Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware playing ad's and connecting to a website


  • Please log in to reply

#1
ussyless

ussyless

    New Member

  • Member
  • Pip
  • 8 posts
ok, so i've run about 4 or 5 different antimalware programs to try and find out what it is, including mbam, malwarebytes, avast, ss&d
anyways i know there is still something running on my system, as avast keeps detecting (but not detecting it as malware) network connection attempts to the ip address 178.17.162.242, and when i have my internet connection enabled, it detects my computer trying to connect to the adyieldmanager website
sometimes it plays random ads in the background, without me having ie, or firefox open (i even have uninstalled ie)
below is my hijackthis log, in the next posts ill add my gmer, otl and dds logs
im currently running puppy linux to hopefully minimise any damage this thing might do

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:51:59 AM, on 8/9/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\gigabyte\RCApp\RCApp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [RCApp] C:\Program Files\gigabyte\RCApp\RCApp.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 11.0.0.1213 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 11.0.0.1213 (User 'Default user')

O4 - Startup: GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229773718875

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe



--

End of file - 5672 bytes


Edited by ussyless, 09 August 2010 - 10:49 AM.

  • 0

Advertisements


#2
ussyless

ussyless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
GMER log
GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-10 00:37:16

Windows 5.1.2600 Service Pack 3

Running: l0jmo11c.exe; Driver: C:\DOCUME~1\kieran\LOCALS~1\Temp\uglcafog.sys





---- System - GMER 1.0.15 ----



SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0xB4877CD2]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateKey [0xB4877B8E]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteKey [0xB4878142]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteValueKey [0xB487806C]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0xB4877764]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenKey [0xB4877C68]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0xB48776A4]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0xB4877708]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0xB4877D88]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRenameKey [0xB4878210]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0xB4877D48]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwSetValueKey [0xB4877EC8]



Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateProcessEx [0xB4884B9C]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateSection [0xB48849C0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwLoadDriver [0xB4884AFA]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         NtCreateSection

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObInsertObject

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ObMakeTemporaryObject



---- Kernel code sections - GMER 1.0.15 ----



PAGE            ntkrnlpa.exe!ZwLoadDriver                                                                                     8058413A 7 Bytes  JMP B4884AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE            ntkrnlpa.exe!NtCreateSection                                                                                  805AB38E 7 Bytes  JMP B48849C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                            805BC502 5 Bytes  JMP B48805B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE            ntkrnlpa.exe!ObInsertObject                                                                                   805C2F86 5 Bytes  JMP B4881F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                                805D1134 7 Bytes  JMP B4884BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                      section is writeable [0xB6E423A0, 0x59FFE5, 0xE8000020]

init            C:\WINDOWS\system32\drivers\monfilt.sys                                                                       entry point in "init" section [0xB4B11280]



---- User IAT/EAT - GMER 1.0.15 ----



IAT             C:\WINDOWS\system32\services.exe[668] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00380002

IAT             C:\WINDOWS\system32\services.exe[668] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        00380000



---- Devices - GMER 1.0.15 ----



Device          \FileSystem\Ntfs \Ntfs                                                                                        aswSP.SYS (avast! self protection module/ALWIL Software)



AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)



Device          \FileSystem\Fastfat \FatCdrom                                                                                 aswSP.SYS (avast! self protection module/ALWIL Software)



AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)



Device          \FileSystem\Fastfat \Fat                                                                                      aswSP.SYS (avast! self protection module/ALWIL Software)



AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)



---- EOF - GMER 1.0.15 ----

i've also attached "attach.txt" produced by gmer

Attached Files


  • 0

#3
ussyless

ussyless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
DDS log, with extras attached



DDS (Ver_10-03-17.01) - NTFSx86  

Run by kieran at  0:40:13.56 on Tue 08/10/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3071.2495 [GMT 10:00]



AV: avast! Antivirus *On-access scanning disabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}



============== Running Processes ===============



C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

svchost.exe 4

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

C:\WINDOWS\system32\Wacom_Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\gigabyte\RCApp\RCApp.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Notepad++\notepad++.exe

E:\dds.scr



============== Pseudo HJT Report ===============



uStart Page = hxxp://www.runescape.com/

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [RCApp] c:\program files\gigabyte\rcapp\RCApp.exe

mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe

mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08ae -f video -m logitech -d 11.0.0.1213

StartupFolder: c:\docume~1\kieran\startm~1\programs\startup\gigaby~1.lnk - c:\program files\gigabyte\gamer hud lite\HUD.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229773718875

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages =  scecli scecli scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1	www.spywareinfo.com

Hosts: 65.54.239.80 messenger.hotmail.com

Hosts: 65.54.239.80 dp.msnmessenger.akadns.net



================= FIREFOX ===================



FF - ProfilePath - c:\docume~1\kieran\applic~1\mozilla\firefox\profiles\n7e7md9l.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.runescape.com/

FF - prefs.js: keyword.URL - hxxp://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p=

FF - plugin: c:\documents and settings\kieran\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\kieran\application data\mozilla\firefox\profiles\n7e7md9l.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\tabletplugins\npwacom.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: e:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}



---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);



============= SERVICES / DRIVERS ===============



R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-8 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-8 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]

R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-8-8 4949288]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-12-20 238080]

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-5 16168]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-8 40384]



============== File Associations ===============



.txt=GetDiz.Document



=============== Created Last 30 ================



2010-08-08 16:10:54	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll

2010-08-08 16:10:53	743424	-c----w-	c:\windows\system32\dllcache\iedvtool.dll

2010-08-08 16:10:53	599040	-c----w-	c:\windows\system32\dllcache\msfeeds.dll

2010-08-08 16:10:53	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll

2010-08-08 16:10:53	247808	-c----w-	c:\windows\system32\dllcache\ieproxy.dll

2010-08-08 16:10:53	1985536	-c----w-	c:\windows\system32\dllcache\iertutil.dll

2010-08-08 16:10:53	11076096	-c----w-	c:\windows\system32\dllcache\ieframe.dll

2010-08-08 16:10:50	0	d-----w-	c:\windows\ie8updates

2010-08-08 16:10:10	41984	-c----w-	c:\windows\system32\dllcache\iecompat.dll

2010-08-08 16:08:46	81920	----a-w-	c:\windows\system32\ieencode.dll

2010-08-08 16:08:46	81920	----a-w-	c:\windows\system32\dllcache\ieencode.dll

2010-08-08 12:24:09	512000	-c--a-w-	c:\windows\system32\dllcache\jscript.dll

2010-08-08 10:50:26	87040	-c----w-	c:\windows\system32\dllcache\drmstor.dll

2010-08-08 10:48:55	10240	------w-	c:\windows\system32\drivers\sffp_mmc.sys

2010-08-08 10:48:10	19569	----a-w-	c:\windows\004951_.tmp

2010-08-08 08:15:45	0	d-----w-	c:\program files\Trend Micro

2010-08-07 21:53:18	38848	----a-w-	c:\windows\avastSS.scr

2010-08-07 21:53:15	0	d-----w-	c:\docume~1\alluse~1\applic~1\Alwil Software

2010-08-07 21:50:15	0	d-----w-	c:\docume~1\alluse~1\applic~1\avg9

2010-08-07 21:50:13	0	d-----w-	c:\windows\SxsCaPendDel

2010-08-07 20:56:53	0	d-----w-	c:\program files\Realtek

2010-08-07 20:56:45	540672	----a-w-	c:\windows\RtlExUpd.dll

2010-08-07 20:56:42	1769	----a-w-	c:\windows\Language_trs.ini

2010-08-07 20:04:33	7731496	----a-w-	c:\windows\system32\WacomTablet.cpl

2010-08-07 20:04:33	1744515	----a-w-	c:\windows\system32\WacomTablet.znc

2010-08-07 20:04:31	4949288	----a-w-	c:\windows\system32\Wacom_Tablet.exe

2010-08-07 20:04:31	409896	----a-w-	c:\windows\system32\Wacom_Tablet.dll

2010-08-07 18:44:43	232968	----a-w-	c:\windows\system32\nvdrsdb0.bin

2010-08-07 18:44:39	232968	----a-w-	c:\windows\system32\nvdrsdb1.bin

2010-08-07 18:44:39	1	----a-w-	c:\windows\system32\nvdrssel.bin

2010-08-07 18:44:39	0	----a-w-	c:\windows\system32\nvdrswr.lk

2010-08-07 17:20:55	1089593	-c----w-	c:\windows\system32\dllcache\ntprint.cat

2010-08-07 17:20:45	128512	-c--a-w-	c:\windows\system32\dllcache\dhtmled.ocx

2010-08-07 17:13:03	353792	-c----w-	c:\windows\system32\dllcache\srv.sys

2010-08-07 17:11:28	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll

2010-08-07 17:11:28	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll

2010-08-07 17:10:54	284160	-c----w-	c:\windows\system32\dllcache\pdh.dll

2010-08-07 17:10:53	730112	-c----w-	c:\windows\system32\dllcache\lsasrv.dll

2010-08-07 17:10:53	714752	-c----w-	c:\windows\system32\dllcache\ntdll.dll

2010-08-07 17:10:53	617472	-c----w-	c:\windows\system32\dllcache\advapi32.dll

2010-08-07 17:10:53	473600	-c----w-	c:\windows\system32\dllcache\fastprox.dll

2010-08-07 17:10:53	453120	-c----w-	c:\windows\system32\dllcache\wmiprvsd.dll

2010-08-07 17:10:53	401408	-c----w-	c:\windows\system32\dllcache\rpcss.dll

2010-08-07 17:10:53	227840	-c----w-	c:\windows\system32\dllcache\wmiprvse.exe

2010-08-07 17:10:53	110592	-c----w-	c:\windows\system32\dllcache\services.exe

2010-08-07 16:46:21	272128	-c----w-	c:\windows\system32\dllcache\bthport.sys

2010-08-07 16:43:47	471552	-c----w-	c:\windows\system32\dllcache\aclayers.dll

2010-08-07 16:43:22	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe

2010-08-07 16:23:06	153088	-c--a-w-	c:\windows\system32\dllcache\triedit.dll

2010-08-07 16:22:51	3558912	-c--a-w-	c:\windows\system32\dllcache\moviemk.exe

2010-08-07 16:19:43	203136	-c----w-	c:\windows\system32\dllcache\rmcast.sys

2010-08-07 16:19:03	331776	-c--a-w-	c:\windows\system32\dllcache\msadce.dll

2010-08-07 16:05:34	2066432	-c--a-w-	c:\windows\system32\dllcache\mstscax.dll

2010-08-07 16:04:03	337408	-c----w-	c:\windows\system32\dllcache\netapi32.dll

2010-08-07 16:03:51	1172480	-c--a-w-	c:\windows\system32\dllcache\msxml3.dll

2010-08-07 16:02:00	2560	------w-	c:\windows\system32\xpsp4res.dll

2010-08-07 16:01:59	215552	-c----w-	c:\windows\system32\dllcache\wordpad.exe

2010-08-07 16:01:59	1206508	-c--a-w-	c:\windows\system32\dllcache\sysmain.sdb

2010-08-07 15:48:18	0	d-----w-	c:\program files\CCleaner

2010-08-07 13:35:13	0	d-----w-	c:\windows\ServicePackFiles

2010-08-07 13:34:24	2897920	----a-w-	c:\windows\system32\xpsp2res.dll

2010-08-07 13:34:04	19528	----a-w-	c:\windows\002071_.tmp

2010-08-07 11:17:43	0	d-----w-	c:\program files\Broadcom

2010-08-06 21:32:48	0	d-----w-	c:\docume~1\alluse~1\applic~1\NVIDIA Corporation

2010-08-06 21:31:21	7959	----a-w-	c:\windows\system32\nvinfo.pb

2010-07-15 07:51:42	0	d-----w-	c:\program files\Sony



==================== Find3M  ====================



2010-07-25 21:09:31	46	----a-w-	c:\documents and settings\kieran\jagex_runescape_preferences.dat

2010-07-25 21:09:08	99	----a-w-	c:\documents and settings\kieran\jagex_runescape_preferences2.dat

2010-07-09 22:38:00	6343040	----a-w-	c:\windows\system32\nv4_disp.dll

2010-07-09 22:38:00	61440	----a-w-	c:\windows\system32\OpenCL.dll

2010-07-09 22:38:00	4595712	----a-w-	c:\windows\system32\nvcuda.dll

2010-07-09 22:38:00	2914408	----a-w-	c:\windows\system32\nvcuvid.dll

2010-07-09 22:38:00	2506344	----a-w-	c:\windows\system32\nvcuvenc.dll

2010-07-09 22:38:00	236136	----a-w-	c:\windows\system32\nvcodins.dll

2010-07-09 22:38:00	236136	----a-w-	c:\windows\system32\nvcod.dll

2010-07-09 22:38:00	2195030	----a-w-	c:\windows\system32\nvdata.bin

2010-07-09 22:38:00	1388544	----a-w-	c:\windows\system32\nvapi.dll

2010-07-09 22:38:00	13549568	----a-w-	c:\windows\system32\nvoglnt.dll

2010-07-09 22:38:00	10604128	----a-w-	c:\windows\system32\drivers\nv4_mini.sys

2010-07-09 22:38:00	10260480	----a-w-	c:\windows\system32\nvcompiler.dll

2010-07-09 06:24:26	81920	----a-w-	c:\windows\system32\nvwddi.dll

2010-07-09 06:24:18	277608	----a-w-	c:\windows\system32\nvmccs.dll

2010-07-09 06:24:18	110696	----a-w-	c:\windows\system32\nvmctray.dll

2010-07-09 06:24:16	155752	----a-w-	c:\windows\system32\nvsvc32.exe

2010-07-09 06:24:16	145000	----a-w-	c:\windows\system32\nvcolor.exe

2010-07-09 06:24:16	13923432	----a-w-	c:\windows\system32\nvcpl.dll

2010-05-27 13:21:56	3699	----a-w-	c:\windows\system32\Wacom_Tablet.dat

2010-05-20 08:13:54	2880	--sha-w-	c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys

2009-09-18 04:58:14	4706488	----a-w-	c:\program files\Game_Maker6.zip

2010-03-22 05:33:15	16384	--sha-w-	c:\windows\system32\config\systemprofile\ietldcache\index.dat



============= FINISH:  0:41:02.35 ===============

Attached Files


  • 0

#4
ussyless

ussyless

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
and finally the OTL log

OTL logfile created on: 8/10/2010 12:45:24 AM - Run 1

OTL by OldTimer - Version 3.2.9.1     Folder = E:\

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 146.48 Gb Total Space | 13.91 Gb Free Space | 9.50% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 319.27 Gb Total Space | 7.93 Gb Free Space | 2.48% Space Free | Partition Type: NTFS

Drive F: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 973.53 Mb Total Space | 40.31 Mb Free Space | 4.14% Space Free | Partition Type: FAT

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: AWESOMENESS

Current User Name: kieran

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

[color=#E56717]========== Processes (SafeList) ==========[/color]

 

PRC - [2010/08/09 21:29:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2010/06/29 06:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/02/01 14:45:36 | 001,926,440 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe

PRC - [2010/02/01 14:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe

PRC - [2009/10/09 04:32:26 | 001,286,144 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files\Notepad++\notepad++.exe

PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/02/13 17:16:20 | 000,577,536 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

PRC - [2008/06/26 14:49:44 | 001,940,992 | ---- | M] () -- C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/04/24 18:11:49 | 000,689,664 | ---- | M] () -- C:\Program Files\GIGABYTE\RCApp\RCApp.exe

 

 

[color=#E56717]========== Modules (SafeList) ==========[/color]

 

MOD - [2010/08/09 21:29:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2008/04/13 23:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll

 

 

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

 

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/02/01 14:45:34 | 004,949,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)

 

 

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

 

DRV - [2010/07/10 08:38:00 | 010,604,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/29 06:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/06/29 06:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/01/24 13:32:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/05/09 07:23:22 | 000,238,080 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/02/15 00:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2005/02/11 20:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

 

 

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== Internet Explorer ==========[/color]

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

[color=#E56717]========== FireFox ==========[/color]

 

FF - prefs.js..browser.startup.homepage: "http://www.runescape.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.23

FF - prefs.js..keyword.URL: "http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_au&p="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 00:34:25 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/07 00:34:25 | 000,000,000 | ---D | M]

 

[2008/12/22 12:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kieran\Application Data\Mozilla\Extensions

[2010/08/09 05:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kieran\Application Data\Mozilla\Firefox\Profiles\n7e7md9l.default\extensions

[2010/04/08 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kieran\Application Data\Mozilla\Firefox\Profiles\n7e7md9l.default\extensions\yyginstantplay@yoyogames.com

[2010/08/09 05:12:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2007/04/17 03:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

 

O1 HOSTS File: ([2010/08/08 18:25:05 | 000,417,018 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1				activate.adobe.com

O1 - Hosts: 127.0.0.1				practivate.adobe.com

O1 - Hosts: 127.0.0.1				ereg.adobe.com

O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1				wip3.adobe.com

O1 - Hosts: 127.0.0.1				3dns-3.adobe.com

O1 - Hosts: 127.0.0.1				3dns-2.adobe.com

O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1				activate-sea.adobe.com

O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1                               adobe.activate.com

O1 - Hosts: 127.0.0.1                               adobeereg.com                        

O1 - Hosts: 127.0.0.1                               www.adobeereg.com                    

O1 - Hosts: 127.0.0.1                               wwis-dubc1-vip60.adobe.com           

O1 - Hosts: 127.0.0.1                               125.252.224.90                       

O1 - Hosts: 127.0.0.1                               125.252.224.91

O1 - Hosts: 127.0.0.1                               hl2rcv.adobe.com

O1 - Hosts: 65.54.239.80 messenger.hotmail.com

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

O1 - Hosts: 127.0.0.1	www.007guard.com

O1 - Hosts: 127.0.0.1	007guard.com

O1 - Hosts: 14379 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [RCApp] C:\Program Files\GIGABYTE\RCApp\RCApp.exe ()

O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\kieran\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk = C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229773718875 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\kieran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\kieran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/20 16:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/12/12 06:03:59 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{1328df8f-e45c-11dd-aaf5-00221513365d}\Shell - "" = AutoRun

O33 - MountPoints2\{1328df8f-e45c-11dd-aaf5-00221513365d}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{1328df8f-e45c-11dd-aaf5-00221513365d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\{3f9e8622-9fdf-11df-aadc-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{3f9e8622-9fdf-11df-aadc-806d6172696f}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3f9e8622-9fdf-11df-aadc-806d6172696f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/12/08 04:45:13 | 001,095,224 | R--- | M] ()

O33 - MountPoints2\{4a0256de-714d-11de-8cd2-00221513365d}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/12/08 04:45:13 | 001,095,224 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp -  File not found

 

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

 

[2010/08/09 02:10:53 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2010/08/09 02:10:53 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2010/08/09 02:10:53 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/08/09 02:10:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2010/08/09 02:10:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2010/08/09 02:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/08/09 02:08:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll

[2010/08/09 02:08:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2010/08/08 22:24:09 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll

[2010/08/08 21:24:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/08/08 20:52:33 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll

[2010/08/08 20:52:33 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmoe2.dll

[2010/08/08 20:52:33 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmspdmoe.dll

[2010/08/08 20:52:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll

[2010/08/08 20:52:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll

[2010/08/08 20:52:32 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe2.dll

[2010/08/08 20:52:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll

[2010/08/08 20:52:31 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm

[2010/08/08 20:52:31 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmerror.dll

[2010/08/08 20:52:31 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidx.dll

[2010/08/08 20:52:31 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpasf.dll

[2010/08/08 20:52:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll

[2010/08/08 20:52:31 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm

[2010/08/08 20:52:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsnsv.dll

[2010/08/08 20:52:30 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe

[2010/08/08 20:52:30 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp4sdmod.dll

[2010/08/08 20:52:30 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll

[2010/08/08 20:52:30 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mp43dmod.dll

[2010/08/08 20:52:30 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm

[2010/08/08 20:52:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll

[2010/08/08 20:52:26 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll

[2010/08/08 20:52:25 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll

[2010/08/08 20:52:25 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll

[2010/08/08 20:52:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll

[2010/08/08 20:52:25 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll

[2010/08/08 20:52:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll

[2010/08/08 20:52:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll

[2010/08/08 20:52:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll

[2010/08/08 20:52:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll

[2010/08/08 20:52:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll

[2010/08/08 20:52:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll

[2010/08/08 20:52:24 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll

[2010/08/08 20:52:24 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll

[2010/08/08 20:52:24 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll

[2010/08/08 20:52:24 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll

[2010/08/08 20:52:24 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll

[2010/08/08 20:52:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll

[2010/08/08 20:52:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll

[2010/08/08 20:52:23 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll

[2010/08/08 20:52:23 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll

[2010/08/08 20:52:23 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll

[2010/08/08 20:52:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll

[2010/08/08 20:52:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe

[2010/08/08 20:52:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll

[2010/08/08 20:52:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll

[2010/08/08 20:52:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll

[2010/08/08 20:52:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll

[2010/08/08 20:52:22 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll

[2010/08/08 20:52:22 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll

[2010/08/08 20:52:22 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll

[2010/08/08 20:52:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe

[2010/08/08 20:52:22 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll

[2010/08/08 20:52:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll

[2010/08/08 20:52:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll

[2010/08/08 20:52:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll

[2010/08/08 20:52:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll

[2010/08/08 20:52:22 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll

[2010/08/08 20:52:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll

[2010/08/08 20:52:22 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe

[2010/08/08 20:52:22 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll

[2010/08/08 20:52:21 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll

[2010/08/08 20:52:21 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll

[2010/08/08 20:52:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll

[2010/08/08 20:52:21 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe

[2010/08/08 20:52:20 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll

[2010/08/08 20:52:20 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll

[2010/08/08 20:50:26 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmv2clt.dll

[2010/08/08 20:50:26 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmclien.dll

[2010/08/08 20:50:26 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe

[2010/08/08 20:50:26 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blackbox.dll

[2010/08/08 20:50:26 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cewmdm.dll

[2010/08/08 20:50:26 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmstor.dll

[2010/08/08 20:50:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asferror.dll

[2010/08/08 20:50:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe

[2010/08/08 20:50:24 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll

[2010/08/08 20:50:24 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscp.dll

[2010/08/08 20:50:24 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4ds32.ax

[2010/08/08 20:50:24 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msnetobj.dll

[2010/08/08 20:50:24 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswmdm.dll

[2010/08/08 20:50:24 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpg4dmod.dll

[2010/08/08 20:50:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll

[2010/08/08 20:50:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds32.ax

[2010/08/08 20:50:24 | 000,201,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspmsp.dll

[2010/08/08 20:50:24 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shmedia.dll

[2010/08/08 20:50:24 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe

[2010/08/08 20:50:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msscds32.ax

[2010/08/08 20:50:24 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll

[2010/08/08 20:50:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\laprxy.dll

[2010/08/08 20:50:24 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe

[2010/08/08 20:50:23 | 002,940,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmploc.dll

[2010/08/08 20:50:23 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmod.dll

[2010/08/08 20:50:23 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmoe.dll

[2010/08/08 20:50:23 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmadmod.dll

[2010/08/08 20:50:23 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmstream.dll

[2010/08/08 20:50:23 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmv8ds32.ax

[2010/08/08 20:50:23 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmasf.dll

[2010/08/08 20:50:23 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe

[2010/08/08 20:50:23 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmsdmoe.dll

[2010/08/08 20:50:23 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpshell.dll

[2010/08/08 20:50:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe

[2010/08/08 20:50:23 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmlog.dll

[2010/08/08 20:50:23 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmdmps.dll

[2010/08/08 20:50:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpui.dll

[2010/08/08 20:50:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcore.dll

[2010/08/08 20:50:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpcd.dll

[2010/08/08 20:50:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.ocx

[2010/08/08 20:50:22 | 000,809,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvdmod.dll

[2010/08/08 20:50:22 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmvds32.ax

[2010/08/08 20:48:11 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2010/08/08 18:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/08/08 07:53:28 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2010/08/08 07:53:28 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2010/08/08 07:53:26 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2010/08/08 07:53:25 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2010/08/08 07:53:23 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2010/08/08 07:53:23 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2010/08/08 07:53:22 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2010/08/08 07:53:18 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[2010/08/08 07:53:18 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

[2010/08/08 07:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

[2010/08/08 07:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/08/08 07:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010/08/08 07:50:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2010/08/08 06:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2010/08/08 06:56:45 | 000,540,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll

[2010/08/08 06:04:33 | 007,731,496 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WacomTablet.cpl

[2010/08/08 06:04:31 | 004,949,288 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.exe

[2010/08/08 06:04:31 | 000,409,896 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wacom_Tablet.dll

[2010/08/08 03:13:03 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys

[2010/08/08 03:11:28 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll

[2010/08/08 03:11:28 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll

[2010/08/08 03:10:53 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll

[2010/08/08 02:46:21 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2010/08/08 02:43:47 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll

[2010/08/08 02:43:22 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe

[2010/08/08 02:22:51 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe

[2010/08/08 02:19:43 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys

[2010/08/08 02:19:03 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll

[2010/08/08 02:05:34 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll

[2010/08/08 02:04:03 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

[2010/08/08 02:03:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll

[2010/08/08 02:01:59 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll

[2010/08/08 01:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/08/08 01:40:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

[2010/08/07 23:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/08/07 23:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/08/07 23:36:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe

[2010/08/07 23:36:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe

[2010/08/07 23:36:28 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll

[2010/08/07 23:36:28 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll

[2010/08/07 23:36:28 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll

[2010/08/07 23:36:28 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll

[2010/08/07 23:36:28 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll

[2010/08/07 23:36:28 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll

[2010/08/07 23:36:28 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll

[2010/08/07 23:36:27 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys

[2010/08/07 23:36:27 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys

[2010/08/07 23:36:27 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys

[2010/08/07 23:36:27 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys

[2010/08/07 23:36:27 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys

[2010/08/07 23:36:27 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys

[2010/08/07 23:36:27 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys

[2010/08/07 23:36:27 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys

[2010/08/07 23:36:27 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys

[2010/08/07 23:36:27 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys

[2010/08/07 23:36:27 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys

[2010/08/07 23:36:27 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys

[2010/08/07 23:36:27 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys

[2010/08/07 23:36:27 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys

[2010/08/07 23:36:27 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys

[2010/08/07 23:36:27 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys

[2010/08/07 23:36:27 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys

[2010/08/07 23:36:27 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys

[2010/08/07 23:36:27 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll

[2010/08/07 23:36:27 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys

[2010/08/07 23:36:27 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll

[2010/08/07 23:36:27 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll

[2010/08/07 23:36:27 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll

[2010/08/07 23:36:27 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys

[2010/08/07 23:36:27 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll

[2010/08/07 23:36:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys

[2010/08/07 23:36:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys

[2010/08/07 23:36:27 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys

[2010/08/07 23:36:27 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys

[2010/08/07 23:36:27 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll

[2010/08/07 23:36:26 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys

[2010/08/07 23:36:26 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll

[2010/08/07 23:36:26 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys

[2010/08/07 23:36:26 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys

[2010/08/07 23:36:26 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll

[2010/08/07 23:36:26 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll

[2010/08/07 23:36:26 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll

[2010/08/07 23:36:26 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys

[2010/08/07 23:36:26 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys

[2010/08/07 23:36:26 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys

[2010/08/07 23:36:26 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys

[2010/08/07 23:36:26 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys

[2010/08/07 23:36:26 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys

[2010/08/07 23:36:26 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys

[2010/08/07 23:36:26 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys

[2010/08/07 23:36:26 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys

[2010/08/07 23:36:26 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys

[2010/08/07 23:36:26 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys

[2010/08/07 23:36:26 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys

[2010/08/07 23:36:26 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys

[2010/08/07 23:36:26 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys

[2010/08/07 23:36:26 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys

[2010/08/07 23:36:26 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll

[2010/08/07 23:36:26 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys

[2010/08/07 23:36:26 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys

[2010/08/07 23:36:26 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll

[2010/08/07 23:36:25 | 002,113,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiagn.dll

[2010/08/07 23:36:25 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll

[2010/08/07 23:36:25 | 001,689,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3d9.dll

[2010/08/07 23:36:25 | 000,848,384 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir41_32.ax

[2010/08/07 23:36:25 | 000,755,200 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ir50_32.dll

[2010/08/07 23:36:25 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll

[2010/08/07 23:36:25 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irprops.cpl

[2010/08/07 23:36:25 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

[2010/08/07 23:36:25 | 000,338,432 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qcx.dll

[2010/08/07 23:36:25 | 000,200,192 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qc.dll

[2010/08/07 23:36:25 | 000,199,680 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\iac25_32.ax

[2010/08/07 23:36:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe

[2010/08/07 23:36:25 | 000,183,808 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir50_qcx.dll

[2010/08/07 23:36:25 | 000,154,624 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\ivfsrc.ax

[2010/08/07 23:36:25 | 000,120,320 | ---- | C] (Intel Corporation.) -- C:\WINDOWS\System32\ir41_qc.dll

[2010/08/07 23:36:25 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthprops.cpl

[2010/08/07 23:36:25 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\firewall.cpl

[2010/08/07 23:36:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe

[2010/08/07 23:36:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fwcfg.dll

[2010/08/07 23:36:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\btpanui.dll

[2010/08/07 23:36:25 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll

[2010/08/07 23:36:25 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll

[2010/08/07 23:36:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\httpapi.dll

[2010/08/07 23:36:25 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe

[2010/08/07 23:36:25 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax

[2010/08/07 23:36:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bthci.dll

[2010/08/07 23:36:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe

[2010/08/07 23:36:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmsetacl.dll

[2010/08/07 23:36:25 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax

[2010/08/07 23:36:25 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll

[2010/08/07 23:36:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll

[2010/08/07 23:36:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll

[2010/08/07 23:36:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinbe1.dll

[2010/08/07 23:36:24 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll

[2010/08/07 23:36:24 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sdmod.dll

[2010/08/07 23:36:24 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp43dmod.dll

[2010/08/07 23:36:24 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdadiag.dll

[2010/08/07 23:36:24 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll

[2010/08/07 23:36:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll

[2010/08/07 23:36:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll

[2010/08/07 23:36:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll

[2010/08/07 23:36:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll

[2010/08/07 23:36:24 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinmal.dll

[2010/08/07 23:36:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll

[2010/08/07 23:36:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll

[2010/08/07 23:36:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdinben.dll

[2010/08/07 23:36:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll

[2010/08/07 23:36:23 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll

[2010/08/07 23:36:23 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgraph.dll

[2010/08/07 23:36:23 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll

[2010/08/07 23:36:23 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll

[2010/08/07 23:36:23 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2p.dll

[2010/08/07 23:36:23 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pnetsh.dll

[2010/08/07 23:36:23 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\p2pgasvc.dll

[2010/08/07 23:36:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\strmfilt.dll

[2010/08/07 23:36:23 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll

[2010/08/07 23:36:23 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe

[2010/08/07 23:36:23 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe

[2010/08/07 23:36:23 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe

[2010/08/07 23:36:23 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sdhcinst.dll

[2010/08/07 23:36:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax

[2010/08/07 23:36:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.cpl

[2010/08/07 23:36:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe

[2010/08/07 23:36:22 | 001,119,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmsdmoe2.dll

[2010/08/07 23:36:22 | 001,001,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmvdmoe2.dll

[2010/08/07 23:36:22 | 000,897,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmoe.dll

[2010/08/07 23:36:22 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll

[2010/08/07 23:36:22 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll

[2010/08/07 23:36:22 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmspdmod.dll

[2010/08/07 23:36:22 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpob2res.dll

[2010/08/07 23:36:22 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll

[2010/08/07 23:36:22 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll

[2010/08/07 23:36:22 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl

[2010/08/07 23:36:22 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll

[2010/08/07 23:36:22 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll

[2010/08/07 23:36:22 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmerror.dll

[2010/08/07 23:36:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe

[2010/08/07 23:36:22 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmidx.dll

[2010/08/07 23:36:22 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wscui.cpl

[2010/08/07 23:36:22 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpasf.dll

[2010/08/07 23:36:22 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlprovi.dll

[2010/08/07 23:36:22 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll

[2010/08/07 23:36:22 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll

[2010/08/07 23:36:22 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe

[2010/08/07 23:36:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winshfhc.dll

[2010/08/07 23:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2010/08/07 23:34:24 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll

[2010/08/07 23:33:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010/08/07 22:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/08/07 22:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/08/07 21:52:59 | 013,549,568 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll

[2010/08/07 21:52:59 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys

[2010/08/07 21:52:59 | 010,604,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys

[2010/08/07 21:52:59 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll

[2010/08/07 21:52:57 | 010,260,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll

[2010/08/07 21:52:57 | 006,343,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll

[2010/08/07 21:52:57 | 006,343,040 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll

[2010/08/07 21:52:57 | 004,595,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll

[2010/08/07 21:52:57 | 002,914,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll

[2010/08/07 21:52:57 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll

[2010/08/07 21:52:57 | 001,388,544 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll

[2010/08/07 21:52:57 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll

[2010/08/07 21:52:57 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll

[2010/08/07 21:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2010/08/07 07:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/08/07 03:59:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Symbols

[2010/08/06 21:16:36 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\kieran\Desktop\mbam-setup-1.46.exe

[2010/07/15 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kieran\Application Data\Publish Providers

[2010/07/15 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kieran\Local Settings\Application Data\Sony

[2010/07/15 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kieran\Application Data\Sony

[2010/07/15 17:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony

[2010/07/15 17:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2010/07/15 17:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\kieran\*.tmp files -> C:\Documents and Settings\kieran\*.tmp -> ]

 

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

 

[2010/08/10 00:37:10 | 000,510,796 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/08/10 00:37:10 | 000,435,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/08/10 00:37:10 | 000,068,814 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/08/10 00:33:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/10 00:33:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/10 00:31:49 | 025,427,968 | -H-- | M] () -- C:\Documents and Settings\kieran\NTUSER.DAT

[2010/08/10 00:31:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\kieran\ntuser.ini

[2010/08/09 08:21:36 | 002,640,418 | -H-- | M] () -- C:\Documents and Settings\kieran\Local Settings\Application Data\IconCache.db

[2010/08/09 05:43:06 | 002,053,494 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\res.bmp

[2010/08/09 02:46:46 | 000,005,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/08/09 02:11:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/08/08 23:27:33 | 000,015,998 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_232729.reg

[2010/08/08 21:31:24 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\kieran\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/08/08 21:31:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010/08/08 21:31:14 | 003,649,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/08/08 21:23:02 | 000,034,368 | ---- | M] () -- C:\Documents and Settings\kieran\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/08/08 20:48:42 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2010/08/08 18:25:05 | 000,417,018 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/08/08 18:15:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\HijackThis.lnk

[2010/08/08 07:53:29 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/08/08 07:53:24 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/08/08 07:45:41 | 000,004,948 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_074537.reg

[2010/08/08 07:45:24 | 000,178,408 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_074513.reg

[2010/08/08 06:56:42 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini

[2010/08/08 05:54:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/08/08 04:44:43 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/08 04:44:43 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/08 04:44:39 | 000,232,968 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/08 04:44:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk

[2010/08/08 03:08:36 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\kieran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/08 03:08:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/08/08 02:09:41 | 000,009,208 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020915.reg

[2010/08/08 02:05:20 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020518.reg

[2010/08/08 02:04:54 | 000,115,016 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020427.reg

[2010/08/08 02:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-AWESOMENESS-kieran.job

[2010/08/08 01:48:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\CCleaner.lnk

[2010/08/07 23:36:48 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010/08/07 23:36:45 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx

[2010/08/07 23:34:20 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/08/07 22:37:07 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml

[2010/08/07 22:37:04 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2010/08/07 22:37:04 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2010/08/07 07:27:22 | 000,005,754 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak

[2010/08/06 23:28:25 | 000,001,017 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/08/06 23:28:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/06 22:09:34 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\kieran\Desktop\mbam-setup-1.46.exe

[2010/08/05 01:45:11 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2010/07/27 16:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll

[2010/07/26 07:09:31 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\kieran\jagex_runescape_preferences.dat

[2010/07/26 07:09:08 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\kieran\jagex_runescape_preferences2.dat

[2010/07/25 04:00:02 | 000,000,223 | ---- | M] () -- C:\boot.bak

[2010/07/24 07:31:07 | 000,415,831 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100808-182505.backup

[2010/07/20 16:31:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/07/17 22:53:58 | 000,039,972 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\airbrush_gun_for_nails_art_68bt.jpg

[2010/07/15 18:12:18 | 045,654,056 | ---- | M] () -- C:\Documents and Settings\kieran\My Documents\Untitled.avi

[2010/07/15 18:12:18 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\kieran\My Documents\Untitled.avi.sfl

[2010/07/15 18:01:38 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\Register Vegas Pro.htm

[2010/07/15 17:51:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/07/14 12:03:31 | 000,007,683 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\stupid.JPG

[2010/07/13 16:50:09 | 000,009,455 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\hilleq.gmk

[2010/07/12 23:59:16 | 000,969,385 | ---- | M] () -- C:\Documents and Settings\kieran\Desktop\drog.psd

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\kieran\*.tmp files -> C:\Documents and Settings\kieran\*.tmp -> ]

 

[color=#E56717]========== Files Created - No Company Name ==========[/color]

 

[2010/08/09 05:43:06 | 002,053,494 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\res.bmp

[2010/08/08 23:27:31 | 000,015,998 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_232729.reg

[2010/08/08 20:52:32 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm

[2010/08/08 20:52:32 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm

[2010/08/08 20:52:32 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm

[2010/08/08 20:52:32 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta

[2010/08/08 20:52:32 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css

[2010/08/08 20:52:32 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf

[2010/08/08 20:52:32 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js

[2010/08/08 20:52:31 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv

[2010/08/08 20:52:31 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv

[2010/08/08 20:52:31 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav

[2010/08/08 20:52:31 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav

[2010/08/08 20:52:31 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav

[2010/08/08 20:52:31 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv

[2010/08/08 20:52:31 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav

[2010/08/08 20:52:31 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav

[2010/08/08 20:52:31 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav

[2010/08/08 20:52:31 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav

[2010/08/08 20:52:31 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav

[2010/08/08 20:52:31 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav

[2010/08/08 20:52:31 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm

[2010/08/08 20:52:31 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz

[2010/08/08 20:52:31 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf

[2010/08/08 20:52:31 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif

[2010/08/08 20:52:31 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip

[2010/08/08 20:52:31 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif

[2010/08/08 20:52:31 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf

[2010/08/08 20:52:31 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif

[2010/08/08 20:52:31 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif

[2010/08/08 20:52:31 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif

[2010/08/08 20:52:31 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif

[2010/08/08 20:52:31 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf

[2010/08/08 20:52:31 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif

[2010/08/08 20:52:31 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif

[2010/08/08 20:52:31 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif

[2010/08/08 20:52:31 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif

[2010/08/08 20:52:31 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif

[2010/08/08 20:52:31 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js

[2010/08/08 20:52:31 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif

[2010/08/08 20:52:31 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif

[2010/08/08 20:52:31 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif

[2010/08/08 20:52:31 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif

[2010/08/08 20:52:31 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif

[2010/08/08 20:52:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl

[2010/08/08 20:52:31 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl

[2010/08/08 20:52:31 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl

[2010/08/08 20:52:31 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl

[2010/08/08 20:52:31 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl

[2010/08/08 20:52:31 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif

[2010/08/08 20:52:31 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif

[2010/08/08 20:52:31 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif

[2010/08/08 20:52:31 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif

[2010/08/08 20:52:31 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl

[2010/08/08 20:52:31 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm

[2010/08/08 20:52:31 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl

[2010/08/08 20:52:31 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl

[2010/08/08 20:52:31 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl

[2010/08/08 20:52:31 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf

[2010/08/08 20:52:31 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl

[2010/08/08 20:52:31 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl

[2010/08/08 20:52:31 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl

[2010/08/08 20:52:31 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl

[2010/08/08 20:52:31 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl

[2010/08/08 20:52:31 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl

[2010/08/08 20:52:31 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip

[2010/08/08 20:52:30 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv

[2010/08/08 20:52:30 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv

[2010/08/08 20:52:30 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz

[2010/08/08 20:52:30 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp

[2010/08/08 20:52:30 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf

[2010/08/08 20:52:30 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css

[2010/08/08 20:52:30 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm

[2010/08/08 20:52:30 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js

[2010/08/08 20:52:30 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js

[2010/08/08 20:52:30 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif

[2010/08/08 20:52:30 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif

[2010/08/08 20:52:30 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt

[2010/08/08 20:52:30 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif

[2010/08/08 20:52:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif

[2010/08/08 20:52:30 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif

[2010/08/08 20:52:30 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif

[2010/08/08 20:52:30 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif

[2010/08/08 20:52:30 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif

[2010/08/08 20:50:26 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll

[2010/08/08 20:50:24 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx

[2010/08/08 20:50:24 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll

[2010/08/08 18:15:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\HijackThis.lnk

[2010/08/08 07:53:29 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk

[2010/08/08 07:45:39 | 000,004,948 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_074537.reg

[2010/08/08 07:45:18 | 000,178,408 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_074513.reg

[2010/08/08 06:56:42 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini

[2010/08/08 06:04:33 | 001,744,515 | ---- | C] () -- C:\WINDOWS\System32\WacomTablet.znc

[2010/08/08 04:44:43 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin

[2010/08/08 04:44:39 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin

[2010/08/08 04:44:39 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin

[2010/08/08 04:44:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk

[2010/08/08 02:09:17 | 000,009,208 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020915.reg

[2010/08/08 02:05:20 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020518.reg

[2010/08/08 02:04:36 | 000,115,016 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\cc_20100808_020427.reg

[2010/08/08 01:48:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\CCleaner.lnk

[2010/08/07 23:36:27 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty

[2010/08/07 23:36:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod

[2010/08/07 23:36:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img

[2010/08/07 23:36:24 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax

[2010/08/07 21:52:57 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

[2010/08/07 07:31:21 | 000,007,959 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb

[2010/08/06 23:28:26 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\kieran\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk

[2010/07/29 19:08:57 | 000,000,223 | ---- | C] () -- C:\boot.bak

[2010/07/25 16:31:48 | 000,014,270 | ---- | C] () -- C:\Documents and Settings\kieran\hs_err_pid4704.log

[2010/07/17 22:53:58 | 000,039,972 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\airbrush_gun_for_nails_art_68bt.jpg

[2010/07/15 18:12:18 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\kieran\My Documents\Untitled.avi.sfl

[2010/07/15 18:12:10 | 045,654,056 | ---- | C] () -- C:\Documents and Settings\kieran\My Documents\Untitled.avi

[2010/07/15 18:01:38 | 000,002,452 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\Register Vegas Pro.htm

[2010/07/15 17:51:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2010/07/14 12:03:04 | 000,007,683 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\stupid.JPG

[2010/07/13 16:50:09 | 000,009,455 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\hilleq.gmk

[2010/07/12 23:59:13 | 000,969,385 | ---- | C] () -- C:\Documents and Settings\kieran\Desktop\drog.psd

[2010/05/28 19:15:42 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll

[2010/05/20 06:58:59 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2010/02/24 18:29:50 | 000,000,100 | ---- | C] () -- C:\WINDOWS\Sfc3ng.ini

[2009/12/14 21:25:08 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/12/14 21:25:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/12/14 21:25:06 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/12/14 21:25:06 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/12/14 21:25:06 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/12/14 21:25:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/12/14 21:25:03 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/23 06:21:07 | 000,000,590 | ---- | C] () -- C:\WINDOWS\entpack.ini

[2009/03/15 14:02:38 | 001,032,582 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll

[2009/01/28 21:34:24 | 000,000,246 | ---- | C] () -- C:\WINDOWS\lexstat.ini

[2009/01/28 21:33:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL

[2009/01/28 21:33:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll

[2009/01/28 21:33:33 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini

[2009/01/20 02:37:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/12/22 15:25:45 | 000,000,708 | ---- | C] () -- C:\WINDOWS\Edofma.INI

[2008/12/20 23:04:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008/12/20 18:07:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2008/12/20 18:05:59 | 000,015,047 | ---- | C] () -- C:\WINDOWS\System32\Main.ini

[2008/12/20 17:13:01 | 000,031,862 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008/12/20 17:12:07 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/12/20 17:12:01 | 000,031,577 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/12/20 17:12:00 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2007/01/10 06:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll

[2003/02/27 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll

< End of report >


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP