---- | C] () -- C:\Users\Daniel\Documents\Register DVD Architect Pro1.htm
[2009/05/07 17:34:51 | 00,001,875 | ---- | C] () -- C:\Users\Public\Desktop\DVD Architect Pro 4.5.lnk
[2009/05/07 17:29:33 | 00,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/05/06 18:58:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/05/06 18:58:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/05/06 18:58:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/05/06 18:57:48 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/05/06 18:57:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/05/06 18:56:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/05/06 18:55:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009/05/06 18:55:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/05/03 17:57:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2009/05/03 12:59:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\avg
[2009/05/03 12:58:44 | 00,001,689 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/05/03 12:58:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2009/05/03 12:58:01 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/05/02 00:27:29 | 00,000,000 | ---D | C] -- C:\temp
[2009/05/02 00:12:15 | 00,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/05/02 00:12:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2009/05/01 23:59:32 | 00,000,000 | ---- | C] () -- C:\Debug.QC6
[2009/04/30 20:23:59 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Tideland
[2009/04/25 23:15:40 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Hamachi
[2009/04/25 11:31:10 | 27,728,28160 | ---- | C] () -- C:\Users\Daniel\Desktop\sr-towar.iso
[2009/04/23 19:48:08 | 00,001,127 | ---- | C] () -- C:\Users\Daniel\Desktop\Warlords.lnk
[2009/04/20 22:01:48 | 00,000,000 | ---D | C] -- C:\Users\Daniel\Documents\My Games
[2009/04/20 22:01:03 | 00,001,182 | ---- | C] () -- C:\Users\Daniel\Desktop\Civ4.lnk
[2009/04/20 21:36:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2009/04/17 17:45:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2009/04/15 20:28:26 | 00,000,530 | ---- | C] () -- C:\Users\Daniel\Desktop\Soldat.lnk
[2009/04/14 23:58:29 | 00,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2009/04/13 22:52:07 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Soldat
[2009/04/11 17:59:29 | 00,000,961 | ---- | C] () -- C:\Users\Daniel\Desktop\YouTube Downloader.lnk
[2009/04/11 17:59:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2009/04/09 19:44:42 | 00,000,891 | ---- | C] () -- C:\Users\Daniel\Desktop\Vegas.lnk
[2009/04/09 19:42:23 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Publish Providers
[2009/04/09 19:42:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VSTplugins
[2009/04/09 19:42:13 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/04/09 19:28:28 | 00,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Sony
[2009/04/09 19:28:07 | 00,002,636 | ---- | C] () -- C:\Users\Daniel\Documents\Register DVD Architect Pro.htm
[2009/04/09 16:38:07 | 00,002,640 | ---- | C] () -- C:\Users\Daniel\Documents\Register Vegas Pro.htm
[2009/04/09 16:13:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/04/09 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/04/09 16:13:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009/04/09 16:13:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2009/03/17 23:53:23 | 00,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2009/03/17 23:53:23 | 00,000,841 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2009/03/07 21:04:00 | 00,032,674 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/12/28 11:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/04/12 09:10:28 | 00,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007/04/09 13:55:14 | 00,097,785 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2007/04/09 13:55:14 | 00,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007/04/09 13:33:50 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2007/04/09 13:32:58 | 00,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2006/11/02 08:34:27 | 00,000,246 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/10/02 10:25:18 | 00,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[2005/06/16 11:17:16 | 00,071,680 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2005/02/05 16:46:00 | 00,004,608 | ---- | C] () -- C:\Windows\fgexec.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\System32\*.tmp files]
[2 C:\Windows\*.tmp files]
[2009/05/07 21:38:15 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTListIt2.exe
[2009/05/07 21:27:19 | 00,267,612 | ---- | M] () -- C:\Users\Daniel\Desktop\Rooter.exe
[2009/05/07 21:24:28 | 00,000,841 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2009/05/07 21:24:11 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/07 21:24:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/07 21:12:18 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 20:59:43 | 00,000,763 | ---- | M] () -- C:\Users\Daniel\Desktop\NTREGOPT.lnk
[2009/05/07 20:59:43 | 00,000,744 | ---- | M] () -- C:\Users\Daniel\Desktop\ERUNT.lnk
[2009/05/07 17:39:15 | 00,002,636 | ---- | M] () -- C:\Users\Daniel\Documents\Register DVD Architect Pro1.htm
[2009/05/07 17:34:51 | 00,001,875 | ---- | M] () -- C:\Users\Public\Desktop\DVD Architect Pro 4.5.lnk
[2009/05/07 17:29:33 | 00,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2009/05/06 18:56:00 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/05/03 12:58:44 | 00,001,689 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk
[2009/05/02 00:28:05 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
[2009/05/02 00:12:15 | 00,081,920 | ---- | M] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2009/04/28 18:01:49 | 00,132,119 | ---- | M] () -- C:\Users\Daniel\Documents\Daniel-SAAQ.xps
[2009/04/23 19:48:08 | 00,001,127 | ---- | M] () -- C:\Users\Daniel\Desktop\Warlords.lnk
[2009/04/20 22:01:03 | 00,001,182 | ---- | M] () -- C:\Users\Daniel\Desktop\Civ4.lnk
[2009/04/17 17:40:38 | 00,000,530 | ---- | M] () -- C:\Users\Daniel\Desktop\Soldat.lnk
[2009/04/11 17:59:29 | 00,000,961 | ---- | M] () -- C:\Users\Daniel\Desktop\YouTube Downloader.lnk
[2009/04/09 19:44:42 | 00,000,891 | ---- | M] () -- C:\Users\Daniel\Desktop\Vegas.lnk
[2009/04/09 19:42:05 | 00,002,640 | ---- | M] () -- C:\Users\Daniel\Documents\Register Vegas Pro.htm
[2009/04/09 19:28:07 | 00,002,636 | ---- | M] () -- C:\Users\Daniel\Documents\Register DVD Architect Pro.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP