Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

security hijack

Started by karma984 , Aug 17 2010 10:25 PM

  • Please log in to reply

#1
karma984
Posted 17 August 2010 - 10:25 PM

karma984

    New Member

  • Member
  • Pip
  • 3 posts
hi all this is the second time i've gotten this problem, i needed to upgrade my hard drive anyways so did that and reinstalled windows all good until recently, malwarebytes detects 11 security hijacks but cant get rid of the problem, my avg has been disabled and wont open or do anything and my windows firewall has shutdown and i can get it back up, also my computer shuts down by itself every 10-20mins. Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4438

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/08/2010 9:42:48 AM
mbam-log-2010-08-17 (09-42-48).txt

Scan type: Quick scan
Objects scanned: 125374
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
OTL logfile created on: 18/08/2010 11:48:15 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\bart simpson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 172.00 Gb Free Space | 92.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIMPSON-CE330A7
Current User Name: bart simpson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/18 11:35:31 | 000,712,714 | -HS- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe
PRC - [2010/08/18 11:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bart simpson\My Documents\Downloads\OTL.exe
PRC - [2010/07/23 10:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/12 09:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/03/29 21:16:14 | 001,476,622 | -HS- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe
PRC - [2008/07/26 23:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 23:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/14 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/18 11:17:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bart simpson\My Documents\Downloads\OTL.exe
MOD - [2010/06/12 07:21:40 | 000,232,960 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360mon.dll
MOD - [2008/07/26 23:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll
MOD - [2008/04/14 20:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/26 02:30:33 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/25 03:34:25 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/12 09:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2008/07/26 23:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 23:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV - [2010/07/25 03:36:09 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/25 03:36:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/25 03:35:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/30 06:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/02/11 08:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/07/26 23:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/07/26 23:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/07/26 23:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 23:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 23:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/14 15:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 15:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2005/12/09 01:53:00 | 003,611,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/04/13 10:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/13 10:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/13 10:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/13 10:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004/06/07 11:43:52 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ®
DRV - [2004/03/18 06:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/16 21:38:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 03:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/13 07:00:11 | 000,000,000 | ---D | M]

[2010/07/25 03:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\Mozilla\Extensions
[2010/08/16 10:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\Mozilla\Firefox\Profiles\rd2u46hl.default\extensions
[2010/07/26 03:09:08 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\bart simpson\Application Data\Mozilla\Firefox\Profiles\rd2u46hl.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/08/17 09:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 18:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 - HOSTS file present but inaccessible!
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\bart simpson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: (n"=7367A = C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe) - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O27 - HKLM IFEO\ashAvast.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ashDisp.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ashServ.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avp.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\egui.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspmain.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspsvc.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspupsvc.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\sched.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\swUpdSv.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/25 02:10:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 10:13:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\options
[2010/08/17 09:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/17 09:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/17 09:07:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/08/17 09:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/17 03:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\misc
[2010/08/16 21:25:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/08/16 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/08/16 08:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\Youtube general
[2010/08/16 08:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\Youtube computer stuff
[2010/08/16 08:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/08/15 00:12:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/14 23:57:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bart simpson\IECompatCache
[2010/08/14 23:56:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bart simpson\PrivacIE
[2010/08/12 15:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/12 15:54:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/12 15:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/12 15:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/12 15:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/12 15:54:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/12 15:54:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/12 15:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\Adobe
[2010/08/12 15:53:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/07/26 04:28:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\My Documents\My Videos
[2010/07/26 04:28:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Leadertech
[2010/07/26 04:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2010/07/26 04:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/07/26 04:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/07/26 04:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/07/26 04:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/07/26 04:10:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Epson
[2010/07/26 04:05:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/07/26 04:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2010/07/26 04:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2010/07/26 04:01:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\InstallShield
[2010/07/26 04:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/26 04:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/26 04:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/07/26 03:57:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/07/26 03:54:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/26 03:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/07/26 03:42:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\IObit
[2010/07/26 03:39:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\software
[2010/07/26 03:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems
[2010/07/26 03:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO
[2010/07/26 03:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\My ISO Files
[2010/07/26 03:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\Ahead
[2010/07/26 03:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Ahead
[2010/07/26 03:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/07/26 03:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/07/26 03:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/07/26 03:33:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/07/26 03:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/07/26 03:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/07/26 03:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/07/26 03:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/26 03:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/07/26 03:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\Microsoft Help
[2010/07/26 03:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/07/26 03:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/07/26 03:22:37 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/07/26 03:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\WinRAR
[2010/07/26 03:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/07/26 03:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/07/26 03:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/07/26 03:10:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/26 03:09:31 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/07/26 03:09:01 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet
[2010/07/26 03:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\BitComet
[2010/07/26 03:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/07/26 03:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\uTorrent
[2010/07/26 03:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Media Player Classic
[2010/07/26 03:02:52 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/07/26 03:02:51 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/07/26 03:02:51 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/07/26 03:02:51 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/07/26 03:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/07/26 02:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/07/26 02:47:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinFast
[2010/07/26 02:46:34 | 000,009,469 | ---- | C] (Leadtek Research Inc.) -- C:\WINDOWS\System32\drivers\WINFOXIO.sys
[2010/07/26 02:46:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WinFox
[2010/07/26 02:46:19 | 000,000,000 | ---D | C] -- C:\WinFastPVR
[2010/07/26 02:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Adobe
[2010/07/26 02:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\EVGA Precision
[2010/07/25 04:46:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Tracing
[2010/07/25 04:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/25 04:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/25 04:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/07/25 04:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/25 04:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/25 04:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/07/25 03:53:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bart simpson\IETldCache
[2010/07/25 03:50:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/25 03:49:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/25 03:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/25 03:36:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/25 03:36:06 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/25 03:35:59 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/25 03:35:57 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/25 03:35:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/25 03:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/25 03:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/25 03:25:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/25 03:25:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/25 03:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\My Documents\Downloads
[2010/07/25 03:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\Mozilla
[2010/07/25 03:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Mozilla
[2010/07/25 03:20:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/25 03:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Malwarebytes
[2010/07/25 03:12:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/25 03:12:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/25 03:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/25 03:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/25 03:08:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/25 03:08:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Macromedia
[2010/07/25 02:58:21 | 002,559,488 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2010/07/25 02:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/25 02:56:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2010/07/25 02:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/07/25 02:52:28 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/25 02:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/25 02:45:29 | 000,000,000 | ---D | C] -- C:\TempEI4
[2010/07/25 02:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/07/25 02:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/25 02:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/25 02:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/25 02:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/25 02:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/25 02:35:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/07/25 02:33:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/25 02:32:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/25 02:30:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/25 02:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Application Data\Identities
[2010/07/25 02:19:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/25 02:19:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\My Documents\My Pictures
[2010/07/25 02:19:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\My Documents\My Music
[2010/07/25 02:19:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\bart simpson\Application Data\Microsoft
[2010/07/25 02:19:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bart simpson\SendTo
[2010/07/25 02:19:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bart simpson\Recent
[2010/07/25 02:19:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bart simpson\Application Data
[2010/07/25 02:19:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\Start Menu
[2010/07/25 02:19:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\My Documents
[2010/07/25 02:19:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\bart simpson\Favorites
[2010/07/25 02:19:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\bart simpson\Cookies
[2010/07/25 02:19:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bart simpson\Templates
[2010/07/25 02:19:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bart simpson\PrintHood
[2010/07/25 02:19:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bart simpson\NetHood
[2010/07/25 02:19:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\bart simpson\Local Settings
[2010/07/25 02:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\Microsoft
[2010/07/25 02:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bart simpson\Desktop
[2010/07/25 02:15:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/25 02:15:13 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/25 02:15:13 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/25 02:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/25 02:14:43 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/25 02:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/25 02:12:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/25 02:12:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/25 02:11:21 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/25 02:10:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/25 02:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/25 02:10:54 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/25 02:09:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/25 02:09:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/25 02:09:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/25 02:09:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/25 02:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/25 02:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/25 02:08:45 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/25 02:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/25 02:08:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/25 02:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/25 02:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/25 02:08:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/25 02:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/25 02:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/25 02:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/25 02:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/25 02:08:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/25 02:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/25 02:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/25 02:07:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/25 02:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/25 02:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/25 02:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/25 02:07:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/25 02:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/25 02:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/25 02:06:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/25 02:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/25 02:06:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/07/24 18:59:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/24 18:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/07/24 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/07/24 18:59:36 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/07/24 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/07/24 18:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/07/24 18:59:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/24 18:59:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/24 18:59:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/24 18:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/24 18:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/24 18:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/07/24 18:59:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/07/24 18:58:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/24 18:58:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/07/24 18:57:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/24 18:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/07/24 18:50:47 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/07/24 18:50:47 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/07/24 18:50:47 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/07/24 18:50:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/07/24 18:50:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 90 Days ==========

[2010/08/18 11:35:32 | 000,006,992 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/18 11:35:23 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/08/18 11:35:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/18 11:35:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/18 11:34:24 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\bart simpson\NTUSER.DAT
[2010/08/18 07:27:11 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 09:34:24 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\bart simpson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 09:34:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\NTREGOPT.lnk
[2010/08/17 09:34:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\ERUNT.lnk
[2010/08/17 09:28:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\bart simpson\ntuser.ini
[2010/08/17 04:06:54 | 006,941,648 | -H-- | M] () -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\IconCache.db
[2010/08/16 17:51:25 | 063,499,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/16 17:39:37 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/16 17:39:37 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/08/16 17:38:23 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/08/16 16:05:49 | 000,043,616 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/16 08:08:55 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\YouTube Downloader.lnk
[2010/08/15 00:16:25 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/15 00:14:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/14 22:20:12 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010/08/14 22:20:11 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010/08/14 14:32:27 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/14 14:32:27 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/14 14:32:27 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/14 10:13:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 15:55:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/10 17:48:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/10 17:48:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/28 15:45:00 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/26 04:27:21 | 000,001,781 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/26 04:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2010/07/26 04:10:31 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/26 04:05:53 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2010/07/26 04:01:02 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus SX110_TX110 Manual.lnk
[2010/07/26 04:00:36 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/07/26 03:57:14 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/07/26 03:55:06 | 000,069,232 | ---- | M] () -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/26 03:54:28 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/26 03:42:03 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/26 03:42:03 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/26 03:37:36 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\UltraISO.lnk
[2010/07/26 03:36:20 | 000,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/07/26 03:34:03 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/26 03:16:57 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\WinRAR.lnk
[2010/07/26 03:15:54 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2010/07/26 03:09:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010/07/26 03:06:41 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/26 03:06:41 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/26 02:29:28 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\EVGA Precision.lnk
[2010/07/25 03:36:11 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/25 03:36:11 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/25 03:36:09 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/25 03:36:00 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/25 03:35:59 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/25 03:35:57 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/25 03:20:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/25 03:20:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 03:20:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 03:18:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/25 03:12:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 03:04:40 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/25 03:04:40 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\bart simpson\Desktop\Windows Media Player.lnk
[2010/07/25 02:33:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/25 02:19:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/25 02:14:46 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/25 02:12:52 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/07/25 02:10:38 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/25 02:10:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/25 02:10:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/25 02:10:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/25 02:10:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/25 02:10:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/25 02:10:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/25 02:10:34 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/25 02:10:25 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/07/25 02:09:38 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/25 02:09:38 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/25 02:07:56 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/25 02:07:46 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/25 02:07:46 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/07/25 02:05:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/24 18:59:35 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/14 16:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/14 16:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/06/09 00:10:50 | 000,790,528 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/09 00:10:50 | 000,134,144 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll

========== Files Created - No Company Name ==========

[2010/08/17 09:34:24 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\bart simpson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/17 09:34:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\NTREGOPT.lnk
[2010/08/17 09:34:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\ERUNT.lnk
[2010/08/16 17:39:37 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2010/08/16 17:39:37 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2010/08/16 08:08:55 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\YouTube Downloader.lnk
[2010/08/14 22:19:47 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010/08/14 22:19:47 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010/08/13 15:36:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/08/13 15:36:25 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/08/13 15:36:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010/08/13 15:36:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/08/13 15:36:24 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010/08/13 15:36:24 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/08/12 15:55:56 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/28 15:44:44 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/26 04:31:03 | 000,025,974 | R--- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/07/26 04:30:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/26 04:30:55 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/07/26 04:30:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/07/26 04:27:21 | 000,001,781 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2010/07/26 04:21:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/07/26 04:05:53 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Easy Photo Print.lnk
[2010/07/26 04:01:14 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/07/26 04:01:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/07/26 04:01:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/07/26 04:01:14 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/07/26 04:01:14 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/07/26 04:01:14 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/07/26 04:01:14 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/07/26 04:01:14 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/07/26 04:01:14 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/07/26 04:01:14 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2010/07/26 04:01:14 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/07/26 04:01:14 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/07/26 04:01:14 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2010/07/26 04:01:14 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/07/26 04:01:14 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/07/26 04:01:14 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2010/07/26 04:01:14 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/07/26 04:01:14 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2010/07/26 04:01:14 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2010/07/26 04:01:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/07/26 04:01:14 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2010/07/26 04:01:14 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2010/07/26 04:01:14 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/07/26 04:01:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/07/26 04:01:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/07/26 04:01:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/07/26 04:01:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/07/26 04:01:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/07/26 04:01:14 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/07/26 04:01:14 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/07/26 04:01:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/07/26 04:01:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/07/26 04:01:02 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Epson Stylus SX110_TX110 Manual.lnk
[2010/07/26 04:00:36 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2010/07/26 03:57:14 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2010/07/26 03:50:43 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/07/26 03:50:42 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2010/07/26 03:42:03 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/07/26 03:42:03 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/26 03:37:36 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\UltraISO.lnk
[2010/07/26 03:36:20 | 000,002,361 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart Essentials.lnk
[2010/07/26 03:16:57 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\WinRAR.lnk
[2010/07/26 03:15:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileASSASSIN.lnk
[2010/07/26 03:12:50 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\bart simpson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/26 03:09:07 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitComet.lnk
[2010/07/26 03:06:41 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2010/07/26 03:06:41 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/07/26 03:02:53 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/07/26 03:02:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/26 03:02:51 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/26 03:02:51 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/26 03:02:51 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/26 03:02:51 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/07/26 02:47:38 | 000,043,616 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/26 02:47:36 | 000,016,356 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/07/26 02:47:05 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/07/26 02:47:05 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/07/26 02:47:05 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/07/26 02:47:05 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/07/26 02:47:05 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/07/26 02:47:04 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/07/26 02:47:04 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/07/26 02:47:04 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2010/07/26 02:47:04 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/07/26 02:47:04 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/07/26 02:47:04 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2010/07/26 02:47:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2010/07/26 02:29:28 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\EVGA Precision.lnk
[2010/07/25 03:36:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/25 03:35:57 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/25 03:35:54 | 063,499,870 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/25 03:20:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/25 03:20:52 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/25 03:20:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/25 03:18:36 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/25 03:12:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/25 03:04:40 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/25 03:04:40 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\bart simpson\Desktop\Windows Media Player.lnk
[2010/07/25 02:58:19 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2010/07/25 02:58:19 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010/07/25 02:58:19 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/25 02:57:04 | 000,001,902 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/07/25 02:56:32 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2010/07/25 02:56:32 | 000,005,110 | R--- | C] () -- C:\WINDOWS\System32\e100b325.din
[2010/07/25 02:36:43 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/07/25 02:36:42 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/07/25 02:36:42 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/07/25 02:36:42 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/07/25 02:36:42 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/07/25 02:36:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/07/25 02:36:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/07/25 02:36:42 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/07/25 02:36:42 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/07/25 02:36:42 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/07/25 02:36:42 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/07/25 02:36:42 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/07/25 02:36:42 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/07/25 02:36:42 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/07/25 02:36:42 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/07/25 02:36:42 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/07/25 02:36:42 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/07/25 02:36:41 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/07/25 02:36:41 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/07/25 02:36:41 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/07/25 02:36:41 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/07/25 02:36:41 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/07/25 02:36:41 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/07/25 02:36:41 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/07/25 02:36:41 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/07/25 02:36:41 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/07/25 02:36:41 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/07/25 02:36:41 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/07/25 02:36:41 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/07/25 02:36:41 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/07/25 02:36:41 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/07/25 02:36:41 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/07/25 02:36:41 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/07/25 02:36:41 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/07/25 02:36:41 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/07/25 02:36:41 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/07/25 02:36:41 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/07/25 02:36:41 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/07/25 02:36:41 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/07/25 02:36:41 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/07/25 02:36:41 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/07/25 02:36:41 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/07/25 02:36:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/07/25 02:36:41 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/07/25 02:36:41 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/07/25 02:36:41 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/07/25 02:36:41 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/07/25 02:36:41 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/07/25 02:36:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/07/25 02:36:41 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/07/25 02:36:41 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/07/25 02:36:41 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/07/25 02:36:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/07/25 02:36:41 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/07/25 02:36:41 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/07/25 02:36:41 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/07/25 02:36:41 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/07/25 02:36:41 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/07/25 02:36:41 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/07/25 02:36:41 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/07/25 02:36:41 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/07/25 02:36:41 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/07/25 02:36:41 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/07/25 02:36:41 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/07/25 02:36:40 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/07/25 02:36:40 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/07/25 02:36:40 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/07/25 02:36:40 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/07/25 02:36:40 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/07/25 02:36:40 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/07/25 02:36:40 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/07/25 02:36:40 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/07/25 02:36:40 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/07/25 02:36:40 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/07/25 02:36:40 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/07/25 02:36:40 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/07/25 02:36:40 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/07/25 02:36:40 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/07/25 02:36:40 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/07/25 02:36:40 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/07/25 02:36:40 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/07/25 02:36:40 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/07/25 02:33:40 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/07/25 02:33:39 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/07/25 02:33:38 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/25 02:19:27 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/25 02:19:19 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/25 02:19:14 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\bart simpson\ntuser.ini
[2010/07/25 02:19:13 | 002,621,440 | -H-- | C] () -- C:\Documents and Settings\bart simpson\NTUSER.DAT
[2010/07/25 02:19:13 | 000,122,880 | -H-- | C] () -- C:\Documents and Settings\bart simpson\ntuser.dat.LOG
[2010/07/25 02:14:46 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/25 02:12:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/25 02:12:42 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/07/25 02:12:14 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/07/25 02:12:14 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/07/25 02:12:13 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/07/25 02:11:57 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/07/25 02:11:57 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/07/25 02:11:51 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/07/25 02:11:50 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/07/25 02:11:48 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/07/25 02:11:40 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/07/25 02:11:35 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/07/25 02:11:23 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/07/25 02:11:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/25 02:11:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/25 02:11:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/25 02:11:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/25 02:11:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/25 02:11:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/25 02:11:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/25 02:11:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/07/25 02:11:19 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/07/25 02:11:19 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/07/25 02:11:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/25 02:11:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/07/25 02:11:18 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/25 02:11:18 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/25 02:11:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/25 02:11:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/25 02:11:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/25 02:11:17 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/07/25 02:11:17 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/25 02:11:17 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/25 02:11:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/25 02:11:16 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/07/25 02:11:16 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/07/25 02:11:16 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/07/25 02:11:16 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/07/25 02:11:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/25 02:11:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/25 02:11:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/25 02:11:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/25 02:11:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/25 02:11:15 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/07/25 02:11:15 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/07/25 02:10:38 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/25 02:10:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/25 02:10:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/25 02:10:38 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/25 02:10:38 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/25 02:10:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/25 02:10:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/25 02:10:33 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/25 02:09:38 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/25 02:09:38 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/07/25 02:09:32 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/25 02:09:16 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/25 02:08:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/25 02:08:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/25 02:08:48 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/25 02:07:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/25 02:07:14 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/25 02:07:14 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/25 02:07:14 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/25 02:07:14 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/25 02:07:14 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/25 02:07:14 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/25 02:07:14 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/25 02:07:14 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/25 02:07:13 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/25 02:07:13 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/25 02:07:13 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/25 02:07:13 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/25 02:07:13 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/25 02:07:13 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/25 02:07:13 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/25 02:07:13 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/25 02:07:13 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/25 02:07:13 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/25 02:07:12 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/25 02:07:11 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/25 02:07:11 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/25 02:07:10 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/25 02:07:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/07/24 18:59:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/07/24 18:59:38 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/07/24 18:59:37 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/07/24 18:59:37 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/07/24 18:59:37 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/07/24 18:59:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/07/24 18:59:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/07/24 18:59:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/07/24 18:59:33 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/07/24 18:59:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/07/24 18:59:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/07/24 18:59:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/07/24 18:59:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/07/24 18:59:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/07/24 18:59:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/07/24 18:59:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/07/24 18:59:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/07/24 18:59:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/07/24 18:59:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/07/24 18:59:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/07/24 18:59:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/07/24 18:59:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/07/24 18:59:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/07/24 18:59:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/07/24 18:59:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/07/24 18:59:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/07/24 18:59:27 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/07/24 18:59:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/07/24 18:59:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/07/24 18:59:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/07/24 18:59:23 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/07/24 18:59:13 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/07/24 18:59:13 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/07/24 18:59:13 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/07/24 18:59:13 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/07/24 18:59:13 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/07/24 18:59:13 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/07/24 18:59:12 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/07/24 18:59:12 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/07/24 18:57:47 | 000,264,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/24 18:55:59 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/07/24 18:55:56 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2008/07/26 23:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

========== LOP Check ==========

[2010/07/25 03:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/26 04:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/07/26 03:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/07/26 04:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/17 03:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\BitComet
[2010/07/26 04:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\Epson
[2010/07/26 03:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\IObit
[2010/07/26 04:28:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\Leadertech
[2010/08/14 14:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bart simpson\Application Data\uTorrent
[2010/08/18 11:35:23 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job
[2010/08/16 17:38:23 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2010/07/25 02:10:38 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/25 02:05:49 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/07/25 02:10:38 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/25 02:10:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/26 06:20:43 | 000,004,461 | ---- | M] () -- C:\LGSInst.Log
[2010/07/25 02:10:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/25 02:33:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/18 11:35:11 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/07/25 02:58:58 | 000,000,090 | ---- | M] () -- C:\Realtek.log
[2010/07/25 02:58:48 | 000,000,391 | ---- | M] () -- C:\RtlAudio_Result.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/07/25 02:10:14 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/27 10:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 15:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/07/24 18:55:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/07/24 18:55:58 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/07/24 18:55:58 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/07/25 02:37:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/25 02:41:31 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/07/25 02:19:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\bart simpson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-25 19:54:42
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 12:15:20
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\fwpiqaod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9A24360, 0x2154AD, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\conime.exe[1352] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014C0001
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02E50001
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2716] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\notepad.exe[3560] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[3560] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\notepad.exe[3560] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[3560] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\notepad.exe[3560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001
.text C:\WINDOWS\notepad.exe[3560] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\notepad.exe[3560] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\notepad.exe[3560] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\notepad.exe[3560] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[3560] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\notepad.exe[3560] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\notepad.exe[3560] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\NOTEPAD.EXE[3768] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WinRAR\WinRAR.exe[3916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001
.text C:\Program Files\WinRAR\WinRAR.exe[3916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\WinRAR\WinRAR.exe[3916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\Program Files\WinRAR\WinRAR.exe[3916] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
.text C:\DOCUME~1\BARTSI~1\LOCALS~1\Temp\Rar$EX00.843\gmer.exe[4028] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

#2
Rorschach112
Posted 18 August 2010 - 05:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: (n"=7367A =-
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe) - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ashAvast.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ashDisp.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ashServ.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avguard.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avp.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\avscan.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\egui.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\MSASCui.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspmain.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspsvc.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\nspupsvc.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\sched.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()
O27 - HKLM IFEO\swUpdSv.exe: Debugger - C:\Documents and Settings\bart simpson\Application Data\Microsoft\SystemCertificates\WCUN\spoolsv.exe ()

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Documents and Settings\bart simpson\Application Data\Microsoft
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Edited by Rorschach112, 18 August 2010 - 05:27 AM.

  • 0

#3
karma984
Posted 21 August 2010 - 08:41 AM

karma984

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks heaps for that Rorschach112, the fix seems to have helped, provided i didnt stuff up the application of it however i still cant seem to get my windows firewall up and running, and my malwarebytes which i have used for ages now and rely on heavily doesnt start up or up date, tried uninstalling it and reinstalling, did a system fix using advanced system care which seemed to fix a similar issue with malwarebytes not functioning on a friends computer but with no success. I did a system scan using iobit security 360 it detected 16 issues but seems to have deleted them successfully, as a second scan showed the system to be clear, however i honestly only trust malwarebytes to confirm the system is clean. The errors are listed below when i try to start malwarebytes......


An error has occurred. Please report this error code to our support team
MBAM_ERROR_EXPANDING_VARIABLES(0,9)

An error has occurred. Please report this error code to our support team
MBAM_ERROR_MISSING_FILE(3,0 mbamswissarmy.sys)

The system cannot find the path specified.



Im thinking regarding the firewall i might just need to restart it but unsure of how to do that, when i click on windows security center it tells me that the security center is unavailable because the "security center" service has not started or was stopped....etc

And when i click on the windows firewall icon it tells me that windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall/internet connection service(ics)? I click yes and make sure its turned on but it still gives me the message security center is unavailable.
  • 0

#4
Rorschach112
Posted 21 August 2010 - 10:09 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#5
karma984
Posted 22 August 2010 - 06:26 PM

karma984

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
hello, i've run the combo fix, however i did delete the avg and replaced it with microsoft security essentials, combo fix was still detecting that avg was running somehow. I did do a standard uninstall and then checked with add remove programs and had a look through my c drive program files and found nothing. Thought i probably should mention this, here are the results of the combo fix scan.

ComboFix 10-08-22.05 - bart simpson 23/08/2010 8:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1516 [GMT 8:00]
Running from: c:\documents and settings\bart simpson\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))))))
.

2010-08-21 14:09 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 14:09 . 2010-08-21 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 14:09 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-21 13:43 . 2010-08-21 13:43 -------- d-----w- c:\documents and settings\bart simpson\Local Settings\Application Data\PCHealth
2010-08-21 13:43 . 2010-08-21 13:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-08-20 23:38 . 2010-08-20 23:38 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-08-20 03:19 . 2010-08-20 03:19 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-20 02:35 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-20 02:22 . 2010-08-20 02:23 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-20 00:16 . 2010-08-20 00:16 -------- d-----w- C:\_OTL
2010-08-17 02:13 . 2010-08-17 02:13 -------- d-----w- c:\windows\options
2010-08-17 01:34 . 2010-08-17 01:34 -------- d-----w- c:\program files\ERUNT
2010-08-17 01:07 . 2010-08-17 01:29 -------- d-----w- c:\windows\SxsCaPendDel
2010-08-16 13:25 . 2010-08-16 13:25 -------- d-----w- c:\windows\system32\LogFiles
2010-08-16 09:39 . 2010-08-16 09:39 -------- d-----w- c:\program files\Runtime Software
2010-08-16 00:08 . 2010-08-16 00:08 -------- d-----w- c:\program files\YouTube Downloader
2010-08-14 16:12 . 2010-08-14 16:13 -------- dc-h--w- c:\windows\ie8
2010-08-14 15:57 . 2010-08-14 15:57 -------- d-sh--w- c:\documents and settings\bart simpson\IECompatCache
2010-08-14 15:56 . 2010-08-14 15:56 -------- d-sh--w- c:\documents and settings\bart simpson\PrivacIE
2010-08-13 07:36 . 2008-04-14 07:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2010-08-13 07:36 . 2008-04-14 07:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys
2010-08-13 07:36 . 2008-04-14 12:42 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-08-13 07:36 . 2008-04-14 12:42 363520 ----a-w- c:\windows\system32\PsisDecd.dll
2010-08-13 07:36 . 2008-04-14 07:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2010-08-13 07:36 . 2008-04-14 07:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys
2010-08-12 07:56 . 2010-08-12 07:56 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-08-12 07:55 . 2010-08-12 07:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-12 07:54 . 2010-08-12 07:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-12 07:54 . 2010-08-12 07:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-12 07:53 . 2010-08-12 08:05 -------- d-----w- c:\documents and settings\bart simpson\Local Settings\Application Data\Adobe
2010-08-12 07:53 . 2010-08-12 07:53 77184 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-08-12 07:53 . 2010-08-12 23:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-25 20:31 . 2008-07-26 15:25 627864 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-07-25 20:31 . 2008-07-26 14:46 25974 ----a-r- c:\windows\system32\Repository.reg
2010-07-25 20:30 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-07-25 20:30 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2010-07-25 20:30 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll
2010-07-25 20:30 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll
2010-07-25 20:30 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-07-25 20:30 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-07-25 20:30 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-07-25 20:28 . 2010-07-25 20:28 -------- d-----w- c:\documents and settings\bart simpson\Application Data\Leadertech
2010-07-25 20:27 . 2010-07-25 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-07-25 20:27 . 2010-07-25 20:30 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-07-25 20:27 . 2010-07-25 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-07-25 20:16 . 2005-04-13 02:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2010-07-25 20:16 . 2005-04-13 02:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2010-07-25 20:16 . 2005-04-13 02:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2010-07-25 20:16 . 2005-04-13 02:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2010-07-25 20:16 . 2010-07-25 20:17 -------- d-----w- c:\program files\Common Files\Logitech
2010-07-25 20:16 . 2010-07-25 20:27 -------- d-----w- c:\program files\Logitech
2010-07-25 20:10 . 2010-07-25 20:11 -------- d-----w- c:\documents and settings\bart simpson\Application Data\Epson
2010-07-25 20:07 . 2007-12-17 22:00 143872 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2010-07-25 20:07 . 2007-01-11 22:02 113664 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2010-07-25 20:07 . 2007-04-10 19:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2010-07-25 20:07 . 2008-08-08 20:09 86528 ----a-w- c:\windows\system32\E_FLBFBP.DLL
2010-07-25 20:07 . 2007-12-07 20:01 78848 ----a-w- c:\windows\system32\E_FD4BFBP.DLL
2010-07-25 20:07 . 2008-04-14 07:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-07-25 20:07 . 2008-04-14 07:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-25 20:06 . 2008-04-14 07:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-25 20:06 . 2008-04-14 07:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-25 20:05 . 2010-07-25 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL
2010-07-25 20:04 . 2010-07-25 20:05 -------- d-----w- c:\program files\Epson Software
2010-07-25 20:03 . 2010-07-25 20:04 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-07-25 20:00 . 2010-07-25 20:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-25 20:00 . 2010-07-25 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2010-07-25 20:00 . 2008-11-17 07:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2010-07-25 20:00 . 2006-08-25 09:00 9216 ----a-w- c:\windows\system32\escdev.dll
2010-07-25 20:00 . 2010-07-25 20:05 -------- d-----w- c:\program files\epson
2010-07-25 19:57 . 2010-07-25 19:57 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-25 19:57 . 2010-07-25 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-07-25 19:42 . 2010-08-21 14:01 -------- d-----w- c:\documents and settings\bart simpson\Application Data\IObit
2010-07-25 19:42 . 2010-07-25 19:57 -------- d-----w- c:\program files\IObit
2010-07-25 19:37 . 2010-07-25 19:37 -------- d-----w- c:\program files\Common Files\EZB Systems
2010-07-25 19:37 . 2010-07-25 19:37 -------- d-----w- c:\program files\UltraISO
2010-07-25 19:36 . 2010-07-25 19:36 -------- d-----w- c:\documents and settings\bart simpson\Local Settings\Application Data\Ahead
2010-07-25 19:35 . 2010-07-25 19:35 -------- d-----w- c:\documents and settings\bart simpson\Application Data\Ahead
2010-07-25 19:34 . 2010-07-25 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-25 19:34 . 2010-07-25 19:36 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-25 19:34 . 2010-07-25 19:34 -------- d-----w- c:\program files\Nero
2010-07-25 19:27 . 2008-11-10 03:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-07-25 19:27 . 2006-10-27 02:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-07-25 19:26 . 2010-08-20 02:49 -------- d-----w- c:\program files\Microsoft Works
2010-07-25 19:26 . 2010-07-25 19:26 -------- d-----w- c:\program files\MSBuild
2010-07-25 19:23 . 2010-07-25 19:25 -------- d-----w- c:\windows\SHELLNEW
2010-07-25 19:22 . 2010-07-25 19:22 -------- d-----w- c:\documents and settings\bart simpson\Local Settings\Application Data\Microsoft Help
2010-07-25 19:22 . 2010-08-21 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-25 19:22 . 2010-07-25 19:22 -------- d-----r- C:\MSOCache
2010-07-25 19:16 . 2010-07-25 19:16 -------- d-----w- c:\program files\Unlocker
2010-07-25 19:15 . 2010-07-25 19:15 -------- d-----w- c:\program files\FileASSASSIN
2010-07-25 19:10 . 2008-04-14 07:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-07-25 19:09 . 2010-08-22 10:08 -------- d-----w- C:\Downloads
2010-07-25 19:09 . 2010-07-25 19:09 1440768 ----a-w- c:\documents and settings\bart simpson\Application Data\Mozilla\Firefox\Profiles\rd2u46hl.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-07-25 19:09 . 2010-08-23 00:03 -------- d-----w- c:\documents and settings\bart simpson\Application Data\BitComet
2010-07-25 19:09 . 2010-07-25 19:09 -------- d-----w- c:\program files\BitComet
2010-07-25 19:06 . 2010-08-14 02:13 -------- d-----w- c:\program files\uTorrent
2010-07-25 19:05 . 2010-08-21 16:27 -------- d-----w- c:\documents and settings\bart simpson\Application Data\uTorrent
2010-07-25 19:04 . 2010-07-25 19:04 -------- d-----w- c:\documents and settings\bart simpson\Application Data\Media Player Classic
2010-07-25 19:02 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-07-25 19:02 . 2010-07-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-25 19:02 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-07-25 19:02 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-07-25 19:02 . 2010-03-10 19:29 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-07-25 19:02 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-07-25 19:02 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-07-25 19:02 . 2010-07-25 19:03 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-25 18:46 . 2010-07-25 18:46 -------- d-----w- c:\windows\system32\WinFox
2010-07-25 18:46 . 2003-09-05 16:57 9469 ------w- c:\windows\system32\drivers\WINFOXIO.sys
2010-07-25 18:46 . 2010-07-25 18:46 -------- d-----w- C:\WinFastPVR
2010-07-25 18:30 . 2010-07-25 18:30 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-25 18:30 . 2010-07-25 18:30 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-07-25 18:30 . 2010-07-25 18:30 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-25 18:30 . 2010-07-25 18:30 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-07-25 18:30 . 2010-07-25 18:30 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-25 18:29 . 2010-07-25 18:51 -------- d-----w- c:\program files\EVGA Precision
2010-07-25 18:25 . 2009-08-07 02:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-25 18:25 . 2009-08-07 02:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-07-24 20:46 . 2010-08-22 23:36 -------- d-----w- c:\documents and settings\bart simpson\Tracing
2010-07-24 20:43 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-07-24 20:43 . 2010-07-24 20:43 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-24 20:42 . 2010-07-24 20:42 -------- d-----w- c:\program files\Microsoft
2010-07-24 20:42 . 2010-07-24 20:42 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-24 20:41 . 2010-07-24 20:43 -------- d-----w- c:\program files\Windows Live
2010-07-24 20:38 . 2010-07-24 20:38 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-24 20:37 . 2010-08-20 02:54 69232 ----a-w- c:\documents and settings\bart simpson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 13:38 . 2010-07-24 18:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-14 13:37 . 2010-07-24 18:58 -------- d-----w- c:\program files\Realtek
2010-08-10 09:48 . 2010-07-25 20:30 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-10 09:48 . 2010-07-25 20:30 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-07-25 20:04 . 2010-07-24 18:52 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-25 20:01 . 2010-07-25 20:01 -------- d-----w- c:\documents and settings\bart simpson\Application Data\InstallShield
2010-07-24 18:53 . 2010-07-24 18:53 -------- d-----w- c:\program files\Intel
2010-07-24 18:38 . 2010-07-24 18:09 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-24 18:10 . 2010-07-24 18:10 -------- d-----w- c:\program files\microsoft frontpage
2010-07-24 18:07 . 2010-07-24 18:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-07-24 18:08 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-22_10.00.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-22 23:36 . 2010-08-22 23:36 40960 c:\windows\ERDNT\AutoBackup\23-08-2010\Users\00000002\UsrClass.dat
+ 2010-08-22 23:36 . 2005-10-20 04:02 163328 c:\windows\ERDNT\AutoBackup\23-08-2010\ERDNT.EXE
+ 2010-08-22 23:36 . 2010-08-22 23:36 2666496 c:\windows\ERDNT\AutoBackup\23-08-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sup_IS360.exe"="c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe" [2010-01-22 66648]
"AutoSweep.exe"="c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe" [2010-01-22 226904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-08 7340032]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

c:\documents and settings\bart simpson\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-24 19:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20630:TCP"= 20630:TCP:BitComet 20630 TCP
"20630:UDP"= 20630:UDP:BitComet 20630 UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/07/2010 3:35 AM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/07/2010 3:36 AM 243024]
S2 avg9emc;AVG Free E-mail Scanner;"c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [26/07/2010 3:57 AM 312152]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys --> c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [?]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys --> c:\windows\system32\drivers\RTL2832UBDA.sys [?]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys --> c:\windows\system32\Drivers\RTL2832UUSB.sys [?]
.
Contents of the 'Scheduled Tasks' folder
  • 0

#6
Rorschach112
Posted 23 August 2010 - 06:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
some of that log is missing, can you post it again
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP