Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Some help would be very much appreciated

Started by Picardinal , May 31 2011 12:40 PM

  • This topic is locked This topic is locked

#1
Picardinal
Posted 31 May 2011 - 12:40 PM

Picardinal

    Member

  • Member
  • PipPip
  • 15 posts
I think I've been far too lax over the last few years. Should've formatted probably. Too much work stuff to move over right now though.

My computer has been doing strange things for a very long time. I'd be very thankful for some help.

I just ran a default OTL scan. Let me know if you need a more detailed one, or a Hijackthis log.

I am very middle of the road when I get into this sort of depth.

Some of the stuff in these reports really worries me. The extras especially. But what do I know.

Thanks for your time.

Ok OTL tutorial instructions followed this time. Thanks for your time.

OTL logfile created on: 31/05/2011 19:59:18 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.82% Memory free
4.84 Gb Paging File | 3.98 Gb Available in Paging File | 82.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 135.26 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive D: | 49.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHNS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\bin32\nSvcIp.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- File not found
SRV - (gupdate) Google Update Service (gupdate) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (MpKslca36a53e) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8D9E5D18-6758-4B1D-9119-02446FDF4C12}\MpKslca36a53e.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvgts) -- C:\windows\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (JRAID) -- C:\windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/20 13:21:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:13:19 | 000,000,000 | ---D | M]

[2010/09/29 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/29 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/09/19 07:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/05/09 23:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vd058cvj.default\extensions
[2010/07/25 15:55:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vd058cvj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 15:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/09 23:13:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/12/22 18:39:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/09 23:13:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/02/27 12:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2011/05/09 23:13:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/01 17:56:49 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2011/05/09 23:13:13 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 23:13:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/01 17:56:50 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2011/05/09 23:13:13 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/09 23:13:13 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2011/05/09 23:13:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2011/05/09 23:13:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/29 05:52:54 | 000,433,873 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14958 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\windows\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SoundMax] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {3B89785B-4E94-400A-8705-5841B14063A7} http://www.arcsoft.c...ta/SimHDAss.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231191978500 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/03 02:40:56 | 000,367,328 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/05/18 08:22:36 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 360 Days ==========

[2011/05/31 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/31 17:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/05/29 19:03:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/29 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/05/29 18:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/29 18:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/29 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/29 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/05/29 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2011/05/29 03:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Microsoft Network Monitor 3.4
[2011/05/29 03:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2011/05/24 17:50:38 | 000,000,000 | ---D | C] -- C:\Netgear
[2011/05/13 10:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\test [bleep]
[2011/05/13 10:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (22)
[2011/05/13 10:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (21)
[2011/05/13 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder_final
[2011/05/12 17:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (20)
[2011/05/12 16:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (19)
[2011/05/10 13:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (18)
[2011/05/08 21:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Network Monitor 3
[2011/05/07 11:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (17)
[2011/05/07 10:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (16)
[2011/05/07 10:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (15)
[2011/05/07 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (14)
[2011/05/07 10:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (13)
[2011/04/29 16:12:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/29 15:41:12 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/04/29 15:31:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2011/04/29 15:31:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/04/29 15:31:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/04/29 15:31:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/04/29 15:22:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/04/29 15:16:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/29 08:26:21 | 000,051,400 | ---- | C] (G Data Software AG) -- C:\windows\System32\drivers\GDTdiIcpt.sys
[2011/04/29 08:26:21 | 000,029,640 | ---- | C] (G Data Software AG) -- C:\windows\System32\drivers\GDNdisIc.sys
[2011/04/29 08:26:15 | 000,062,024 | ---- | C] (G Data Software AG) -- C:\windows\System32\drivers\MiniIcpt.sys
[2011/04/29 08:26:15 | 000,033,480 | ---- | C] (G Data Software AG) -- C:\windows\System32\drivers\GDBehave.sys
[2011/04/29 08:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/04/29 08:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\G Data
[2011/04/29 08:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2011/04/25 22:38:13 | 000,000,000 | ---D | C] -- C:\windows\Internet Logs
[2011/04/25 17:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ForceField Shared Files
[2011/04/25 17:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/04/23 18:59:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (12)
[2011/04/15 05:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/04/15 04:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/15 04:57:48 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2011/04/15 04:57:47 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/04/15 04:57:47 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011/04/15 04:57:47 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2011/04/15 04:57:47 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2011/04/15 04:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/15 04:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/08 03:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nIf06504jFpCo06504
[2011/03/13 14:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (11)
[2011/03/10 16:43:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (10)
[2011/03/06 07:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\THE ASSIGNMENT
[2011/02/10 18:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2011/02/10 18:55:44 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011/02/07 12:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (9)
[2011/02/06 18:58:33 | 000,000,000 | ---D | C] -- C:\The.Dark.Knight.DVDRip.XviD-DoNE.1
[2011/02/06 18:37:31 | 000,000,000 | ---D | C] -- C:\How.I.Met.Your.Mother.S05E22.HDTV.XviD-LOL
[2011/02/06 18:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
[2011/02/06 18:27:55 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\windows\System32\libmfxsw32.dll
[2011/02/06 18:27:53 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\windows\System32\libmfxhw32.dll
[2011/02/06 18:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2011/02/06 18:27:44 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\GdiPlus.dll
[2011/02/06 18:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2011/02/06 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/02/06 16:32:15 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MFC71.dll
[2011/02/06 16:32:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\atl71.dll
[2011/02/06 16:32:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DSETUP.dll
[2011/02/06 16:32:15 | 000,009,856 | ---- | C] (Padus, Inc.) -- C:\windows\System32\drivers\pfc.sys
[2011/02/06 15:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TheaterTek
[2011/02/06 15:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Cyberlink
[2011/02/06 15:03:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CyberLink
[2011/02/06 15:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2011/02/06 15:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2011/02/06 15:01:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3a.dll
[2011/02/06 14:32:06 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsg.dll
[2011/02/06 14:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/02/06 14:30:37 | 000,000,000 | ---D | C] -- C:\618086070bf84f4defbb
[2011/02/06 14:30:33 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\UMDF
[2011/02/06 14:30:33 | 000,000,000 | ---D | C] -- C:\windows\System32\LogFiles
[2011/02/06 13:54:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NVIDIA
[2011/02/06 13:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA GPU Computing Toolkit
[2011/02/06 13:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/02/06 13:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/06 13:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Visual Studio 2010
[2011/02/06 13:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2011/02/06 13:36:28 | 000,000,000 | ---D | C] -- C:\windows\symbols
[2011/02/06 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2011/02/06 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2011/02/06 13:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2011/02/06 12:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2011/02/06 11:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/02/06 11:48:04 | 002,916,968 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll
[2011/02/06 11:48:04 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll
[2011/02/06 11:48:04 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvdispco322090.dll
[2011/02/06 11:48:04 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322040.dll
[2011/02/06 11:48:04 | 000,061,440 | ---- | C] (Khronos Group) -- C:\windows\System32\OpenCL.dll
[2011/02/06 11:48:03 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll
[2011/02/06 11:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/02/06 08:45:00 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2011/02/06 08:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ArcSoft
[2011/02/06 08:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2011/02/06 08:32:32 | 000,000,000 | ---D | C] -- C:\windows\ehome
[2011/02/06 08:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2011/02/06 08:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2011/02/06 08:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/02/06 08:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/02 15:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/02/02 15:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/21 06:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/19 03:40:21 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData
[2011/01/10 14:52:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (8)
[2011/01/10 12:30:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Resources
[2011/01/07 20:56:54 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvwddi.dll
[2011/01/07 20:56:50 | 000,580,200 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\easyUpdatusAPIU.dll
[2011/01/07 20:56:48 | 013,880,424 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcpl.dll
[2011/01/07 20:56:48 | 000,277,608 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvmccs.dll
[2011/01/07 20:56:48 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvcolor.exe
[2011/01/07 20:56:48 | 000,111,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvmctray.dll
[2011/01/07 18:43:50 | 001,497,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr100d.dll
[2011/01/07 18:43:50 | 000,743,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcp100d.dll
[2011/01/07 15:39:22 | 004,368,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc100u.dll
[2011/01/07 15:39:22 | 004,342,600 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfc100.dll
[2011/01/07 15:39:22 | 000,768,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr100.dll
[2011/01/07 15:39:22 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcp100.dll
[2011/01/07 15:39:22 | 000,137,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\atl100.dll
[2011/01/07 15:39:22 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfcm100u.dll
[2011/01/07 15:39:22 | 000,080,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mfcm100.dll
[2011/01/05 07:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/01/04 05:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2011/01/01 10:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2011/01/01 10:15:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/01 10:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/01 10:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/31 16:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (7)
[2010/12/31 04:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Citrix
[2010/12/29 18:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (6)
[2010/12/22 19:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My ooVoo
[2010/12/22 19:17:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/12/22 18:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/12/22 18:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/12/19 21:08:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\Copy (2) of My Pictures
[2010/12/09 11:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2010/12/06 10:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GRETECH
[2010/12/06 10:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2010/12/04 09:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\StarCraft II
[2010/11/03 11:46:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (5)
[2010/10/28 22:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\msgid_5063202_Battlestar_Galactica_(2003)_-_3x13_-_Taking_a_Break_from_All_Your_Worries
[2010/10/28 22:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\msgid_5063201_Battlestar_Galactica_(2003)_-_3x12_-_Rapture_(Part_2)
[2010/10/28 22:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\msgid_5063203_Battlestar_Galactica_(2003)_-_3x14_-_The_Woman_King
[2010/10/28 07:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2010/10/28 07:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/10/28 07:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/28 06:54:53 | 000,000,000 | ---D | C] -- C:\Fport-2.0
[2010/10/28 06:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fport-2.0
[2010/10/27 22:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2010/10/27 05:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2010/10/16 16:18:19 | 000,000,000 | ---D | C] -- C:\windows\RegisteredPackages
[2010/10/16 15:58:13 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\windows\System32\lameACM.acm
[2010/10/16 15:58:13 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2010/10/16 15:58:13 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2010/10/16 15:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2010/10/04 03:39:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (4)
[2010/10/04 03:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (3)
[2010/09/20 13:58:23 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/09/20 13:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/20 13:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/20 13:51:38 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/09/15 12:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/09/14 18:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2010/09/13 15:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Unity
[2010/09/13 15:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Unity
[2010/09/13 01:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Ventrilo
[2010/09/12 14:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/09/12 14:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/09/11 02:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (2)
[2010/09/10 20:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mumble
[2010/09/08 03:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2010/09/08 03:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\d
[2010/09/08 03:15:35 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msvcr70.dll
[2010/09/04 18:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PCHealth
[2010/09/04 18:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2010/09/03 17:45:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/08/25 22:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/08/16 10:21:24 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2010/08/08 14:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2010/08/08 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\StarCraft II
[2010/08/08 14:55:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\StarCraft II
[2010/08/08 12:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\SC2-WingsOfLiberty-enGB-Installer
[2010/07/28 11:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Giganews Accelerator
[2010/07/28 07:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\NewsBinGN
[2010/07/28 07:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\NewsBinGN
[2010/07/28 07:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NewsBingig
[2010/07/28 01:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Newsbin Download
[2010/07/28 01:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\NewsBin5
[2010/07/28 01:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\NewsBin
[2010/07/28 01:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\NewsBin
[2010/07/27 06:34:05 | 000,121,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbvideo.sys
[2010/07/27 06:34:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dshowext.ax
[2010/07/27 06:34:05 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dshowext.ax
[2010/07/24 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/24 21:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/24 21:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/05 18:34:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/04 13:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DivX
[2010/07/04 13:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/07/04 13:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/06/25 05:06:35 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\InstallWoW(2).exe
[2010/06/15 03:16:24 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\windows\System32\frapsvid.dll
[2010/06/08 03:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 360 Days ==========

[2011/05/31 19:57:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/31 18:57:00 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/31 18:37:23 | 000,000,424 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/05/31 18:32:02 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/05/31 18:31:57 | 3219,705,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/31 17:10:24 | 000,001,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/05/30 01:23:28 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitledtarl.bmp
[2011/05/29 19:01:30 | 000,352,762 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20110529_190109.reg
[2011/05/29 18:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/29 18:57:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 05:52:54 | 000,433,873 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/05/29 05:48:57 | 000,433,873 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110529-055254.backup
[2011/05/29 05:11:04 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 03:24:00 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Network Monitor 3.4.lnk
[2011/05/27 20:49:45 | 000,103,673 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\streamplease.JPG
[2011/05/27 16:27:15 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/05/26 17:51:33 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/05/26 17:51:33 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2011/05/25 17:17:41 | 000,003,888 | ---- | M] () -- C:\windows\System32\drivers\NTHANDLE.SYS
[2011/05/25 01:50:35 | 728,649,340 | ---- | M] () -- C:\Untitled.avi
[2011/05/24 22:20:26 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira warning.bmp
[2011/05/24 22:03:37 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira.bmp
[2011/05/23 18:27:27 | 000,433,811 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110529-054857.backup
[2011/05/23 18:27:19 | 000,433,811 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110523-182727.backup
[2011/05/17 16:28:26 | 000,014,188 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stream.jpg
[2011/05/12 04:05:47 | 000,037,370 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml7.JPG
[2011/05/12 03:44:00 | 000,044,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml5.JPG
[2011/05/12 03:40:34 | 000,025,841 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml6.JPG
[2011/05/12 03:15:43 | 000,020,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml3.JPG
[2011/05/12 03:02:41 | 000,039,352 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XML2.JPG
[2011/05/12 02:46:31 | 000,094,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml1.JPG
[2011/05/12 02:30:15 | 000,018,242 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\example1.GIF
[2011/05/07 09:04:16 | 000,081,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Folder (6).rar
[2011/05/05 17:20:44 | 000,286,125 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\marinez.SC2Replay
[2011/05/02 23:05:37 | 937,566,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv.part
[2011/05/02 22:11:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv
[2011/04/29 15:39:28 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.20110523-182719.backup
[2011/04/29 08:37:03 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/04/29 08:26:21 | 000,051,400 | ---- | M] (G Data Software AG) -- C:\windows\System32\drivers\GDTdiIcpt.sys
[2011/04/29 08:26:21 | 000,029,640 | ---- | M] (G Data Software AG) -- C:\windows\System32\drivers\GDNdisIc.sys
[2011/04/29 08:26:15 | 000,062,024 | ---- | M] (G Data Software AG) -- C:\windows\System32\drivers\MiniIcpt.sys
[2011/04/29 08:26:15 | 000,033,480 | ---- | M] (G Data Software AG) -- C:\windows\System32\drivers\GDBehave.sys
[2011/04/29 08:22:44 | 000,015,880 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2011/04/25 17:53:04 | 000,004,212 | -H-- | M] () -- C:\windows\System32\zllictbl.dat
[2011/04/21 22:28:06 | 000,089,869 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Community S02E21 720p HDTV X264 DIMENSION.nzb
[2011/04/16 15:55:11 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/16 00:25:12 | 000,042,230 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wentworth.jpg
[2011/04/15 17:28:51 | 000,079,948 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\macroptorsos.SC2Replay
[2011/04/15 04:57:57 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/15 04:33:43 | 000,267,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/15 03:13:08 | 000,537,976 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/15 03:13:08 | 000,103,344 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/14 23:17:21 | 000,432,284 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110423-191521.backup
[2011/04/08 20:56:06 | 000,432,284 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110414-231721.backup
[2011/04/01 13:59:17 | 000,074,406 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\love your banshee.SC2Replay
[2011/03/27 02:27:48 | 000,137,340 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\awwsheeet.SC2Replay
[2011/03/16 02:52:28 | 000,021,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wenegegferhhh_get41222.jpg
[2011/03/10 20:54:29 | 000,252,224 | ---- | M] () -- C:\windows\System32\nvdrsdb0.bin
[2011/03/10 20:54:29 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin
[2011/03/10 20:48:56 | 000,252,224 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin
[2011/03/10 20:06:29 | 000,027,532 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rendering.JPG
[2011/03/07 06:33:50 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcomm.dll
[2011/03/06 07:22:00 | 000,024,246 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\THE ASSIGNMENT.rar
[2011/03/04 07:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/03/04 07:45:07 | 000,512,000 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jscript.dll
[2011/03/04 07:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/03/04 07:45:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\vbscript.dll
[2011/03/03 14:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2011/03/03 14:21:11 | 001,857,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\win32k.sys
[2011/03/03 07:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\dnsapi.dll
[2011/02/19 05:26:56 | 000,061,146 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cubism.JPG
[2011/02/17 14:51:57 | 003,078,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2011/02/17 14:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\shdocvw.dll
[2011/02/17 14:51:57 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\browseui.dll
[2011/02/17 14:51:57 | 000,667,136 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll
[2011/02/17 14:51:57 | 000,629,760 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll
[2011/02/17 14:51:57 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/02/17 14:51:57 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll
[2011/02/17 14:51:57 | 000,449,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtmled.dll
[2011/02/17 14:51:57 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/02/17 14:51:57 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iepeers.dll
[2011/02/17 14:51:57 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\tdc.ocx
[2011/02/17 14:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mrxsmb.sys
[2011/02/17 14:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\srv.sys
[2011/02/15 13:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\dllcache\atmfd.dll
[2011/02/15 13:56:39 | 000,290,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2011/02/11 14:49:17 | 000,429,858 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110408-205606.backup
[2011/02/09 14:53:52 | 000,270,848 | ---- | M] () -- C:\windows\System32\dllcache\sbe.dll
[2011/02/09 14:53:52 | 000,186,880 | ---- | M] () -- C:\windows\System32\dllcache\encdec.dll
[2011/02/08 14:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc42.dll
[2011/02/08 14:33:55 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42.dll
[2011/02/08 14:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc42u.dll
[2011/02/08 14:33:55 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42u.dll
[2011/02/06 14:31:59 | 000,023,392 | ---- | M] () -- C:\windows\System32\nscompat.tlb
[2011/02/06 14:31:59 | 000,016,832 | ---- | M] () -- C:\windows\System32\amcompat.tlb
[2011/02/06 14:30:36 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/06 13:42:35 | 000,000,989 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NVIDIA Compute Visual Profiler.lnk
[2011/02/06 11:48:55 | 000,000,000 | ---- | M] () -- C:\windows\System32\nvdrswr.lk
[2011/02/06 11:39:47 | 000,208,257 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2011/02/06 08:02:17 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/05 18:39:53 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SopCast.lnk
[2011/02/04 18:50:00 | 000,089,375 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\lolol22.JPG
[2011/02/02 18:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/02/02 15:49:04 | 002,764,832 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Big Booty [bleep]es (the Official Video).mp3
[2011/02/02 10:45:18 | 000,755,760 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\vlc-record-2011-02-02-09h45m16s-cbgb-lotrtt720.mkv-.ts
[2011/02/02 08:58:35 | 002,067,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\lhmstscx.dll
[2011/01/28 15:58:02 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\typeracer.bmp
[2011/01/28 14:12:12 | 000,112,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Fringe S03E08 HDTV XviD LOL.nzb
[2011/01/27 12:57:06 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\lhmstsc.exe
[2011/01/25 20:37:30 | 005,088,960 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SopCast.zip
[2011/01/25 03:52:07 | 000,032,114 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\yourskills.JPG
[2011/01/21 15:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\shell32.dll
[2011/01/21 15:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\shimgvw.dll
[2011/01/21 06:03:29 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/01/20 21:26:09 | 000,102,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2700-2800.SC2Replay
[2011/01/17 23:40:00 | 000,428,637 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110211-134917.backup
[2011/01/17 15:47:56 | 000,039,834 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dt.SC2Replay
[2011/01/14 19:58:03 | 000,024,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cherly.JPG
[2011/01/10 13:08:35 | 000,088,227 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Resources1.rar
[2011/01/10 12:50:40 | 000,081,764 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Resources.rar
[2011/01/08 18:55:04 | 000,046,286 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\macrowned.SC2Replay
[2011/01/08 04:27:00 | 014,671,872 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvoglnt.dll
[2011/01/08 04:27:00 | 013,004,800 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcompiler.dll
[2011/01/08 04:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\dllcache\nv4_mini.sys
[2011/01/08 04:27:00 | 006,397,824 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nv4_disp.dll
[2011/01/08 04:27:00 | 004,980,736 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcuda.dll
[2011/01/08 04:27:00 | 002,916,968 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcuvid.dll
[2011/01/08 04:27:00 | 002,292,678 | ---- | M] () -- C:\windows\System32\nvdata.bin
[2011/01/08 04:27:00 | 002,251,368 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcuvenc.dll
[2011/01/08 04:27:00 | 001,958,400 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvapi.dll
[2011/01/08 04:27:00 | 000,941,160 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvdispco322090.dll
[2011/01/08 04:27:00 | 000,837,736 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvgenco322040.dll
[2011/01/08 04:27:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\windows\System32\OpenCL.dll
[2011/01/08 04:27:00 | 000,003,630 | ---- | M] () -- C:\windows\System32\nvinfo.pb
[2011/01/07 20:56:54 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvwddi.dll
[2011/01/07 20:56:50 | 000,580,200 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\easyUpdatusAPIU.dll
[2011/01/07 20:56:48 | 013,880,424 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcpl.dll
[2011/01/07 20:56:48 | 000,277,608 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvmccs.dll
[2011/01/07 20:56:48 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvcolor.exe
[2011/01/07 20:56:48 | 000,111,208 | ---- | M] (NVIDIA Corporation) -- C:\windows\System32\nvmctray.dll
[2011/01/07 18:43:50 | 001,497,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr100d.dll
[2011/01/07 18:43:50 | 000,743,248 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp100d.dll
[2011/01/07 15:39:22 | 004,368,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc100u.dll
[2011/01/07 15:39:22 | 004,342,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc100.dll
[2011/01/07 15:39:22 | 000,768,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcr100.dll
[2011/01/07 15:39:22 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msvcp100.dll
[2011/01/07 15:39:22 | 000,137,544 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\atl100.dll
[2011/01/07 15:39:22 | 000,080,720 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfcm100u.dll
[2011/01/07 15:39:22 | 000,080,208 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfcm100.dll
[2011/01/03 12:01:42 | 000,300,028 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\highlight.JPG
[2011/01/01 09:31:14 | 000,428,373 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110117-224000.backup
[2011/01/01 08:38:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/30 21:30:07 | 000,006,522 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dealwithitferguson.JPG
[2010/12/30 04:20:54 | 000,463,294 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled45.JPG
[2010/12/23 05:36:31 | 000,005,614 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ccc.JPG
[2010/12/22 13:34:28 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\kerberos.dll
[2010/12/20 18:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2010/12/20 18:26:00 | 000,730,112 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\lsasrv.dll
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/12/20 18:03:01 | 000,427,647 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110101-083114.backup
[2010/12/17 17:37:46 | 000,013,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FAQ.zip
[2010/12/17 17:36:55 | 000,013,123 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FAQ.rar
[2010/12/15 15:05:46 | 000,019,792 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\picpic.JPG
[2010/12/14 13:50:31 | 000,010,565 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Assignment.rar
[2010/12/13 15:37:24 | 010,915,840 | ---- | M] (Intel Corporation) -- C:\windows\System32\libmfxhw32.dll
[2010/12/13 15:37:20 | 010,833,920 | ---- | M] (Intel Corporation) -- C:\windows\System32\libmfxsw32.dll
[2010/12/10 10:57:06 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2010/12/09 15:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\csrsrv.dll
[2010/12/09 15:30:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2010/12/09 14:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010/12/09 14:42:26 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlmp.exe
[2010/12/09 14:38:47 | 002,192,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntoskrnl.exe
[2010/12/09 14:07:07 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrpamp.exe
[2010/12/09 14:07:07 | 002,027,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010/12/09 14:07:05 | 002,069,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ntkrnlpa.exe
[2010/11/22 23:38:58 | 000,210,217 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Howigottodiamondleague.JPG
[2010/11/22 04:17:31 | 000,260,775 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dealwithit.JPG
[2010/11/22 04:13:56 | 000,210,544 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\diamondbaby.JPG
[2010/11/18 19:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\isign32.dll
[2010/11/18 19:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\isign32.dll
[2010/11/16 21:44:40 | 000,425,401 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101220-170301.backup
[2010/11/15 22:53:54 | 000,015,419 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Steppes of War.SC2Replay
[2010/11/09 15:52:35 | 000,536,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado15.dll
[2010/11/09 15:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2010/11/09 15:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\odbc32.dll
[2010/11/09 15:52:35 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadox.dll
[2010/11/09 15:52:35 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadomd.dll
[2010/11/09 15:52:35 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadco.dll
[2010/11/09 15:52:35 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msjro.dll
[2010/11/09 10:33:53 | 000,224,250 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ehehag.JPG
[2010/11/08 16:14:49 | 000,226,094 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ohmang.JPG
[2010/11/08 13:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado27.tlb
[2010/11/08 13:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado26.tlb
[2010/11/08 13:41:00 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado25.tlb
[2010/11/08 13:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado21.tlb
[2010/11/08 13:41:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msado20.tlb
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\windows\MBR.exe
[2010/11/04 13:12:23 | 000,424,689 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101116-204440.backup
[2010/11/03 16:51:15 | 000,012,806 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\scrobo.JPG
[2010/11/02 16:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2010/11/01 18:27:12 | 000,299,102 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\marine9.JPG
[2010/10/28 07:26:51 | 000,000,144 | ---- | M] () -- C:\windows\System32\lkfl.dat
[2010/10/28 02:04:54 | 000,424,195 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101104-121223.backup
[2010/10/27 05:29:06 | 000,423,219 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101028-020453.backup
[2010/10/24 09:17:37 | 000,006,692 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dealwitjack.JPG
[2010/10/24 07:42:21 | 000,014,541 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Planetary.SC2Replay
[2010/10/20 02:12:51 | 000,422,409 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101027-052906.backup
[2010/10/16 16:18:38 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2010/10/11 15:59:30 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2010/10/08 08:24:58 | 000,026,469 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Boxer.SC2Replay
[2010/10/05 16:30:08 | 000,013,158 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\fruitdeal.JPG
[2010/10/05 13:33:34 | 000,041,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Nada-Game2.SC2Replay
[2010/10/05 13:19:24 | 000,037,408 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Nada-Game1.SC2Replay
[2010/10/05 11:30:43 | 000,014,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\damondeal.JPG
[2010/10/04 22:21:39 | 000,007,539 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dealbeeb.JPG
[2010/10/01 10:45:16 | 000,017,893 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal11.JPG
[2010/10/01 10:42:01 | 000,015,575 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal10.JPG
[2010/10/01 10:28:41 | 000,009,877 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal8.JPG
[2010/10/01 10:26:58 | 000,020,500 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal7.JPG
[2010/10/01 10:22:48 | 000,019,879 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal4.JPG
[2010/10/01 10:22:14 | 000,019,405 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\deal3.JPG
[2010/09/29 14:01:59 | 000,420,575 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20101020-021251.backup
[2010/09/28 22:51:10 | 000,314,544 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitled.JPG
[2010/09/18 07:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc40.dll
[2010/09/18 07:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2010/09/18 07:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mfc40u.dll
[2010/09/18 07:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2010/09/16 03:10:29 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VyprVPN.lnk
[2010/09/14 18:38:52 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\GdiPlus.dll
[2010/09/14 18:38:48 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msxml3a.dll
[2010/09/14 09:00:00 | 000,000,038 | ---- | M] () -- C:\windows\avisplitter.ini
[2010/09/13 16:09:00 | 000,070,703 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sad.JPG
[2010/09/12 16:47:23 | 000,008,733 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hahahahah.rar
[2010/09/12 16:44:06 | 000,009,793 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hahahahah.SC2Replay
[2010/09/11 02:47:47 | 007,732,323 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Folder (2).rar
[2010/09/03 21:04:55 | 000,056,312 | -H-- | M] () -- C:\windows\System32\mlfcache.dat
[2010/09/03 18:41:41 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Counter-Strike Source.url
[2010/09/03 17:45:43 | 471,408,852 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source models.gcf
[2010/09/03 17:45:43 | 1812,986,120 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\counter-strike source shared.gcf
[2010/09/03 17:45:43 | 159,352,116 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\multiplayer ob binaries.gcf
[2010/09/03 17:45:43 | 155,492,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared models.gcf
[2010/09/03 17:45:43 | 1098,222,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source materials.gcf
[2010/09/03 17:45:43 | 1033,006,368 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared materials.gcf
[2010/09/03 17:45:43 | 1023,142,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source sounds.gcf
[2010/09/03 17:45:43 | 022,389,628 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\counter-strike source client.gcf
[2010/09/03 17:45:43 | 002,373,924 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared sounds.gcf
[2010/09/03 17:45:42 | 412,142,468 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\half-life.gcf
[2010/09/03 17:45:42 | 277,789,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\counter-strike.gcf
[2010/09/03 17:45:42 | 034,750,460 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\winui.gcf
[2010/09/03 17:45:42 | 015,300,640 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\platform.gcf
[2010/09/03 17:45:42 | 012,147,928 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\half-life engine.gcf
[2010/09/03 17:45:42 | 000,165,892 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sourceinit.gcf
[2010/09/02 02:07:06 | 017,480,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\condition zero models.gcf
[2010/08/27 09:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2010/08/27 09:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\t2embed.dll
[2010/08/27 06:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\srvsvc.dll
[2010/08/26 03:07:53 | 000,416,890 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100929-140159.backup
[2010/08/26 00:36:02 | 010,841,088 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.dll
[2010/08/23 17:12:04 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2010/08/22 15:02:49 | 000,416,826 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100826-030752.backup
[2010/08/17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\spoolsv.exe
[2010/08/16 09:45:00 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\rpcrt4.dll
[2010/08/09 13:56:38 | 000,415,879 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100822-150249.backup
[2010/08/08 16:15:02 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/07/25 22:47:38 | 000,006,537 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\pic1.JPG
[2010/07/24 10:54:19 | 000,414,692 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100809-135638.backup
[2010/07/21 07:39:55 | 000,412,092 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100724-105419.backup
[2010/07/21 05:39:28 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2010/07/16 13:05:55 | 001,288,192 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ole32.dll
[2010/07/05 18:33:12 | 000,411,396 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100721-073955.backup
[2010/07/05 14:15:50 | 000,017,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\spmsg.dll
[2010/06/30 13:31:35 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\schannel.dll
[2010/06/25 05:06:35 | 001,663,664 | ---- | M] (Blizzard Entertainment) -- C:\Program Files\InstallWoW(2).exe
[2010/06/18 18:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2010/06/18 18:45:17 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\winsrv.dll
[2010/06/18 14:36:12 | 003,558,912 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2010/06/17 15:03:00 | 000,080,384 | ---- | M] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010/06/15 17:17:24 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\l3codecx.ax
[2010/06/15 03:16:24 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\windows\System32\frapsvid.dll
[2010/06/14 15:31:20 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2010/06/14 08:41:45 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml3.dll
[2010/06/14 03:12:38 | 000,404,365 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20100705-183312.backup
[2010/06/08 17:10:50 | 000,790,528 | ---- | M] () -- C:\windows\System32\xvidcore.dll
[2010/06/08 17:10:50 | 000,134,144 | ---- | M] () -- C:\windows\System32\xvidvfw.dll
[2010/06/07 18:06:54 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/31 18:31:57 | 3219,705,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 17:10:24 | 000,001,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/05/30 01:23:27 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitledtarl.bmp
[2011/05/29 19:01:14 | 000,352,762 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20110529_190109.reg
[2011/05/29 18:59:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/29 18:57:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 18:52:49 | 000,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/29 18:52:49 | 000,000,878 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/29 03:24:00 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Network Monitor 3.4.lnk
[2011/05/27 20:41:54 | 000,103,673 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\streamplease.JPG
[2011/05/25 01:27:29 | 728,649,340 | ---- | C] () -- C:\Untitled.avi
[2011/05/24 22:20:25 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira warning.bmp
[2011/05/24 22:03:37 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira.bmp
[2011/05/24 17:56:31 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Router Login.url
[2011/05/17 16:28:25 | 000,014,188 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stream.jpg
[2011/05/12 04:05:47 | 000,037,370 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml7.JPG
[2011/05/12 03:40:34 | 000,025,841 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml6.JPG
[2011/05/12 03:36:15 | 000,044,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml5.JPG
[2011/05/12 03:15:43 | 000,020,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml3.JPG
[2011/05/12 03:02:41 | 000,039,352 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XML2.JPG
[2011/05/12 02:46:31 | 000,094,412 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml1.JPG
[2011/05/12 02:30:13 | 000,018,242 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\example1.GIF
[2011/05/09 23:13:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/07 09:04:16 | 000,081,319 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Folder (6).rar
[2011/05/05 17:20:13 | 000,286,125 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\marinez.SC2Replay
[2011/05/02 22:11:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv
[2011/05/02 22:11:47 | 937,566,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv.part
[2011/04/29 15:31:12 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/04/29 15:31:12 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/04/29 15:31:12 | 000,089,088 | ---- | C] () -- C:\windows\MBR.exe
[2011/04/29 15:31:12 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/04/29 15:31:12 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/04/29 08:37:03 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/04/29 08:26:44 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/04/29 04:56:26 | 000,000,424 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/04/22 04:39:23 | 000,089,869 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Community S02E21 720p HDTV X264 DIMENSION.nzb
[2011/04/16 00:25:09 | 000,042,230 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wentworth.jpg
[2011/04/15 17:28:38 | 000,079,948 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\macroptorsos.SC2Replay
[2011/04/15 04:57:57 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/01 13:59:05 | 000,074,406 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\love your banshee.SC2Replay
[2011/03/27 02:27:40 | 000,137,340 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\awwsheeet.SC2Replay
[2011/03/16 02:52:27 | 000,021,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wenegegferhhh_get41222.jpg
[2011/03/10 20:06:29 | 000,027,532 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rendering.JPG
[2011/03/06 07:22:00 | 000,024,246 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\THE ASSIGNMENT.rar
[2011/02/19 05:24:25 | 000,061,146 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cubism.JPG
[2011/02/06 18:31:45 | 733,521,920 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The.Dark.Knight.DVDRip.XviD-DoNE.1.avi
[2011/02/06 14:30:36 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/02/06 13:42:35 | 000,000,989 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NVIDIA Compute Visual Profiler.lnk
[2011/02/06 11:48:57 | 000,252,224 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2011/02/06 11:48:55 | 000,252,224 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2011/02/06 11:48:55 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2011/02/06 11:48:55 | 000,000,000 | ---- | C] () -- C:\windows\System32\nvdrswr.lk
[2011/02/06 11:48:04 | 002,292,678 | ---- | C] () -- C:\windows\System32\nvdata.bin
[2011/02/06 11:48:04 | 000,003,630 | ---- | C] () -- C:\windows\System32\nvinfo.pb
[2011/02/06 08:02:17 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/04 18:50:00 | 000,089,375 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\lolol22.JPG
[2011/02/02 15:48:59 | 002,764,832 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Big Booty [bleep]es (the Official Video).mp3
[2011/02/02 10:45:18 | 000,755,760 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\vlc-record-2011-02-02-09h45m16s-cbgb-lotrtt720.mkv-.ts
[2011/01/28 19:12:45 | 000,112,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Fringe S03E08 HDTV XviD LOL.nzb
[2011/01/28 15:58:01 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\typeracer.bmp
[2011/01/25 20:37:27 | 005,088,960 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SopCast.zip
[2011/01/25 03:52:06 | 000,032,114 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\yourskills.JPG
[2011/01/21 06:03:29 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/01/21 06:03:08 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/01/20 21:25:54 | 000,102,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2700-2800.SC2Replay
[2011/01/17 15:47:42 | 000,039,834 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dt.SC2Replay
[2011/01/14 19:58:03 | 000,024,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cherly.JPG
[2011/01/10 13:08:35 | 000,088,227 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Resources1.rar
[2011/01/10 12:50:40 | 000,081,764 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Resources.rar
[2011/01/08 18:54:51 | 000,046,286 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\macrowned.SC2Replay
[2011/01/04 05:31:40 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2011/01/03 12:01:42 | 000,300,028 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\highlight.JPG
[2010/12/30 21:30:07 | 000,006,522 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dealwithitferguson.JPG
[2010/12/30 04:20:54 | 000,463,294 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled45.JPG
[2010/12/23 05:36:31 | 000,005,614 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ccc.JPG
[2010/12/17 17:37:46 | 000,013,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FAQ.zip
[2010/12/17 17:32:48 | 000,013,123 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FAQ.rar
[2010/12/15 15:05:46 | 000,019,792 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\picpic.JPG
[2010/12/14 13:50:31 | 000,010,565 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Assignment.rar
[2010/12/09 11:00:21 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GOM Player.lnk
[2010/11/22 13:25:17 | 000,210,217 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Howigottodiamondleague.JPG
[2010/11/22 04:17:31 | 000,260,775 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dealwithit.JPG
[2010/11/22 04:13:56 | 000,210,544 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\diamondbaby.JPG
[2010/11/21 18:18:47 | 000,011,534 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\viper.JPG
[2010/11/15 23:01:51 | 000,015,419 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Steppes of War.SC2Replay
[2010/11/09 10:33:52 | 000,224,250 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ehehag.JPG
[2010/11/08 16:14:48 | 000,226,094 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ohmang.JPG
[2010/11/03 16:51:15 | 000,012,806 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\scrobo.JPG
[2010/11/01 18:27:12 | 000,299,102 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\marine9.JPG
[2010/10/28 07:26:51 | 000,000,144 | ---- | C] () -- C:\windows\System32\lkfl.dat
[2010/10/28 07:26:44 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat
[2010/10/28 06:56:53 | 000,114,688 | ---- | C] () -- C:\Fport.exe
[2010/10/24 09:17:37 | 000,006,692 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dealwitjack.JPG
[2010/10/24 07:54:15 | 000,014,541 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Planetary.SC2Replay
[2010/10/16 15:58:13 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/10/16 15:58:13 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/10/16 15:58:13 | 000,000,414 | ---- | C] () -- C:\windows\System32\lame_acm.xml
[2010/10/16 15:58:13 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010/10/16 15:58:12 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/10/16 15:37:06 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SopCast.lnk
[2010/10/09 19:40:39 | 000,041,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Nada-Game2.SC2Replay
[2010/10/09 19:40:39 | 000,037,408 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Nada-Game1.SC2Replay
[2010/10/09 19:40:39 | 000,026,469 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\TLO-tvt-Boxer.SC2Replay
[2010/10/05 16:30:08 | 000,013,158 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\fruitdeal.JPG
[2010/10/05 11:30:43 | 000,014,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\damondeal.JPG
[2010/10/04 22:21:39 | 000,007,539 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dealbeeb.JPG
[2010/10/01 10:45:16 | 000,017,893 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal11.JPG
[2010/10/01 10:42:01 | 000,015,575 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal10.JPG
[2010/10/01 10:28:41 | 000,009,877 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal8.JPG
[2010/10/01 10:26:58 | 000,020,500 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal7.JPG
[2010/10/01 10:22:48 | 000,019,879 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal4.JPG
[2010/10/01 10:22:14 | 000,019,405 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\deal3.JPG
[2010/09/28 22:51:10 | 000,314,544 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitled.JPG
[2010/09/16 03:10:29 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VyprVPN.lnk
[2010/09/13 22:45:52 | 000,006,537 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\pic1.JPG
[2010/09/13 16:09:00 | 000,070,703 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sad.JPG
[2010/09/12 16:47:23 | 000,008,733 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hahahahah.rar
[2010/09/12 16:47:15 | 000,009,793 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hahahahah.SC2Replay
[2010/09/11 02:47:35 | 007,732,323 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Folder (2).rar
[2010/09/03 21:04:55 | 000,056,312 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/09/03 18:41:41 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Counter-Strike Source.url
[2010/08/25 22:42:47 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/08 14:55:26 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\StarCraft II.lnk
[2010/07/28 11:50:57 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Giganews Accelerator.lnk
[2010/07/21 05:45:29 | 002,373,924 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared sounds.gcf
[2010/07/21 05:45:28 | 155,492,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared models.gcf
[2010/07/21 05:45:27 | 1033,006,368 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\source 2007 shared materials.gcf
[2010/07/21 05:45:25 | 159,352,116 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\multiplayer ob binaries.gcf
[2010/06/07 18:06:54 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/26 14:29:04 | 000,003,888 | ---- | C] () -- C:\windows\System32\drivers\NTHANDLE.SYS
[2010/04/04 17:56:55 | 000,000,253 | ---- | C] () -- C:\windows\kaillera.ini
[2010/04/01 10:40:54 | 000,003,714 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\8kUL5H5g
[2010/04/01 10:40:54 | 000,003,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8kUL5H5g
[2010/03/26 03:33:04 | 000,033,792 | ---- | C] () -- C:\windows\System32\drivers\libusb0.sys
[2010/03/07 04:03:28 | 000,009,909 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TheHunterSettings.bin
[2010/03/07 03:59:30 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TheHunterSettings.cfg
[2009/11/29 02:14:45 | 000,937,704 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a7d0410b6252d7853fd950dc0e4730a1-i686.cache-2
[2009/09/18 19:50:41 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2009/08/20 17:59:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/20 17:11:38 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/08/19 02:30:52 | 000,278,728 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2009/08/19 02:30:51 | 000,025,416 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2009/08/18 16:46:00 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2009/08/11 15:01:25 | 000,013,396 | ---- | C] () -- C:\windows\System32\drivers\MTictwl.sys
[2009/01/05 23:07:24 | 000,200,704 | ---- | C] () -- C:\windows\sel3110.exe
[2009/01/05 23:07:24 | 000,040,960 | ---- | C] () -- C:\windows\CleanDev.exe
[2009/01/05 23:07:24 | 000,032,528 | ---- | C] () -- C:\windows\amcap.exe
[2009/01/05 22:43:28 | 000,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2009/01/05 22:43:28 | 000,012,400 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2009/01/05 22:36:37 | 000,003,900 | R--- | C] () -- C:\windows\System32\drivers\nvphy.bin
[2009/01/05 22:36:28 | 000,000,962 | R--- | C] () -- C:\windows\System32\AsusSetup.ini
[2009/01/05 22:36:28 | 000,000,400 | R--- | C] () -- C:\windows\System32\raidmgmt.ini
[2009/01/05 22:31:50 | 000,031,084 | ---- | C] () -- C:\windows\Ascd_log.ini
[2009/01/05 22:31:39 | 000,030,771 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2009/01/05 22:31:38 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2009/01/05 22:31:30 | 000,012,536 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/01/05 22:26:37 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/01/05 22:23:06 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/01/05 22:11:49 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/01/05 22:10:48 | 000,267,008 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/01/05 20:54:49 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 19:37:57 | 000,000,011 | ---- | C] () -- C:\windows\SBWIN.INI
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/04/14 13:00:00 | 000,537,976 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2008/04/14 13:00:00 | 000,103,344 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat

========== LOP Check ==========

[2011/01/19 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/28 07:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/01 10:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/18 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/18 16:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/04/29 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010/10/28 07:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2011/01/01 10:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/02 16:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/08 03:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nIf06504jFpCo06504
[2011/04/15 00:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/02/06 19:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/06 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheaterTek
[2011/01/01 10:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/09/14 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2009/07/15 01:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2011/04/25 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/04/07 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009/04/08 23:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2009/08/18 16:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/08/15 18:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/07/28 11:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/03/26 04:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fltk.org
[2010/09/08 03:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2011/01/30 01:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GrabIt
[2009/09/23 07:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/08/22 15:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ikzuu
[2010/08/26 04:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mydimo
[2010/07/28 06:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewsLeecher
[2010/12/22 19:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2009/04/09 05:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3 Uprising
[2011/02/10 18:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/09/13 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/05/29 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/05/31 18:37:23 | 000,000,424 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A295C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CE6BB52

< End of report >

OTL Extras logfile created on: 31/05/2011 19:59:18 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.82% Memory free
4.84 Gb Paging File | 3.98 Gb Available in Paging File | 82.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 135.26 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive D: | 49.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHNS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"1035:TCP" = 1035:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Disabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16755\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe" = C:\Program Files\GRETECH\GomTVStreamer\GomTVStreamerLive.exe:*:Enabled:GomTVStreamerLive -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base17326\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Steam\steamapps\j_azonic69\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\j_azonic69\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18092\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\windows\system32\sessmgr.exe" = C:\windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\[email protected]\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\[email protected]\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base18574\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4922C83B-0243-43A2-9D54-A9955688FE6D}" = NVIDIA CUDA Toolkit v3.2 (32 bit)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{68BD9036-0952-4849-AE7A-963BB53EDB71}" = GGPO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Red Alert™ 3 Uprising
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7300AF3-DD5B-4E86-A291-7631BE0C62C7}" = Giganews Accelerator
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NewsBin5" = NewsBin Pro
"NewsBinGN" = NewsBin for Giganews
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"QuickPar" = QuickPar 0.9
"SopCast" = SopCast 3.3.2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"VGA USB Camera" = VGA USB Camera
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9APDMOE" = Windows Media Video 9 Advanced Profile Codec
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/05/2011 20:26:03 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 08/05/2011 20:26:06 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
skype.exe, version 5.0.0.156, fault address 0x0014c799.

Error - 10/05/2011 18:06:49 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/05/2011 18:06:53 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
skype.exe, version 5.0.0.156, fault address 0x0014c799.

Error - 10/05/2011 19:24:18 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/05/2011 19:24:23 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
skype.exe, version 5.0.0.156, fault address 0x0014c799.

Error - 11/05/2011 10:49:35 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/05/2011 10:49:40 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
skype.exe, version 5.0.0.156, fault address 0x0014c799.

Error - 13/05/2011 20:20:13 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 13/05/2011 20:20:18 | Computer Name = JOHNS | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.156, faulting module
skype.exe, version 5.0.0.156, fault address 0x0014c799.

[ System Events ]
Error - 31/05/2011 12:46:41 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 31/05/2011 12:46:41 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 31/05/2011 12:46:41 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 31/05/2011 12:46:41 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 31/05/2011 13:23:25 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp ArcSec AsIO avgio avipbb Fips intelppm MpFilter nvport ssmdrv

Error - 31/05/2011 13:25:26 | Computer Name = JOHNS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 31/05/2011 13:25:28 | Computer Name = JOHNS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31/05/2011 13:30:31 | Computer Name = JOHNS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 31/05/2011 13:31:06 | Computer Name = JOHNS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31/05/2011 13:32:38 | Computer Name = JOHNS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
archlp ArcSec nvport


< End of report >

Edited by Picardinal, 31 May 2011 - 01:08 PM.

  • 0

Advertisements

#2
Picardinal
Posted 31 May 2011 - 12:44 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ok, OTL tutorial instructions properly followed this time.

Thanks for any help you can offer me.

Edited by Picardinal, 31 May 2011 - 01:07 PM.

  • 0

#3
Essexboy
Posted 31 May 2011 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there what are the problems that you are experiencing ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\All Users\Application Data\nIf06504jFpCo06504

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#4
Picardinal
Posted 31 May 2011 - 04:24 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
On old, slow emergency p.c right now. On my main PC OTL appears to have hung at "killing proccesses do not interrupt"... It appears to be not responding, past the 15-20 minute mark now. Hour glass n all that.

Main problems I experience:

Pages refreshing by themselves, funny movement when i'm checking my hotmail. Black triangle play symbol that appears on start up when desktop loads, but dissapears instantly. I'm forever removing various virus's ... but nothing changes.

I have something like 6 Users on my computer right now Owner, default, admin, admininstrator, adminstrator001 and so on - no idea how they got there... it feels like i've been completely hacked to be honest. Some of my desktop icons dissapear. Sometimes when I shut down there will be a fatal looking error saying trying to end .sw program not responding - whatever .swe is. And even this site. I tried to check back earlier and this site wouldn't load for me. Despite loading on the same connection on my emergency computer. Almost like someone saw I was making proggress and blocked it. It really feels like i've been hacked. Feeling paraoid right now.

I've gone to such lengths to cover my bases with powerful malware tools, nothing seems to help.

And now it appears even OTL can't stand up to this level of infection. I'll check back and see if OTL is still not responding in 5 minutes.

Edit to say I've used system restore far, far too many times too tbh.

Thanks for your help.

Edited by Picardinal, 31 May 2011 - 04:46 PM.

  • 0

#5
Picardinal
Posted 31 May 2011 - 04:39 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yeah. OTL appears to be stuck in the 'hung' position. Not responding.

I did follow what you said carefully.

I'll leave it until morning, but I have a funny feeling it's going to stay right where it is.

What should I do? I'm afraid to end task on such a powerful program - mid flow.

Edited by Picardinal, 31 May 2011 - 04:40 PM.

  • 0

#6
Essexboy
Posted 01 June 2011 - 10:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem stopping OTL - Stop from within taskmanager and it should be OK

Can you delete the accounts that you are no longer using as they give the malware lots of places to hide

Time to go straight in with the big boy now I feel

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Picardinal
Posted 01 June 2011 - 12:16 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK. I will very carefully follow the steps you have outlined. Thanks for your response.

Before I do: On closer inspection it LOOKED as if MSMPENG.exe was the process causing the holdup. Though I wouldn't place a bet that being the start and end of it, there's deffo other problems beyond that.

Is it worth me going into safe mode and trying your OTL fix instructions? Before I try combofix I mean.

On the multiple accounts issue, I don't want to be removing anything critical: Here is a list of the accounts

Administrator, All Users, Owner, Default User(hidden file), Administrator.Johns, Administrator.Johns.000 - and in the same Documents and settings folder are two other hidden folers called 'network service' 'local service'

Also, right now after I used rkill to find malware proccesses to stop, it stopped something in avira and now avgaurd is stuck at 25% (one full core) cpu.

Shall I go straight to combofix, or try your OTL instructions in safe mode.

Let me know.

Thanks for your time.
  • 0

#8
Essexboy
Posted 01 June 2011 - 12:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Straight to combofix please - we will re-assess once the results come in :)
  • 0

#9
Picardinal
Posted 01 June 2011 - 01:45 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Well.

That was horrifying.

I've got the log. Will paste it below - but here it was happened:

It said mcafee was still running, know for a fact it's not, uninstalled years ago. Searched entire system and deleted mcafee files until I got bored. It was endless so I just ran combofix anyway.

I said Windows recovery console not installed, so I clicked yes to download it. I then got this terrifying message:

"Boot Partition cannot be enumerated correctly" - What the... IS THAT. Such powerful malware.

Then to my further horror, it just scanned and continued anyway.

In between stage 5 6 7 8... and a whole bunch of other times up to stage 50 I got that explorer error, and I had to click don't send to microsoft over and over just to keep the scan going.
I don't even know if those stages completed, even though they said they did.

Edited to say: despite uninstalling all my antivirus progs, a lot of the processes are still there, fake no doubt.

Also, I never mentioned, I used to have the symptoms of key logging, weird characters appearing to other people in the spaces of my msn chat. That dissapeared though...
Here is the log:

My system is so so messed up. Thanks for your time. Do appreciate it.

ComboFix 11-06-01.04 - Owner 01/06/2011 20:31:57.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2276 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-05-31 21:57 . 2011-05-31 21:57 -------- d-----w- C:\_OTL
2011-05-31 21:56 . 2011-05-31 21:56 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-31 20:16 . 2011-02-22 23:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-05-31 20:16 . 2011-05-31 20:16 -------- dc-h--w- c:\windows\ie8
2011-05-31 16:10 . 2011-05-31 16:10 -------- d-----w- c:\program files\Trend Micro
2011-05-31 09:27 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{ACC6D76F-3E24-4DB4-94C1-4FF121BD5341}\mpengine.dll
2011-05-29 17:57 . 2011-05-29 17:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-05-29 17:53 . 2011-05-29 17:59 -------- d-----w- c:\program files\CCleaner
2011-05-29 17:52 . 2011-05-29 17:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-05-29 17:52 . 2011-05-29 17:53 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-05-29 17:52 . 2011-05-29 17:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2011-05-29 02:23 . 2011-05-29 02:23 -------- d-----w- c:\program files\Microsoft Network Monitor 3
2011-05-24 16:50 . 2011-05-24 16:56 -------- d-----w- C:\Netgear
2011-05-23 17:07 . 2011-05-23 17:07 -------- d-----w- c:\documents and settings\Administrator.JOHNS.000
2011-05-09 22:13 . 2011-05-09 22:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-09 22:13 . 2011-05-09 22:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-09 22:13 . 2011-05-09 22:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-09 22:13 . 2011-05-09 22:13 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-09 22:13 . 2011-05-09 22:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-09 22:13 . 2011-05-09 22:13 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-09 22:13 . 2011-05-09 22:13 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-09 22:13 . 2011-05-09 22:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 16:17 . 2010-05-26 13:29 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2011-05-09 20:46 . 2011-01-04 04:33 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-29 07:26 . 2011-04-29 07:26 51400 ----a-w- c:\windows\system32\drivers\GDTdiIcpt.sys
2011-04-29 07:26 . 2011-04-29 07:26 29640 ----a-w- c:\windows\system32\drivers\GDNdisIc.sys
2011-04-29 07:26 . 2011-04-29 07:26 62024 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
2011-04-29 07:26 . 2011-04-29 07:26 33480 ----a-w- c:\windows\system32\drivers\GDBehave.sys
2011-04-29 07:22 . 2011-04-29 07:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-15 02:13 . 2011-04-15 02:13 6680 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-03-07 05:33 . 2009-01-05 21:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2008-04-14 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2010-06-25 04:06 . 2010-06-25 04:06 1663664 ----a-w- c:\program files\InstallWoW(2).exe
2011-05-09 22:13 . 2011-05-09 22:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-29_14.39.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-10 22:03 . 2011-01-10 22:03 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-10 21:32 . 2011-01-10 21:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 03:05 . 2011-01-11 03:05 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 03:23 . 2011-01-11 03:23 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-10 20:21 . 2011-01-10 20:21 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
+ 2011-02-06 13:32 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\pngfilt.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\mshtmler.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\mshtmled.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 03:31 . 2009-03-08 03:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 03:31 . 2011-02-22 23:06 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\licmgr10.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\jsproxy.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\inseng.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\imgutil.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\iernonce.dll
+ 2009-03-08 03:31 . 2009-03-08 03:31 59904 c:\windows\system32\icardie.dll
+ 2009-07-20 18:08 . 2011-02-22 23:06 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-07-20 18:08 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-01-05 21:55 . 2011-02-22 23:06 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-01-05 21:55 . 2009-03-08 03:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2009-01-05 21:23 . 2009-03-08 03:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 18944 c:\windows\system32\corpol.dll
+ 2009-01-05 15:39 . 2011-06-01 17:32 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-05 15:39 . 2010-10-27 05:13 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-05-25 16:50 . 2011-06-01 17:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-14 12:00 . 2009-03-08 03:32 72704 c:\windows\system32\admparse.dll
+ 2011-05-12 08:13 . 2011-05-12 08:13 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\e260ac8b\5cd81437\App_Web_mihexvoq.dll
+ 2011-05-12 03:20 . 2011-05-12 03:20 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\website\68befd89\e592a4d3\App_Web__1qx1jhn.dll
+ 2011-05-13 09:54 . 2011-05-13 09:54 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_websitetest\00bcc829\e586058b\App_Web_yjypxxwq.dll
+ 2011-05-13 10:34 . 2011-05-13 10:34 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website4\c4a6ddb6\6317316b\App_Web_dclt6scu.dll
+ 2011-05-13 09:24 . 2011-05-13 09:24 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website4\75c74353\ba2fbf9e\App_Web_ct8wplni.dll
+ 2011-05-13 09:38 . 2011-05-13 09:38 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website3\e0d71aa5\1c7b70d3\App_Web_no09plnj.dll
+ 2011-05-12 08:34 . 2011-05-12 08:34 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website\d9c0ebfe\fb096b40\App_Web_zdbe4f_z.dll
+ 2011-05-12 16:12 . 2011-05-12 16:12 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website\d9c0ebfe\fb096b40\App_Web_ti0cio4u.dll
+ 2011-05-12 16:14 . 2011-05-12 16:14 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website\d9c0ebfe\fb096b40\App_Web_ptsi51_j.dll
+ 2011-05-12 16:23 . 2011-05-12 16:23 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\final_website\d9c0ebfe\fb096b40\App_Web_fi-dgwal.dll
+ 2011-05-29 17:52 . 2011-05-29 17:52 22528 c:\windows\Installer\913bf.msi
- 2009-10-01 20:01 . 2011-04-15 02:15 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-05-31 20:17 . 2009-03-08 03:33 12288 c:\windows\ie8updates\KB982381-IE8\xpshims.dll
+ 2011-05-31 20:17 . 2009-03-08 03:31 55296 c:\windows\ie8updates\KB982381-IE8\msfeedsbs.dll
+ 2011-05-31 20:17 . 2009-03-08 03:33 25600 c:\windows\ie8updates\KB982381-IE8\jsproxy.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 12800 c:\windows\ie8updates\KB2497640-IE8\xpshims.dll
+ 2011-05-31 20:17 . 2009-03-08 03:31 66560 c:\windows\ie8updates\KB2497640-IE8\mshtmled.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 55296 c:\windows\ie8updates\KB2497640-IE8\msfeedsbs.dll
+ 2011-05-31 20:17 . 2009-03-08 03:34 43008 c:\windows\ie8updates\KB2497640-IE8\licmgr10.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 25600 c:\windows\ie8updates\KB2497640-IE8\jsproxy.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 37888 c:\windows\ie8\url.dll
+ 2011-05-31 20:16 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 39424 c:\windows\ie8\pngfilt.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 96256 c:\windows\ie8\occache.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 29184 c:\windows\ie8\mshta.exe
+ 2011-05-31 20:16 . 2009-04-29 04:55 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 15872 c:\windows\ie8\jsproxy.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 96256 c:\windows\ie8\inseng.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 93184 c:\windows\ie8\iexplore.exe
+ 2011-05-31 20:16 . 2008-04-14 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 48640 c:\windows\ie8\iernonce.dll
+ 2011-05-31 20:16 . 2009-04-29 04:55 78336 c:\windows\ie8\ieencode.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2011-05-31 20:16 . 2009-04-29 04:55 63488 c:\windows\ie8\icardie.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 35328 c:\windows\ie8\corpol.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 99840 c:\windows\ie8\advpack.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 61440 c:\windows\ie8\admparse.dll
+ 2009-06-05 18:51 . 2010-10-18 11:10 7680 c:\windows\system32\dllcache\iecompat.dll
+ 2011-05-31 20:17 . 2009-03-08 03:35 2048 c:\windows\ie8updates\KB2447568-IE8\iecompat.dll
+ 2011-01-11 03:27 . 2011-01-11 03:27 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 03:24 . 2011-01-11 03:24 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 03:08 . 2011-01-11 03:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\wininet.dll
+ 2009-03-08 03:34 . 2009-03-08 03:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2008-04-14 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\webcheck.dll
+ 2008-04-14 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\url.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\msrating.dll
+ 2008-04-14 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 03:32 . 2011-02-22 23:06 602112 c:\windows\system32\msfeeds.dll
+ 2011-05-09 22:09 . 2011-05-09 22:09 235168 c:\windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe
+ 2008-04-14 12:00 . 2011-03-04 06:37 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 03:22 . 2009-03-08 03:22 164352 c:\windows\system32\ieui.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 03:11 . 2009-03-08 03:11 445952 c:\windows\system32\ieapfltr.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\ieakeng.dll
+ 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dxtmsft.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 12:00 . 2009-03-08 03:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-01-05 21:23 . 2009-03-08 03:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-04-14 12:00 . 2011-03-04 06:37 420864 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-14 12:00 . 2009-03-08 03:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 17:20 . 2009-01-07 17:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 12:00 . 2009-03-08 03:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2008-04-14 12:00 . 2009-03-08 03:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-01-05 21:55 . 2011-02-22 23:06 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-04-14 12:00 . 2011-03-04 06:37 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-01-05 21:23 . 2009-03-08 13:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-07-20 18:08 . 2011-02-22 23:06 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-01-05 21:55 . 2009-03-08 03:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2008-04-14 12:00 . 2009-03-08 03:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2008-04-14 12:00 . 2011-02-18 11:49 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 12:00 . 2009-03-08 03:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2008-04-14 12:00 . 2009-03-08 03:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2008-04-14 12:00 . 2009-03-08 03:32 128512 c:\windows\system32\advpack.dll
+ 2006-12-02 05:27 . 2006-12-02 05:27 125720 c:\windows\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
+ 2011-05-11 02:00 . 2011-05-11 02:00 459264 c:\windows\Installer\3997d34.msi
+ 2011-05-29 02:24 . 2011-05-29 02:24 502272 c:\windows\Installer\1182612a.msi
+ 2011-05-29 02:24 . 2011-05-29 02:24 542720 c:\windows\Installer\11826125.msi
+ 2009-10-01 20:01 . 2011-05-12 02:03 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-05-31 20:17 . 2009-03-08 03:34 914944 c:\windows\ie8updates\KB982381-IE8\wininet.dll
+ 2011-05-31 20:17 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB982381-IE8\spuninst\updspapi.dll
+ 2011-05-31 20:17 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB982381-IE8\spuninst\spuninst.exe
+ 2011-05-31 20:17 . 2009-03-08 03:34 109568 c:\windows\ie8updates\KB982381-IE8\occache.dll
+ 2011-05-31 20:17 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB982381-IE8\mstime.dll
+ 2011-05-31 20:17 . 2009-03-08 03:32 594432 c:\windows\ie8updates\KB982381-IE8\msfeeds.dll
+ 2011-05-31 20:17 . 2009-03-08 03:33 246784 c:\windows\ie8updates\KB982381-IE8\ieproxy.dll
+ 2011-05-31 20:17 . 2009-03-08 03:31 183808 c:\windows\ie8updates\KB982381-IE8\iepeers.dll
+ 2011-05-31 20:17 . 2009-03-08 03:35 742912 c:\windows\ie8updates\KB982381-IE8\iedvtool.dll
+ 2011-05-31 20:17 . 2009-03-08 13:09 391536 c:\windows\ie8updates\KB982381-IE8\iedkcs32.dll
+ 2011-05-31 20:17 . 2009-03-08 03:32 173056 c:\windows\ie8updates\KB982381-IE8\ie4uinit.exe
+ 2011-06-01 17:41 . 2009-03-08 03:33 420352 c:\windows\ie8updates\KB2510531-IE8\vbscript.dll
+ 2011-06-01 17:41 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2510531-IE8\spuninst\updspapi.dll
+ 2011-06-01 17:41 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2510531-IE8\spuninst\spuninst.exe
+ 2011-06-01 17:41 . 2009-03-08 03:33 726528 c:\windows\ie8updates\KB2510531-IE8\jscript.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 916480 c:\windows\ie8updates\KB2497640-IE8\wininet.dll
+ 2011-05-31 20:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2497640-IE8\spuninst\updspapi.dll
+ 2011-05-31 20:17 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2497640-IE8\spuninst\spuninst.exe
+ 2011-05-31 20:17 . 2010-05-06 10:41 206848 c:\windows\ie8updates\KB2497640-IE8\occache.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 611840 c:\windows\ie8updates\KB2497640-IE8\mstime.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 599040 c:\windows\ie8updates\KB2497640-IE8\msfeeds.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 247808 c:\windows\ie8updates\KB2497640-IE8\ieproxy.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 184320 c:\windows\ie8updates\KB2497640-IE8\iepeers.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 743424 c:\windows\ie8updates\KB2497640-IE8\iedvtool.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 387584 c:\windows\ie8updates\KB2497640-IE8\iedkcs32.dll
+ 2011-05-31 20:17 . 2010-05-05 13:30 173056 c:\windows\ie8updates\KB2497640-IE8\ie4uinit.exe
+ 2011-05-31 20:17 . 2010-02-22 14:23 382840 c:\windows\ie8updates\KB2447568-IE8\spuninst\updspapi.dll
+ 2011-05-31 20:17 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2447568-IE8\spuninst\spuninst.exe
+ 2011-05-31 20:16 . 2011-02-17 13:51 667136 c:\windows\ie8\wininet.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 276480 c:\windows\ie8\webcheck.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 851968 c:\windows\ie8\vgx.dll
+ 2011-05-31 20:16 . 2011-03-04 06:45 434176 c:\windows\ie8\vbscript.dll
+ 2011-05-31 20:16 . 2011-02-17 13:51 629760 c:\windows\ie8\urlmon.dll
+ 2011-05-31 20:16 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-05-31 20:16 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-05-31 20:16 . 2011-02-17 13:51 532480 c:\windows\ie8\mstime.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 146432 c:\windows\ie8\msrating.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 146432 c:\windows\ie8\msls31.dll
+ 2011-05-31 20:16 . 2011-02-17 13:51 449024 c:\windows\ie8\mshtmled.dll
+ 2011-05-31 20:16 . 2009-04-29 04:55 459264 c:\windows\ie8\msfeeds.dll
+ 2011-05-31 20:16 . 2011-03-04 06:45 512000 c:\windows\ie8\jscript.dll
+ 2011-05-31 20:16 . 2009-04-29 04:55 268288 c:\windows\ie8\iertutil.dll
+ 2011-05-31 20:16 . 2011-02-17 13:51 251904 c:\windows\ie8\iepeers.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2011-05-31 20:16 . 2009-04-29 04:55 383488 c:\windows\ie8\ieapfltr.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 143360 c:\windows\ie8\ieakeng.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 205312 c:\windows\ie8\dxtrans.dll
+ 2011-05-31 20:16 . 2008-04-14 12:00 357888 c:\windows\ie8\dxtmsft.dll
+ 2011-05-31 20:10 . 2011-05-31 20:10 434176 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
- 2009-10-08 02:10 . 2009-10-08 02:10 434176 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2011-05-31 20:10 . 2011-05-31 20:10 753664 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2011-01-10 21:50 . 2011-01-10 21:50 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-10 21:50 . 2011-01-10 21:50 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 1210880 c:\windows\system32\urlmon.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 5962240 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2011-05-09 22:09 6053536 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 03:32 . 2011-02-22 23:06 1991680 c:\windows\system32\iertutil.dll
+ 2009-02-06 20:07 . 2009-02-06 20:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2008-04-14 12:00 . 2011-02-22 23:06 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2008-04-14 12:00 . 2011-02-22 23:06 5962240 c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-05 21:55 . 2011-02-22 23:06 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2009-01-05 21:55 . 2009-02-06 20:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2010-03-31 20:27 . 2011-05-29 17:59 4239360 c:\windows\system32\config\systemprofile\ntuser.dat
- 2010-03-31 20:27 . 2010-03-31 20:27 4239360 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2011-04-29 11:27 . 2011-04-29 11:27 4158464 c:\windows\Installer\86c90c.msp
+ 2011-04-28 04:42 . 2011-04-28 04:42 4990976 c:\windows\Installer\86c8f6.msp
+ 2011-05-31 16:10 . 2011-05-31 16:10 1094656 c:\windows\Installer\1fdf9e.msi
- 2009-10-01 20:01 . 2011-04-15 02:15 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-10-01 20:01 . 2011-04-15 02:15 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-10-01 20:01 . 2011-05-12 02:03 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-05-31 20:17 . 2009-03-08 03:34 1206784 c:\windows\ie8updates\KB982381-IE8\urlmon.dll
+ 2011-05-31 20:17 . 2009-03-08 03:41 5937152 c:\windows\ie8updates\KB982381-IE8\mshtml.dll
+ 2011-05-31 20:17 . 2009-03-08 03:32 1985024 c:\windows\ie8updates\KB982381-IE8\iertutil.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 1209344 c:\windows\ie8updates\KB2497640-IE8\urlmon.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 5950976 c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 1985536 c:\windows\ie8updates\KB2497640-IE8\iertutil.dll
+ 2011-05-31 20:16 . 2011-02-17 13:51 3078656 c:\windows\ie8\mshtml.dll
+ 2011-05-31 20:16 . 2009-04-29 04:55 6066176 c:\windows\ie8\ieframe.dll
+ 2011-05-31 20:16 . 2008-07-09 14:25 2455488 c:\windows\ie8\ieapfltr.dat
+ 2011-05-31 22:09 . 2011-05-31 22:09 1120256 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\a3e4dfd119ff5ce9dc79ce10d946da56\Microsoft.VisualStudio.Design.ni.dll
+ 2011-05-31 22:09 . 2011-05-31 22:09 2019840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\92e0f6d18d613ceb0cc2cb8c600a4901\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2011-05-31 22:09 . 2011-05-31 22:09 3949056 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\759e45c734ca6819826321f6c02f559d\Microsoft.VisualStudio.Editors.ni.dll
+ 2011-05-31 20:10 . 2011-05-31 20:10 4202496 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
- 2009-10-08 02:09 . 2009-10-08 02:09 4202496 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
+ 2011-05-31 20:10 . 2011-05-31 20:10 1867776 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
+ 2009-01-05 21:54 . 2011-05-12 02:01 42829768 c:\windows\system32\MRT.exe
+ 2009-03-08 03:39 . 2011-02-22 23:06 11080704 c:\windows\system32\ieframe.dll
+ 2009-01-05 21:55 . 2011-02-22 23:06 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2006-12-05 10:39 . 2006-12-05 10:39 36099072 c:\windows\Installer\90bab9.msp
+ 2011-04-22 18:41 . 2011-04-22 18:41 11507712 c:\windows\Installer\86c926.msp
+ 2011-05-31 20:17 . 2009-03-08 03:39 11063808 c:\windows\ie8updates\KB982381-IE8\ieframe.dll
+ 2011-05-31 20:17 . 2010-05-06 10:41 11076096 c:\windows\ie8updates\KB2497640-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-30 1966080]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-09 1036288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2011-04-25 20:45 38184 ----a-w- c:\program files\NCsoft\Launcher\NCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 16:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-18 15:42 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSSQL$SQLEXPRESS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gupdate"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16755\\SC2.exe"=
"c:\\Program Files\\GRETECH\\GomTVStreamer\\GomTVStreamerLive.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base16939\\SC2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base17326\\SC2.exe"=
"c:\\Program Files\\Steam\\steamapps\\j_azonic69\\counter-strike\\hl.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18092\\SC2.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"1035:TCP"= 1035:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/04/2009 23:05 722416]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [26/03/2010 03:33 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [01/04/2010 11:46 20952]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys --> c:\windows\system32\drivers\archlp.sys [?]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys --> c:\windows\system32\drivers\ArcSec.sys [?]
S1 MpKsl0b1304da;MpKsl0b1304da;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F556CB-BA6A-4731-AC23-AF5199095FE6}\MpKsl0b1304da.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C5F556CB-BA6A-4731-AC23-AF5199095FE6}\MpKsl0b1304da.sys [?]
S1 MpKsl0f972cf6;MpKsl0f972cf6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D58C8A8-BF2B-4A3D-8650-D5A1E18FA361}\MpKsl0f972cf6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5D58C8A8-BF2B-4A3D-8650-D5A1E18FA361}\MpKsl0f972cf6.sys [?]
S1 MpKsl166e1f29;MpKsl166e1f29;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl166e1f29.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl166e1f29.sys [?]
S1 MpKsl3afba7fa;MpKsl3afba7fa;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45AC6D86-3EAA-4EE8-8B57-D665EA389528}\MpKsl3afba7fa.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{45AC6D86-3EAA-4EE8-8B57-D665EA389528}\MpKsl3afba7fa.sys [?]
S1 MpKsl5434aeeb;MpKsl5434aeeb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl5434aeeb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl5434aeeb.sys [?]
S1 MpKsl56d633f3;MpKsl56d633f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl56d633f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl56d633f3.sys [?]
S1 MpKsl825ef1ae;MpKsl825ef1ae;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A86B192-3FAF-47C3-B845-E366FEB7C67C}\MpKsl825ef1ae.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1A86B192-3FAF-47C3-B845-E366FEB7C67C}\MpKsl825ef1ae.sys [?]
S1 MpKsl87979db1;MpKsl87979db1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10A9F4F-E573-4F9A-9344-60942C9AFABE}\MpKsl87979db1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D10A9F4F-E573-4F9A-9344-60942C9AFABE}\MpKsl87979db1.sys [?]
S1 MpKsl8be755e8;MpKsl8be755e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl8be755e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKsl8be755e8.sys [?]
S1 MpKslc76ded27;MpKslc76ded27;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKslc76ded27.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C6E44A99-A2C5-4BBF-9B3B-0E094FDE885C}\MpKslc76ded27.sys [?]
S1 MpKslcfb92932;MpKslcfb92932; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [01/04/2010 11:46 363344]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {3B89785B-4E94-400A-8705-5841B14063A7} - hxxp://www.arcsoft.com/data/SimHDAss.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\vd058cvj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1820)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-01 20:36:30
ComboFix-quarantined-files.txt 2011-06-01 19:36
ComboFix2.txt 2011-04-29 14:41
.
Pre-Run: 145,306,193,920 bytes free
Post-Run: 145,333,186,560 bytes free
.
- - End Of File - - 7996AAC01AE5CD21DE22FFBC4FDAE3B8

Edited by Picardinal, 01 June 2011 - 01:50 PM.

  • 0

#10
Essexboy
Posted 01 June 2011 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets check the MBR - is this a raid system ?

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Then could you run a fresh OTL log using the same script as previously

  • Run OTL.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post both logs

  • 0

Advertisements

#11
Picardinal
Posted 01 June 2011 - 02:10 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Cheers for you quick response. I have the MBR log.

Half way through it would go foward one line, then back like it was struggling.

Just want to make sure I understand what you want me to do:

You want me to paste the first script you gave me and hit fix - then reboot - then paste in the new script and hit quick scan, yeah?

Here is the MBR log. Thought i'd paste first as it looks like there's some interesting things going on. Some of them were red.

Thanks for your time.

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-06-01 21:01:05
-----------------------------
21:01:05.218 OS Version: Windows 5.1.2600 Service Pack 3
21:01:05.218 Number of processors: 4 586 0x1707
21:01:05.218 ComputerName: JOHNS UserName: Owner
21:01:06.500 Initialize success
21:01:48.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
21:01:48.531 Disk 0 Vendor: MAXTOR_S MX15 Size: 476940MB BusType: 1
21:01:48.531 Disk 0 MBR read successfully
21:01:48.531 Disk 0 MBR scan
21:01:48.531 Disk 0 Windows XP default MBR code
21:01:48.531 Disk 0 scanning sectors +976752000
21:01:48.562 Disk 0 scanning C:\windows\system32\drivers
21:01:51.890 Service scanning
21:01:52.656 Disk 0 trace - called modules:
21:01:52.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8aec51f8]<<
21:01:52.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeb79c0]
21:01:52.671 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8ad98920]
21:01:52.671 5 ACPI.sys[b7e66620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8ad97a38]
21:01:52.671 \Driver\nvgts[0x8aeb8168] -> IRP_MJ_CREATE -> 0x8aec51f8
21:01:53.375 Unsigned kernel modules:
21:01:53.375 0xb7ea6000 spun.sys
21:01:56.234 0xb7706000 C:\windows\system32\drivers\pfc.sys
21:01:58.656 0xb2fb3000 C:\windows\system32\drivers\libusb0.sys
21:02:01.843 0xa8e18000 C:\windows\system32\drivers\cpuz132_x32.sys
21:02:02.390 0xb85f4000 C:\windows\system32\Drivers\PROCEXP113.SYS
21:02:02.406 0xb8410000 C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
21:02:02.468 Scan finished successfully
21:02:22.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:02:22.828 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Edited by Picardinal, 01 June 2011 - 02:12 PM.

  • 0

#12
Picardinal
Posted 01 June 2011 - 02:25 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK.

I ran OTL and pasted in the script you gave to me on your first reply.

Hit fix. All worked just fine.

Here is the log:

I will now run OTL and try the second script you gave me.

Thanks again.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\All Users\Application Data\nIf06504jFpCo06504 folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.JOHNS
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2836 bytes

User: Administrator.JOHNS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 438 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 10125762 bytes
->FireFox cache emptied: 47036452 bytes
->Google Chrome cache emptied: 6665822 bytes
->Flash cache emptied: 1935447 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 4569353 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 808 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 580096 bytes

Total Files Cleaned = 70.00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.JOHNS
->Flash cache emptied: 0 bytes

User: Administrator.JOHNS.000
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_211828

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y248IWR9\search[1].htm moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EPAN2JQJ\301817-some-help-would-be-very-much-appreciated[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EPAN2JQJ\like[1].htm not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5C2KRHZD\301817-some-help-would-be-very-much-appreciated[1].txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#13
Picardinal
Posted 01 June 2011 - 02:41 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OK. Got the log for the last script for OTL/quick scan you gave me.

I should do a 360 day one to be honest, none of these shenanigans are new.

Thanks again.

Here is the log:

OTL logfile created on: 01/06/2011 21:27:57 - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 78.41% Memory free
4.84 Gb Paging File | 4.36 Gb Available in Paging File | 90.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 135.76 Gb Free Space | 29.15% Space Free | Partition Type: NTFS
Drive D: | 49.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 963.70 Mb Total Space | 959.42 Mb Free Space | 99.56% Space Free | Partition Type: FAT

Computer Name: JOHNS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\bin32\nSvcIp.exe ()
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.com (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (McAfee SiteAdvisor Service) -- File not found
SRV - (gupdate) Google Update Service (gupdate) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\bin32\nSvcIp.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvgts) -- C:\windows\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (JRAID) -- C:\windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (ovt519) -- C:\WINDOWS\system32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-796845957-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1957994488-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 23:13:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 23:13:19 | 000,000,000 | ---D | M]

[2010/09/29 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/29 13:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/09 23:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vd058cvj.default\extensions
[2010/07/25 15:55:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vd058cvj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/09 15:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/22 18:39:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/05/09 23:13:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/09 23:13:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/09 23:13:13 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 23:13:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/09 23:13:13 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/09 23:13:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/06/01 21:18:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] C:\windows\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-796845957-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3B89785B-4E94-400A-8705-5841B14063A7} http://www.arcsoft.c...ta/SimHDAss.CAB (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231191978500 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/03 02:40:56 | 000,367,328 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/05/18 08:22:36 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 21:17:03 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/01 21:16:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/01 20:36:32 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/06/01 20:29:39 | 004,109,727 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/05/31 22:57:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/31 21:16:01 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2011/05/31 17:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/31 17:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2011/05/29 19:03:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/29 18:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/05/29 18:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/05/29 18:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/05/29 18:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/05/29 18:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/05/29 18:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2011/05/29 03:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Microsoft Network Monitor 3.4
[2011/05/29 03:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2011/05/24 17:50:38 | 000,000,000 | ---D | C] -- C:\Netgear
[2011/05/13 10:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\test [bleep]
[2011/05/13 10:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (22)
[2011/05/13 10:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (21)
[2011/05/13 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder_final
[2011/05/12 17:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (20)
[2011/05/12 16:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (19)
[2011/05/10 13:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (18)
[2011/05/08 21:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Network Monitor 3
[2011/05/07 11:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (17)
[2011/05/07 10:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (16)
[2011/05/07 10:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (15)
[2011/05/07 10:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (14)
[2011/05/07 10:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder (13)
[2010/06/25 05:06:35 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Program Files\InstallWoW(2).exe

========== Files - Modified Within 30 Days ==========

[2011/06/01 21:23:58 | 000,000,330 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/06/01 21:20:53 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/01 21:20:50 | 3219,705,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 21:18:28 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2011/06/01 21:17:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2011/06/01 21:02:22 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/01 20:30:26 | 004,109,727 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/06/01 20:01:32 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/05/31 22:56:21 | 000,002,783 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/05/31 22:54:47 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/31 21:17:56 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/05/31 21:06:29 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/05/30 01:23:28 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\untitledtarl.bmp
[2011/05/29 19:01:30 | 000,352,762 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cc_20110529_190109.reg
[2011/05/29 18:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/29 18:57:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 05:48:57 | 000,433,873 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110529-055254.backup
[2011/05/29 05:11:04 | 000,128,512 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 03:24:00 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Network Monitor 3.4.lnk
[2011/05/27 20:49:45 | 000,103,673 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\streamplease.JPG
[2011/05/25 17:17:41 | 000,003,888 | ---- | M] () -- C:\windows\System32\drivers\NTHANDLE.SYS
[2011/05/25 01:50:35 | 728,649,340 | ---- | M] () -- C:\Untitled.avi
[2011/05/24 22:20:26 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira warning.bmp
[2011/05/24 22:03:37 | 006,220,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\avira.bmp
[2011/05/23 18:27:27 | 000,433,811 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110529-054857.backup
[2011/05/23 18:27:19 | 000,433,811 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts.20110523-182727.backup
[2011/05/17 16:28:26 | 000,014,188 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\stream.jpg
[2011/05/12 04:05:47 | 000,037,370 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml7.JPG
[2011/05/12 03:44:00 | 000,044,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml5.JPG
[2011/05/12 03:40:34 | 000,025,841 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml6.JPG
[2011/05/12 03:15:43 | 000,020,955 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml3.JPG
[2011/05/12 03:02:41 | 000,039,352 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XML2.JPG
[2011/05/12 02:46:31 | 000,094,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\xml1.JPG
[2011/05/12 02:30:15 | 000,018,242 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\example1.GIF
[2011/05/07 09:04:16 | 000,081,319 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\New Folder (6).rar
[2011/05/05 17:20:44 | 000,286,125 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\marinez.SC2Replay
[2011/05/02 23:05:37 | 937,566,496 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv.part
[2011/05/02 22:11:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv

========== Files Created - No Company Name ==========

[2011/06/01 21:02:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/06/01 20:02:55 | 000,000,330 | -H-- | C] () -- C:\windows\tasks\MP Scheduled Scan.job
[2011/05/31 21:16:32 | 000,001,374 | ---- | C] () -- C:\windows\imsins.BAK
[2011/05/31 18:31:57 | 3219,705,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/31 17:10:24 | 000,002,783 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2011/05/30 01:23:27 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\untitledtarl.bmp
[2011/05/29 19:01:14 | 000,352,762 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cc_20110529_190109.reg
[2011/05/29 18:59:32 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/05/29 18:57:25 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/29 03:24:00 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Network Monitor 3.4.lnk
[2011/05/27 20:41:54 | 000,103,673 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\streamplease.JPG
[2011/05/25 01:27:29 | 728,649,340 | ---- | C] () -- C:\Untitled.avi
[2011/05/24 22:20:25 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira warning.bmp
[2011/05/24 22:03:37 | 006,220,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\avira.bmp
[2011/05/24 17:56:31 | 000,000,172 | R--- | C] () -- C:\Documents and Settings\All Users\Desktop\Router Login.url
[2011/05/17 16:28:25 | 000,014,188 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\stream.jpg
[2011/05/12 04:05:47 | 000,037,370 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml7.JPG
[2011/05/12 03:40:34 | 000,025,841 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml6.JPG
[2011/05/12 03:36:15 | 000,044,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml5.JPG
[2011/05/12 03:15:43 | 000,020,955 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml3.JPG
[2011/05/12 03:02:41 | 000,039,352 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XML2.JPG
[2011/05/12 02:46:31 | 000,094,412 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\xml1.JPG
[2011/05/12 02:30:13 | 000,018,242 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\example1.GIF
[2011/05/09 23:13:21 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/07 09:04:16 | 000,081,319 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\New Folder (6).rar
[2011/05/05 17:20:13 | 000,286,125 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\marinez.SC2Replay
[2011/05/02 22:11:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv
[2011/05/02 22:11:47 | 937,566,496 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\2. NASL2011_W3_Day3_NaDa VS Strelok.flv.part
[2011/04/29 15:31:12 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/04/29 15:31:12 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/04/29 15:31:12 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/04/29 15:31:12 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/04/29 15:31:12 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/04/29 08:37:03 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/04/29 08:26:44 | 000,015,880 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/02/06 11:48:57 | 000,252,224 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2011/02/06 11:48:55 | 000,252,224 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2011/02/06 11:48:55 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2011/02/06 11:48:04 | 002,292,678 | ---- | C] () -- C:\windows\System32\nvdata.bin
[2010/10/28 07:26:51 | 000,000,144 | ---- | C] () -- C:\windows\System32\lkfl.dat
[2010/10/28 07:26:44 | 000,004,212 | -H-- | C] () -- C:\windows\System32\zllictbl.dat
[2010/10/16 15:58:13 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/10/16 15:58:13 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010/10/16 15:58:13 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010/10/16 15:58:12 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/09/03 21:04:55 | 000,056,312 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2010/05/26 14:29:04 | 000,003,888 | ---- | C] () -- C:\windows\System32\drivers\NTHANDLE.SYS
[2010/04/04 17:56:55 | 000,000,253 | ---- | C] () -- C:\windows\kaillera.ini
[2010/04/01 10:40:54 | 000,003,714 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\8kUL5H5g
[2010/04/01 10:40:54 | 000,003,714 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8kUL5H5g
[2010/03/26 03:33:04 | 000,033,792 | ---- | C] () -- C:\windows\System32\drivers\libusb0.sys
[2010/03/07 04:03:28 | 000,009,909 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TheHunterSettings.bin
[2010/03/07 03:59:30 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\TheHunterSettings.cfg
[2009/11/29 02:14:45 | 000,937,704 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\a7d0410b6252d7853fd950dc0e4730a1-i686.cache-2
[2009/09/18 19:50:41 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2009/08/20 17:59:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2009/08/20 17:11:38 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2009/08/19 02:30:52 | 000,278,728 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2009/08/19 02:30:51 | 000,025,416 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2009/08/18 16:46:00 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2009/08/11 15:01:25 | 000,013,396 | ---- | C] () -- C:\windows\System32\drivers\MTictwl.sys
[2009/01/05 23:07:24 | 000,200,704 | ---- | C] () -- C:\windows\sel3110.exe
[2009/01/05 23:07:24 | 000,040,960 | ---- | C] () -- C:\windows\CleanDev.exe
[2009/01/05 23:07:24 | 000,032,528 | ---- | C] () -- C:\windows\amcap.exe
[2009/01/05 22:43:28 | 000,024,576 | R--- | C] () -- C:\windows\System32\AsIO.dll
[2009/01/05 22:43:28 | 000,012,400 | R--- | C] () -- C:\windows\System32\drivers\AsIO.sys
[2009/01/05 22:36:37 | 000,003,900 | R--- | C] () -- C:\windows\System32\drivers\nvphy.bin
[2009/01/05 22:36:28 | 000,000,962 | R--- | C] () -- C:\windows\System32\AsusSetup.ini
[2009/01/05 22:36:28 | 000,000,400 | R--- | C] () -- C:\windows\System32\raidmgmt.ini
[2009/01/05 22:31:50 | 000,031,084 | ---- | C] () -- C:\windows\Ascd_log.ini
[2009/01/05 22:31:39 | 000,030,771 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2009/01/05 22:31:38 | 000,005,810 | R--- | C] () -- C:\windows\System32\drivers\ASACPI.sys
[2009/01/05 22:31:30 | 000,012,536 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2009/01/05 22:26:37 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2009/01/05 22:23:06 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2009/01/05 22:11:49 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2009/01/05 22:10:48 | 000,267,008 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/01/05 20:54:49 | 000,128,512 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/05 19:37:57 | 000,000,011 | ---- | C] () -- C:\windows\SBWIN.INI
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2008/04/14 13:00:00 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2008/04/14 13:00:00 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/04/14 13:00:00 | 000,537,976 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2008/04/14 13:00:00 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2008/04/14 13:00:00 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2008/04/14 13:00:00 | 000,103,344 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2008/04/14 13:00:00 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2008/04/14 13:00:00 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2008/04/14 13:00:00 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2008/04/14 13:00:00 | 000,004,461 | ---- | C] () -- C:\windows\System32\oembios.dat
[2008/04/14 13:00:00 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/04/14 13:00:00 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat

========== LOP Check ==========

[2011/01/19 15:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/28 07:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/01 10:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/18 16:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/18 16:29:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2011/04/29 08:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010/10/28 07:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2011/01/01 10:14:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/02 16:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/15 00:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/02/06 19:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/06 15:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheaterTek
[2009/08/20 00:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2010/01/27 00:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\SACore
[2011/01/01 10:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/09/14 18:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2009/07/15 01:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2011/04/25 17:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CheckPoint
[2010/04/07 08:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009/04/08 23:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2009/08/18 16:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2009/08/15 18:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2010/07/28 11:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/03/26 04:22:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fltk.org
[2010/09/08 03:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Sound Recorder
[2011/01/30 01:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GrabIt
[2009/09/23 07:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/08/22 15:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ikzuu
[2010/08/26 04:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mydimo
[2010/07/28 06:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NewsLeecher
[2010/12/22 19:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2009/04/09 05:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Red Alert 3 Uprising
[2011/02/10 18:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/09/13 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2011/05/29 19:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2011/06/01 21:23:58 | 000,000,330 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/04 13:58:10 | 000,114,688 | ---- | M] () -- C:\Fport.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.INF >
[2008/04/14 13:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2011/01/19 03:40:26 | 000,004,964 | ---- | M] () MD5=E64D57EF4F2264E3EAFD94210E9E8837 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SYS >
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/05/09 23:13:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/05/09 23:13:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/05/09 23:13:14 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/05/09 23:13:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/05/09 23:13:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/05/09 23:13:11 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\windows\system32\ie4uinit.exe" -reinstall [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\windows\system32\ie4uinit.exe" -hide [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\windows\system32\ie4uinit.exe" -show [2011/02/18 12:49:53 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538A295C
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CE6BB52

< End of report >

Edited by Picardinal, 01 June 2011 - 02:42 PM.

  • 0

#14
Essexboy
Posted 01 June 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the unknown does make me a tad suspicious, about half the time it means an infection

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#15
Picardinal
Posted 01 June 2011 - 03:47 PM

Picardinal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Ta for getting back to me.

2011/06/01 22:44:44.0531 1492 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/01 22:44:44.0640 1492 ================================================================================
2011/06/01 22:44:44.0640 1492 SystemInfo:
2011/06/01 22:44:44.0640 1492
2011/06/01 22:44:44.0640 1492 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/01 22:44:44.0640 1492 Product type: Workstation
2011/06/01 22:44:44.0640 1492 ComputerName: JOHNS
2011/06/01 22:44:44.0640 1492 UserName: Owner
2011/06/01 22:44:44.0640 1492 Windows directory: C:\windows
2011/06/01 22:44:44.0640 1492 System windows directory: C:\windows
2011/06/01 22:44:44.0640 1492 Processor architecture: Intel x86
2011/06/01 22:44:44.0640 1492 Number of processors: 4
2011/06/01 22:44:44.0640 1492 Page size: 0x1000
2011/06/01 22:44:44.0640 1492 Boot type: Normal boot
2011/06/01 22:44:44.0640 1492 ================================================================================
2011/06/01 22:44:45.0062 1492 Initialize success
2011/06/01 22:44:52.0250 3568 ================================================================================
2011/06/01 22:44:52.0250 3568 Scan started
2011/06/01 22:44:52.0250 3568 Mode: Manual;
2011/06/01 22:44:52.0250 3568 ================================================================================
2011/06/01 22:44:53.0078 3568 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
2011/06/01 22:44:53.0109 3568 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
2011/06/01 22:44:53.0156 3568 ADIHdAudAddService (651168b452da256fa9e1aa172ef5bac5) C:\windows\system32\drivers\ADIHdAud.sys
2011/06/01 22:44:53.0203 3568 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\windows\system32\drivers\AEAudio.sys
2011/06/01 22:44:53.0250 3568 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
2011/06/01 22:44:53.0281 3568 AFD (7618d5218f2a614672ec61a80d854a37) C:\windows\System32\drivers\afd.sys
2011/06/01 22:44:53.0406 3568 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys
2011/06/01 22:44:53.0484 3568 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\windows\system32\drivers\AsIO.sys
2011/06/01 22:44:53.0500 3568 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/01 22:44:53.0515 3568 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
2011/06/01 22:44:53.0578 3568 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\windows\system32\DRIVERS\atksgt.sys
2011/06/01 22:44:53.0593 3568 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
2011/06/01 22:44:53.0625 3568 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
2011/06/01 22:44:53.0656 3568 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
2011/06/01 22:44:53.0718 3568 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
2011/06/01 22:44:53.0750 3568 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys
2011/06/01 22:44:53.0781 3568 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
2011/06/01 22:44:53.0796 3568 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
2011/06/01 22:44:53.0828 3568 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
2011/06/01 22:44:53.0906 3568 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\windows\system32\drivers\cpuz132_x32.sys
2011/06/01 22:44:53.0953 3568 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
2011/06/01 22:44:53.0984 3568 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
2011/06/01 22:44:54.0000 3568 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
2011/06/01 22:44:54.0031 3568 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
2011/06/01 22:44:54.0046 3568 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
2011/06/01 22:44:54.0062 3568 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
2011/06/01 22:44:54.0093 3568 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
2011/06/01 22:44:54.0125 3568 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\DRIVERS\fdc.sys
2011/06/01 22:44:54.0140 3568 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
2011/06/01 22:44:54.0156 3568 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/01 22:44:54.0171 3568 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
2011/06/01 22:44:54.0187 3568 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/01 22:44:54.0203 3568 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
2011/06/01 22:44:54.0218 3568 gameenum (065639773d8b03f33577f6cdaea21063) C:\windows\system32\DRIVERS\gameenum.sys
2011/06/01 22:44:54.0250 3568 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
2011/06/01 22:44:54.0265 3568 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/06/01 22:44:54.0281 3568 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
2011/06/01 22:44:54.0312 3568 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
2011/06/01 22:44:54.0359 3568 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\DRIVERS\i8042prt.sys
2011/06/01 22:44:54.0375 3568 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
2011/06/01 22:44:54.0437 3568 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/01 22:44:54.0453 3568 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
2011/06/01 22:44:54.0500 3568 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/01 22:44:54.0500 3568 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
2011/06/01 22:44:54.0531 3568 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
2011/06/01 22:44:54.0546 3568 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
2011/06/01 22:44:54.0562 3568 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
2011/06/01 22:44:54.0578 3568 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
2011/06/01 22:44:54.0609 3568 JRAID (33bcfdc426d0304c68d101a4e25fd89f) C:\windows\system32\DRIVERS\jraid.sys
2011/06/01 22:44:54.0625 3568 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
2011/06/01 22:44:54.0656 3568 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
2011/06/01 22:44:54.0671 3568 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
2011/06/01 22:44:54.0703 3568 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
2011/06/01 22:44:54.0750 3568 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\windows\system32\drivers\libusb0.sys
2011/06/01 22:44:54.0781 3568 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\windows\system32\DRIVERS\lirsgt.sys
2011/06/01 22:44:54.0812 3568 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\windows\system32\drivers\mbam.sys
2011/06/01 22:44:54.0875 3568 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\windows\system32\drivers\mferkdk.sys
2011/06/01 22:44:54.0921 3568 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\windows\system32\drivers\mfesmfk.sys
2011/06/01 22:44:54.0953 3568 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
2011/06/01 22:44:54.0968 3568 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
2011/06/01 22:44:54.0984 3568 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
2011/06/01 22:44:54.0984 3568 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/01 22:44:55.0015 3568 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
2011/06/01 22:44:55.0156 3568 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
2011/06/01 22:44:55.0203 3568 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/01 22:44:55.0218 3568 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
2011/06/01 22:44:55.0250 3568 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/01 22:44:55.0281 3568 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/01 22:44:55.0296 3568 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
2011/06/01 22:44:55.0312 3568 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
2011/06/01 22:44:55.0343 3568 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys
2011/06/01 22:44:55.0359 3568 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\windows\system32\DRIVERS\ASACPI.sys
2011/06/01 22:44:55.0375 3568 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys
2011/06/01 22:44:55.0390 3568 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys
2011/06/01 22:44:55.0421 3568 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
2011/06/01 22:44:55.0437 3568 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys
2011/06/01 22:44:55.0453 3568 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/01 22:44:55.0468 3568 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/01 22:44:55.0484 3568 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/01 22:44:55.0500 3568 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
2011/06/01 22:44:55.0515 3568 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
2011/06/01 22:44:55.0531 3568 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
2011/06/01 22:44:55.0546 3568 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys
2011/06/01 22:44:55.0578 3568 nm (1e421a6bcf2203cc61b821ada9de878b) C:\windows\system32\DRIVERS\NMnt.sys
2011/06/01 22:44:55.0593 3568 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
2011/06/01 22:44:55.0609 3568 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
2011/06/01 22:44:55.0640 3568 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
2011/06/01 22:44:55.0828 3568 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\windows\system32\DRIVERS\nv4_mini.sys
2011/06/01 22:44:55.0890 3568 NVENETFD (aa8fe80edd8614f423b64480b3097fbc) C:\windows\system32\DRIVERS\NVENETFD.sys
2011/06/01 22:44:55.0906 3568 nvgts (1f790624ab1619cae0c78597bd33615b) C:\windows\system32\DRIVERS\nvgts.sys
2011/06/01 22:44:55.0921 3568 nvnetbus (c40913375451a405f0200a3d57376f01) C:\windows\system32\DRIVERS\nvnetbus.sys
2011/06/01 22:44:55.0984 3568 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
2011/06/01 22:44:56.0000 3568 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
2011/06/01 22:44:56.0015 3568 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys
2011/06/01 22:44:56.0046 3568 ovt519 (4cdadec3dc1300ee1d313ea5494e6472) C:\windows\system32\Drivers\ov519vid.sys
2011/06/01 22:44:56.0078 3568 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\drivers\Parport.sys
2011/06/01 22:44:56.0093 3568 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
2011/06/01 22:44:56.0109 3568 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
2011/06/01 22:44:56.0140 3568 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
2011/06/01 22:44:56.0171 3568 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
2011/06/01 22:44:56.0203 3568 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
2011/06/01 22:44:56.0296 3568 pfc (da86016f0672ada925f589ede715f185) C:\windows\system32\drivers\pfc.sys
2011/06/01 22:44:56.0312 3568 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/01 22:44:56.0328 3568 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
2011/06/01 22:44:56.0343 3568 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
2011/06/01 22:44:56.0421 3568 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/01 22:44:56.0437 3568 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/01 22:44:56.0453 3568 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/01 22:44:56.0453 3568 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
2011/06/01 22:44:56.0484 3568 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/01 22:44:56.0500 3568 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/01 22:44:56.0531 3568 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys
2011/06/01 22:44:56.0562 3568 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
2011/06/01 22:44:56.0593 3568 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
2011/06/01 22:44:56.0625 3568 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\windows\system32\drivers\Senfilt.sys
2011/06/01 22:44:56.0656 3568 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys
2011/06/01 22:44:56.0687 3568 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
2011/06/01 22:44:56.0718 3568 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys
2011/06/01 22:44:56.0765 3568 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
2011/06/01 22:44:56.0796 3568 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\windows\system32\Drivers\sptd.sys
2011/06/01 22:44:56.0796 3568 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
2011/06/01 22:44:56.0796 3568 sptd - detected LockedFile.Multi.Generic (1)
2011/06/01 22:44:56.0828 3568 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
2011/06/01 22:44:56.0921 3568 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
2011/06/01 22:44:56.0937 3568 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys
2011/06/01 22:44:56.0953 3568 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
2011/06/01 22:44:56.0968 3568 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
2011/06/01 22:44:57.0046 3568 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
2011/06/01 22:44:57.0078 3568 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/01 22:44:57.0109 3568 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
2011/06/01 22:44:57.0125 3568 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
2011/06/01 22:44:57.0140 3568 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
2011/06/01 22:44:57.0203 3568 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
2011/06/01 22:44:57.0234 3568 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
2011/06/01 22:44:57.0265 3568 usbaudio (e919708db44ed8543a7c017953148330) C:\windows\system32\drivers\usbaudio.sys
2011/06/01 22:44:57.0296 3568 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
2011/06/01 22:44:57.0296 3568 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
2011/06/01 22:44:57.0312 3568 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/01 22:44:57.0328 3568 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
2011/06/01 22:44:57.0375 3568 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/06/01 22:44:57.0421 3568 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\windows\system32\Drivers\usbvideo.sys
2011/06/01 22:44:57.0437 3568 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
2011/06/01 22:44:57.0468 3568 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
2011/06/01 22:44:57.0484 3568 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/01 22:44:57.0515 3568 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
2011/06/01 22:44:57.0562 3568 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
2011/06/01 22:44:57.0593 3568 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS
2011/06/01 22:44:57.0640 3568 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
2011/06/01 22:44:57.0656 3568 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
2011/06/01 22:44:57.0687 3568 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/01 22:44:57.0875 3568 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
2011/06/01 22:44:58.0156 3568 ================================================================================
2011/06/01 22:44:58.0156 3568 Scan finished
2011/06/01 22:44:58.0156 3568 ================================================================================
2011/06/01 22:44:58.0156 2604 Detected object count: 1
2011/06/01 22:44:58.0156 2604 Actual detected object count: 1
2011/06/01 22:45:32.0531 2604 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP