Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan Malware Has Taken Over My PC [Solved]

Started by Rick_F , Nov 23 2011 08:40 AM

This topic is locked

#1
Rick_F

Posted 23 November 2011 - 08:40 AM

Member

Member
23 posts

Hi,

Yesterday a trojan malware virus infected my PC and it has locked down all programs, network connectivity and quickly removes any tools which are placed on the desktop. It starts with a 'Windows detected a hard disk problem' message and is followed by a number of pop up messages about failure to write to hard disk, error with RAM etc.

So far, I have tried running MalwareBytes (safe mode), SpyBot and scans using Avast but the infection remains. I cannot see any of my programs, documents or any folders via explorer and all icons etc on the desktop have been removed (from view).

The virus is prompting me to run a scan [to highlight the fake errors and then buy their "fix"] but I have not permitted this so far.

I would appreciate help to either restore the PC to a healthy state or to recover some of my recent work which I had not backed up.

Thanks.

Rick

Edit:

OLT log:
OTL logfile created on: 11/29/2011 11:23:25 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\one10\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.73 Gb Available Physical Memory | 91.33% Memory free
6.84 Gb Paging File | 6.76 Gb Available in Paging File | 98.93% Paging File free
Paging file location(s): c:\pagefile.sys 4093 4093 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 77.59 Gb Free Space | 60.62% Space Free | Partition Type: NTFS
Drive F: | 955.70 Mb Total Space | 748.36 Mb Free Space | 78.30% Space Free | Partition Type: FAT

Computer Name: USER-94BF4B7558 | User Name: one10 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 11:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/09 16:43:20 | 000,130,904 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/07/12 11:20:01 | 000,108,344 | -H-- | M] () -- C:\Program Files\Easy CD-DA Extractor 15\ezcddax32.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/11/03 14:44:28 | 000,497,280 | -H-- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Magnum\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | -H-- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/06/22 17:01:18 | 000,870,200 | -H-- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/24 16:07:18 | 000,329,080 | -H-- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/03/04 14:52:58 | 000,202,016 | RH-- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2008/07/25 12:34:50 | 000,018,944 | -H-- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/11/03 14:44:20 | 000,027,016 | -H-- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/19 08:03:43 | 000,227,312 | -H-- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32301\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/22 17:01:26 | 000,158,904 | -H-- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 17:01:26 | 000,066,360 | -H-- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2008/04/14 07:00:00 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 07:00:00 | 000,004,992 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2004/09/17 08:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/09/26 09:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 11:19:34 | 000,036,480 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 11:19:28 | 000,006,912 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 11:19:26 | 000,283,904 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 11:19:20 | 000,003,712 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-113007714-1606980848-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 07:55:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/08 10:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/12 10:57:10 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 11:31:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:08:14 | 000,000,000 | -H-D | M]

[2011/11/21 16:18:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 14:34:19 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/13 14:34:02 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CMHxHbrYhPJ.exe] C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Magnum\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PAP7501_Monitor] C:\WINDOWS\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-113007714-1606980848-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/04 22:09:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/29 11:15:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
[2011/11/23 13:59:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Recent
[2011/11/23 13:27:43 | 009,852,544 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\one10\Desktop\blank.exe
[2011/11/23 12:14:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Malwarebytes
[2011/11/23 12:11:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\SupportSoft
[2011/11/23 12:11:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Trusteer
[2011/11/23 12:10:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\My Documents\ForceField Shared Files
[2011/11/23 12:10:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Identities
[2011/11/23 12:09:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Mozilla
[2011/11/23 12:09:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Mozilla
[2011/11/23 12:09:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents\My Music
[2011/11/23 12:09:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents\My Pictures
[2011/11/23 12:08:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\CheckPoint
[2011/11/23 12:08:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Macromedia
[2011/11/23 12:08:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\one10\Application Data\Microsoft
[2011/11/23 12:08:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\one10\Cookies
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu\Programs\Startup
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\SendTo
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Favorites
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Application Data
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu\Programs\Accessories
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\My Documents\Updater5
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Trusteer
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Templates
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\PrintHood
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\NetHood
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Microsoft
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Desktop
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Adobe
[2011/11/23 11:55:43 | 000,000,000 | ---D | C] -- C:\4d24a32d91b14f87583aab5d0b1b
[2011/11/23 10:17:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magnum
[2011/11/23 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Magnum
[2011/11/22 23:17:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Prefetch
[2011/11/22 23:13:53 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/11/22 23:13:52 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/11/22 23:13:52 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/11/22 23:13:52 | 000,065,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/11/22 23:13:51 | 000,079,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/11/22 23:13:51 | 000,072,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/11/22 23:13:50 | 000,041,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/11/22 23:13:50 | 000,031,232 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/11/22 23:13:49 | 000,364,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/11/22 23:13:49 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/11/22 23:13:49 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/11/22 23:13:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/11/22 23:13:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/11/22 23:13:48 | 000,086,073 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/11/22 23:13:48 | 000,073,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/11/22 23:13:48 | 000,048,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/11/22 23:13:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/11/22 23:13:47 | 000,426,041 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/11/22 23:13:44 | 000,103,424 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/11/22 23:13:44 | 000,076,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/11/22 23:13:44 | 000,065,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/11/22 23:13:43 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/11/22 23:13:42 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/11/22 23:13:42 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/11/22 23:13:41 | 000,571,392 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/11/22 23:13:41 | 000,455,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/11/22 23:13:41 | 000,185,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/11/22 23:13:41 | 000,044,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/11/22 23:13:40 | 000,021,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/11/22 23:13:40 | 000,019,464 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/11/22 23:13:40 | 000,013,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/11/22 23:13:38 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/11/22 23:13:37 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/11/22 23:13:37 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/11/22 23:13:37 | 000,016,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/11/22 23:13:36 | 000,101,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/11/22 23:13:35 | 000,143,422 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/11/22 23:13:34 | 000,358,400 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/11/22 23:13:34 | 000,188,416 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/11/22 23:13:34 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/11/22 23:13:34 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/11/22 23:13:34 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/11/22 23:13:34 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/11/22 23:13:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/11/22 23:13:33 | 000,456,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/11/22 23:13:33 | 000,259,072 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/11/22 23:13:33 | 000,033,280 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/11/22 23:13:33 | 000,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/11/22 23:13:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/11/22 23:13:32 | 000,236,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/11/22 23:13:32 | 000,038,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/11/22 23:13:32 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/11/22 23:13:32 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/11/22 23:13:32 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/11/22 23:13:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/11/22 23:13:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/11/22 23:13:31 | 000,030,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/11/22 23:13:31 | 000,030,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/11/22 23:13:31 | 000,029,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/11/22 23:13:31 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/11/22 23:13:31 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/11/22 23:13:31 | 000,025,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/11/22 23:13:30 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/11/22 23:13:27 | 000,221,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/11/22 23:13:27 | 000,057,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/11/22 23:13:27 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/11/22 23:13:26 | 000,079,872 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/11/22 23:13:26 | 000,079,872 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/11/22 23:13:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/11/22 23:13:25 | 000,029,184 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/11/22 23:13:25 | 000,027,648 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/11/22 23:13:24 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/11/22 23:13:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/11/22 23:13:23 | 000,023,040 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/11/22 23:13:23 | 000,014,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/11/22 23:13:21 | 000,077,824 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/11/22 23:13:21 | 000,020,736 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/11/22 23:13:21 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/11/22 23:13:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/11/22 23:13:20 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/11/22 23:13:18 | 000,131,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/11/22 23:13:18 | 000,070,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/11/22 23:13:18 | 000,067,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/11/22 23:13:18 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/11/22 23:13:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/11/22 23:13:17 | 000,482,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/11/22 23:13:17 | 000,079,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/11/22 23:13:17 | 000,053,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/11/22 23:13:16 | 000,020,992 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/11/22 23:13:15 | 000,036,927 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/11/22 23:13:15 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/11/22 23:13:15 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/11/22 23:13:15 | 000,015,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/11/22 23:13:15 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/11/22 23:13:12 | 000,038,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/11/22 23:13:11 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/11/22 23:13:11 | 000,044,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/11/22 23:13:08 | 000,229,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/11/22 23:13:08 | 000,119,808 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/11/22 23:13:04 | 001,875,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/11/22 23:13:03 | 000,098,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/11/22 23:12:57 | 000,092,416 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/11/22 23:12:57 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/11/22 23:12:56 | 000,092,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/11/22 23:12:56 | 000,085,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/11/22 23:12:56 | 000,037,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/11/22 23:12:56 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/11/22 23:12:55 | 000,065,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/11/22 23:12:54 | 000,022,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/11/22 23:12:54 | 000,022,016 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/11/22 23:12:54 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/11/22 23:12:54 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/11/22 23:12:53 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/11/22 23:12:52 | 000,070,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/11/22 23:12:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/11/22 23:12:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/11/22 23:12:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/11/22 23:12:49 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/11/22 23:12:49 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/11/22 23:12:49 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/11/22 23:12:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/11/22 23:12:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/11/22 23:12:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/11/22 23:12:48 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/11/22 23:12:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/11/22 23:12:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/11/22 23:12:46 | 000,018,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/11/22 23:12:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/11/22 23:12:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/11/22 23:12:45 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/11/22 23:12:45 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/11/22 23:12:45 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/11/22 23:12:44 | 000,035,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/11/22 23:12:43 | 000,257,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/11/22 23:12:43 | 000,015,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/11/22 23:12:43 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/11/22 23:12:42 | 000,471,102 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/11/22 23:12:42 | 000,315,455 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/11/22 23:12:42 | 000,274,489 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/11/22 23:12:42 | 000,102,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/11/22 23:12:42 | 000,059,904 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/11/22 23:12:41 | 000,307,257 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/11/22 23:12:41 | 000,262,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/11/22 23:12:41 | 000,233,527 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/11/22 23:12:41 | 000,208,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/11/22 23:12:41 | 000,155,705 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/11/22 23:12:41 | 000,081,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/11/22 23:12:41 | 000,045,109 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/11/22 23:12:40 | 000,811,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/11/22 23:12:40 | 000,716,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/11/22 23:12:40 | 000,368,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/11/22 23:12:40 | 000,340,023 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/11/22 23:12:40 | 000,311,359 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/11/22 23:12:40 | 000,057,398 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/11/22 23:12:39 | 000,106,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/11/22 23:12:39 | 000,102,463 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/11/22 23:12:39 | 000,094,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/11/22 23:12:39 | 000,086,016 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/11/22 23:12:39 | 000,044,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/11/22 23:12:39 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/11/22 23:12:38 | 000,145,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/11/22 23:12:38 | 000,079,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/11/22 23:12:38 | 000,060,928 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/11/22 23:12:38 | 000,025,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/11/22 23:12:38 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/11/22 23:12:38 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/11/22 23:12:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/11/22 23:12:33 | 010,129,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/11/22 23:12:26 | 010,096,640 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/11/22 23:12:26 | 000,268,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/11/22 23:12:26 | 000,061,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/11/22 23:12:26 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/11/22 23:12:25 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/11/22 23:12:24 | 000,036,864 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/11/22 23:12:24 | 000,032,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/11/22 23:12:23 | 000,400,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/11/22 23:12:23 | 000,192,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/11/22 23:12:23 | 000,154,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/11/22 23:12:22 | 000,562,176 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/11/22 23:12:22 | 000,397,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/11/22 23:12:22 | 000,267,776 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/11/22 23:12:22 | 000,246,272 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/11/22 23:12:22 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/11/22 23:12:22 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/11/22 23:12:22 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/11/22 23:12:22 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/11/22 23:12:22 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/11/22 23:12:21 | 000,451,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/11/22 23:12:21 | 000,285,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/11/22 23:12:21 | 000,229,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/11/22 23:12:21 | 000,142,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/11/22 23:12:21 | 000,132,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/11/22 23:12:21 | 000,111,104 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/11/22 23:12:21 | 000,072,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/11/22 23:12:21 | 000,055,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/11/22 23:12:21 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/11/22 23:12:21 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/11/22 23:12:20 | 000,125,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/11/22 23:12:20 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/11/22 23:12:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/11/22 23:12:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/11/22 23:12:19 | 000,024,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/11/22 23:12:19 | 000,020,541 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/11/22 23:12:19 | 000,014,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/11/22 23:12:18 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/11/22 23:12:18 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/11/22 23:12:18 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/11/22 23:12:17 | 000,101,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/11/22 23:12:17 | 000,092,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/11/22 23:12:17 | 000,025,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/11/22 23:12:17 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/11/22 23:12:16 | 000,057,856 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/11/22 23:12:16 | 000,045,056 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/11/22 23:12:16 | 000,031,744 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/11/22 23:12:08 | 000,078,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/11/22 23:12:08 | 000,042,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/11/22 23:12:06 | 000,057,399 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/11/22 23:12:06 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/11/22 23:12:05 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/11/22 23:12:05 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/11/22 23:12:05 | 000,020,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/11/22 23:12:04 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/11/22 23:12:03 | 000,480,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/11/22 23:12:03 | 000,198,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/11/22 23:12:03 | 000,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/11/22 23:12:02 | 000,838,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/11/22 23:12:02 | 000,097,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/11/22 23:12:02 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/11/22 23:12:01 | 001,677,824 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/11/22 23:12:01 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/11/22 23:12:01 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/11/22 23:12:01 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/11/22 23:12:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/11/22 23:12:00 | 000,078,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/11/22 23:11:59 | 000,218,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/11/22 23:11:59 | 000,054,528 | -H-- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/11/22 23:11:59 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/11/22 23:11:59 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/11/22 23:11:51 | 000,045,568 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/11/22 23:11:49 | 000,029,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/11/22 23:11:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/11/22 23:11:48 | 000,369,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/11/22 23:11:48 | 000,331,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/11/22 23:11:48 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/11/22 23:11:48 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/11/22 23:11:47 | 000,108,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/11/22 23:11:46 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/11/22 23:11:46 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/11/22 23:11:45 | 000,049,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/11/22 23:11:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/11/22 23:11:44 | 000,029,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/11/22 23:11:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/11/22 23:11:40 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/11/22 23:11:39 | 000,032,827 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/11/22 23:11:39 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/11/22 23:11:39 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/11/22 23:11:38 | 002,134,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/11/22 23:11:38 | 000,189,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/11/22 23:11:38 | 000,020,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/11/22 23:11:38 | 000,016,437 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/11/22 23:11:34 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/11/22 23:11:33 | 000,829,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/11/22 23:11:33 | 000,169,984 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/11/22 23:11:33 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/11/22 23:11:33 | 000,019,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/11/22 23:11:33 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/11/22 23:11:33 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/11/22 23:11:32 | 000,133,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/11/22 23:11:32 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/11/22 23:11:32 | 000,064,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/11/22 23:11:32 | 000,030,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/11/22 23:11:32 | 000,020,538 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/11/22 23:11:32 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/11/22 23:11:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/11/22 23:11:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/11/22 23:11:31 | 000,598,071 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/11/22 23:11:31 | 000,208,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/11/22 23:11:31 | 000,188,494 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/11/22 23:11:31 | 000,109,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/11/22 23:11:31 | 000,020,541 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/11/22 23:11:30 | 000,876,653 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/11/22 23:11:30 | 000,102,509 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/11/22 23:11:30 | 000,049,212 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/11/22 23:11:30 | 000,049,210 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/11/22 23:11:30 | 000,041,020 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/11/22 23:11:30 | 000,032,826 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/11/22 23:11:30 | 000,014,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/11/22 23:11:29 | 000,184,435 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/11/22 23:11:29 | 000,147,513 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/11/22 23:11:29 | 000,082,035 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/11/22 23:11:28 | 000,275,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/11/22 23:11:28 | 000,188,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/11/22 23:11:28 | 000,094,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/11/22 23:11:28 | 000,076,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/11/22 23:11:28 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/11/22 23:11:27 | 000,290,816 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/11/22 23:11:27 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/11/22 23:11:27 | 000,020,540 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/11/22 23:11:27 | 000,016,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/11/22 23:11:26 | 000,020,540 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/11/22 23:11:26 | 000,016,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/11/22 23:09:01 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/11/22 22:57:44 | 000,024,661 | -H-- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/11/22 22:57:44 | 000,024,661 | -H-- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/11/22 22:57:44 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/11/22 22:57:44 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/11/22 22:16:13 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\21883758.sys
[2011/11/22 21:58:19 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\25163123.sys
[2011/11/22 21:49:09 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\41318304.sys
[2011/11/22 19:16:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/22 19:16:49 | 000,022,216 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/22 19:16:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/22 19:13:29 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine
[2011/11/21 14:24:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\im
[2011/11/04 11:33:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/04 11:33:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy CD-DA Extractor 15
[2011/11/04 11:33:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011/11/04 11:33:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Easy CD-DA Extractor 15
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/29 11:13:17 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 11:13:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/29 11:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
[2011/11/27 19:40:21 | 633,213,029 | ---- | M] () -- C:\Documents and Settings.zip
[2011/11/23 14:01:00 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/23 13:58:27 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 13:58:25 | 000,000,376 | -H-- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2011/11/23 13:58:25 | 000,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/11/23 13:58:25 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/23 13:07:10 | 001,008,092 | -H-- | M] () -- C:\Documents and Settings\one10\Desktop\iExplore.exe
[2011/11/23 11:55:14 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 11:54:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/23 11:39:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/23 11:01:30 | 007,413,448 | -H-- | M] () -- C:\Documents and Settings\one10\Desktop\rules.ref
[2011/11/23 00:03:21 | 000,346,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\mefWsJFF2XOW6S.exe
[2011/11/22 23:34:04 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/22 23:16:18 | 000,136,464 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/22 23:15:45 | 000,000,655 | -H-- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/22 23:11:08 | 000,316,640 | -H-- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/22 23:11:06 | 000,023,392 | -H-- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/22 23:11:06 | 000,016,832 | -H-- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/22 23:10:47 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/22 23:07:46 | 000,022,748 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/22 23:06:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/22 22:16:13 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\21883758.sys
[2011/11/22 21:58:19 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\25163123.sys
[2011/11/22 21:49:09 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\41318304.sys
[2011/11/22 18:51:26 | 009,852,544 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\one10\Desktop\blank.exe
[2011/11/22 15:51:30 | 000,000,685 | -H-- | M] () -- C:\WINDOWS\setupapi.old
[2011/11/22 15:50:40 | 000,433,920 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe
[2011/10/30 12:52:47 | 000,432,356 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/30 12:52:47 | 000,067,312 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 19:42:55 | 633,213,029 | ---- | C] () -- C:\Documents and Settings.zip
[2011/11/23 13:54:55 | 001,008,092 | -H-- | C] () -- C:\Documents and Settings\one10\Desktop\iExplore.exe
[2011/11/23 13:27:53 | 007,413,448 | -H-- | C] () -- C:\Documents and Settings\one10\Desktop\rules.ref
[2011/11/23 12:10:07 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Outlook Express.lnk
[2011/11/23 12:09:25 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Internet Explorer.lnk
[2011/11/23 12:08:21 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Remote Assistance.lnk
[2011/11/23 12:08:21 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Windows Media Player.lnk
[2011/11/23 00:03:20 | 000,346,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\mefWsJFF2XOW6S.exe
[2011/11/22 23:34:05 | 000,013,646 | -H-- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/22 23:13:17 | 000,175,104 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/11/22 23:12:52 | 001,158,818 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/11/22 23:12:42 | 000,059,392 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/11/22 23:12:41 | 000,196,665 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/11/22 23:12:39 | 000,134,339 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/11/22 23:12:29 | 013,463,552 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/11/22 23:12:24 | 000,108,827 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/11/22 23:12:20 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/11/22 23:12:02 | 000,173,568 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/11/22 22:57:33 | 000,144,484 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/11/22 22:57:33 | 000,026,991 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/11/22 22:57:33 | 000,014,433 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/11/22 22:57:32 | 001,296,669 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/11/22 22:57:32 | 000,797,189 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/11/22 22:57:32 | 000,399,645 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/11/22 22:57:32 | 000,112,918 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/11/22 22:57:32 | 000,037,484 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/11/22 22:57:32 | 000,034,747 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/11/22 22:57:32 | 000,034,063 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/11/22 22:57:32 | 000,016,535 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/11/22 22:57:32 | 000,013,472 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/11/22 22:57:32 | 000,012,363 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/11/22 22:57:32 | 000,010,027 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/11/22 22:57:32 | 000,008,574 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/11/22 22:57:32 | 000,007,710 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/11/22 22:57:31 | 002,144,487 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/11/22 22:57:31 | 000,522,220 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/11/22 22:39:34 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/22 15:53:50 | 000,433,920 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe
[2011/05/19 22:30:27 | 000,080,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/19 10:08:20 | 000,022,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/22 08:52:18 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/11/22 08:52:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/11/22 08:52:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/07/20 18:55:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/19 11:54:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/06 14:08:50 | 000,012,800 | -H-- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2010/06/06 13:35:57 | 000,002,007 | -H-- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2010/06/06 13:32:24 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/05 10:52:31 | 000,000,728 | -H-- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/06/05 09:12:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/04 22:54:02 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/04 22:52:50 | 000,136,464 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/04 22:12:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 22:06:49 | 000,022,748 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,356 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,312 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 11:52:33 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 11:52:33 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B9ADB51

< End of report >

Edited by Rick_F, 29 November 2011 - 05:33 AM.

#2
maliprog

Posted 30 November 2011 - 02:27 AM

Trusted Helper

Malware Removal
6,172 posts

Hello Rick_F and welcome to G2G!

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first

Download TheKiller to your Desktop
Note that TheKiller is renamed as explorer.exe
Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Press OK button after program finish
Do not restart your system after this step

NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKLM..\Run: [CMHxHbrYhPJ.exe] C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe ()
[2011/11/23 00:03:21 | 000,346,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\mefWsJFF2XOW6S.exe
[2011/11/22 15:50:40 | 000,433,920 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe

:Files
ipconfig /flushdns /c

:Commands
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the "Scan All User" checkbox
Change "Extra Registry" option to "SafeList"
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows OTL.txt and Extra.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this files, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

OTL fix log
OTL log
OTL Extras log

It would be helpful if you could post each log in separate post

#3
Rick_F

Posted 30 November 2011 - 08:27 AM

Member

Topic Starter
Member
23 posts

Hi maliprog,

Thanks for the instructions.

Before I run them, I would like to check in which mode ("safe" or "normal") I should run them. This is because the malware activates soon after the PC is booted up and "hides" any software or icon as soon as it detects it (eg. MalwareBytes disappeared in this way). Please note that I had previously run OTL in "safe mode" to avoid issues with the malware.

Rick

#4
maliprog

Posted 30 November 2011 - 11:40 AM

Trusted Helper

Malware Removal
6,172 posts

You can run all from Safe mode as you did with OTL first time. Just make sure to run steps in order I post them.

#5
Rick_F

Posted 01 December 2011 - 06:04 AM

Member

Topic Starter
Member
23 posts

Here is the first of the 3 logs

OTL Fix Log:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CMHxHbrYhPJ.exe deleted successfully.
C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\mefWsJFF2XOW6S.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe not found.
File boot] not found.

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_112931

#6
Rick_F

Posted 01 December 2011 - 06:05 AM

Member

Topic Starter
Member
23 posts

OTL Log:

OTL logfile created on: 12/1/2011 11:37:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\one10\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 92.21% Memory free
6.84 Gb Paging File | 6.78 Gb Available in Paging File | 99.24% Paging File free
Paging file location(s): c:\pagefile.sys 4093 4093 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 77.59 Gb Free Space | 60.62% Space Free | Partition Type: NTFS

Computer Name: USER-94BF4B7558 | User Name: one10 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/29 11:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/09 16:43:20 | 000,130,904 | -H-- | M] () -- C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll
MOD - [2011/07/12 11:20:01 | 000,108,344 | -H-- | M] () -- C:\Program Files\Easy CD-DA Extractor 15\ezcddax32.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper) getPlus®
SRV - [2011/11/03 14:44:28 | 000,497,280 | -H-- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/09/06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Magnum\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 16:38:38 | 000,328,536 | -H-- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/06/22 17:01:18 | 000,870,200 | -H-- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/09/24 16:07:18 | 000,329,080 | -H-- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/03/04 14:52:58 | 000,202,016 | RH-- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\O2\bin\sprtsvc.exe -- (sprtsvc_O2) SupportSoft Sprocket Service (O2)
SRV - [2008/07/25 12:34:50 | 000,018,944 | -H-- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files\Kodak\printer\center\KodakSvc.exe -- (KodakSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/11/03 14:44:20 | 000,027,016 | -H-- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/10/19 08:03:43 | 000,227,312 | -H-- | M] () [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32301\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/09/06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/09/06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/08/31 17:00:50 | 000,022,216 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/22 17:01:26 | 000,158,904 | -H-- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/06/22 17:01:26 | 000,066,360 | -H-- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2008/04/14 07:00:00 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/14 07:00:00 | 000,004,992 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2004/09/17 08:02:54 | 000,732,928 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/09/26 09:41:10 | 000,044,032 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/17 11:19:34 | 000,036,480 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 11:19:28 | 000,006,912 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 11:19:26 | 000,283,904 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 11:19:20 | 000,003,712 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-113007714-1606980848-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 07:55:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/08 10:36:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/11/12 10:57:10 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/23 11:31:28 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/10 09:08:14 | 000,000,000 | -H-D | M]

[2011/11/21 16:18:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/13 14:34:19 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/13 14:34:02 | 000,411,368 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Magnum\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PAP7501_Monitor] C:\WINDOWS\Pixart\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-113007714-1606980848-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B46EAF61-E292-48B4-85FD-F37CF90DBEFA}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No CLSID value found.
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/06/04 22:09:49 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 11:29:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/29 12:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\one10\Application Data\vlc
[2011/11/29 11:15:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
[2011/11/23 13:59:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Recent
[2011/11/23 13:27:43 | 009,852,544 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\one10\Desktop\blank.exe
[2011/11/23 12:14:01 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Malwarebytes
[2011/11/23 12:11:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\SupportSoft
[2011/11/23 12:11:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Trusteer
[2011/11/23 12:10:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\My Documents\ForceField Shared Files
[2011/11/23 12:10:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Identities
[2011/11/23 12:09:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Mozilla
[2011/11/23 12:09:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Mozilla
[2011/11/23 12:09:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents\My Music
[2011/11/23 12:09:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents\My Pictures
[2011/11/23 12:08:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\CheckPoint
[2011/11/23 12:08:21 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Macromedia
[2011/11/23 12:08:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\one10\Application Data\Microsoft
[2011/11/23 12:08:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\one10\Cookies
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu\Programs\Startup
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\SendTo
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\My Documents
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Favorites
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Application Data
[2011/11/23 12:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\one10\Start Menu\Programs\Accessories
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\My Documents\Updater5
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Application Data\Trusteer
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Templates
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\PrintHood
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\NetHood
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Microsoft
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Desktop
[2011/11/23 12:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\one10\Local Settings\Application Data\Adobe
[2011/11/23 11:55:43 | 000,000,000 | ---D | C] -- C:\4d24a32d91b14f87583aab5d0b1b
[2011/11/23 10:17:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Magnum
[2011/11/23 10:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Magnum
[2011/11/22 23:17:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\Prefetch
[2011/11/22 23:13:53 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/11/22 23:13:52 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/11/22 23:13:52 | 000,156,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/11/22 23:13:52 | 000,065,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/11/22 23:13:51 | 000,079,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/11/22 23:13:51 | 000,072,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/11/22 23:13:50 | 000,041,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/11/22 23:13:50 | 000,031,232 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/11/22 23:13:49 | 000,364,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/11/22 23:13:49 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/11/22 23:13:49 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/11/22 23:13:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/11/22 23:13:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/11/22 23:13:48 | 000,086,073 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/11/22 23:13:48 | 000,073,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/11/22 23:13:48 | 000,048,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/11/22 23:13:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/11/22 23:13:47 | 000,426,041 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/11/22 23:13:44 | 000,103,424 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/11/22 23:13:44 | 000,076,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/11/22 23:13:44 | 000,065,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/11/22 23:13:43 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/11/22 23:13:42 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/11/22 23:13:42 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/11/22 23:13:41 | 000,571,392 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/11/22 23:13:41 | 000,455,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/11/22 23:13:41 | 000,185,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/11/22 23:13:41 | 000,044,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/11/22 23:13:40 | 000,021,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/11/22 23:13:40 | 000,019,464 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/11/22 23:13:40 | 000,013,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/11/22 23:13:38 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/11/22 23:13:37 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/11/22 23:13:37 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/11/22 23:13:37 | 000,016,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/11/22 23:13:36 | 000,101,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/11/22 23:13:35 | 000,143,422 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/11/22 23:13:34 | 000,358,400 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/11/22 23:13:34 | 000,188,416 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/11/22 23:13:34 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/11/22 23:13:34 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/11/22 23:13:34 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/11/22 23:13:34 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/11/22 23:13:34 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/11/22 23:13:33 | 000,456,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/11/22 23:13:33 | 000,259,072 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/11/22 23:13:33 | 000,033,280 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/11/22 23:13:33 | 000,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/11/22 23:13:33 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2011/11/22 23:13:32 | 000,236,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/11/22 23:13:32 | 000,038,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/11/22 23:13:32 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/11/22 23:13:32 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/11/22 23:13:32 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/11/22 23:13:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/11/22 23:13:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/11/22 23:13:31 | 000,030,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/11/22 23:13:31 | 000,030,208 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/11/22 23:13:31 | 000,029,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/11/22 23:13:31 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/11/22 23:13:31 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/11/22 23:13:31 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/11/22 23:13:31 | 000,025,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/11/22 23:13:30 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/11/22 23:13:27 | 000,221,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2011/11/22 23:13:27 | 000,057,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/11/22 23:13:27 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/11/22 23:13:26 | 000,079,872 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/11/22 23:13:26 | 000,079,872 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/11/22 23:13:26 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2011/11/22 23:13:25 | 000,029,184 | -H-- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/11/22 23:13:25 | 000,027,648 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/11/22 23:13:24 | 000,026,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/11/22 23:13:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/11/22 23:13:23 | 000,023,040 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/11/22 23:13:23 | 000,014,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/11/22 23:13:21 | 000,077,824 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/11/22 23:13:21 | 000,020,736 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/11/22 23:13:21 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/11/22 23:13:20 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/11/22 23:13:20 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/11/22 23:13:18 | 000,131,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/11/22 23:13:18 | 000,070,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/11/22 23:13:18 | 000,067,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/11/22 23:13:18 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/11/22 23:13:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/11/22 23:13:17 | 000,482,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/11/22 23:13:17 | 000,079,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/11/22 23:13:17 | 000,053,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/11/22 23:13:16 | 000,020,992 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/11/22 23:13:15 | 000,036,927 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/11/22 23:13:15 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/11/22 23:13:15 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/11/22 23:13:15 | 000,015,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/11/22 23:13:15 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/11/22 23:13:12 | 000,038,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/11/22 23:13:11 | 000,053,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/11/22 23:13:11 | 000,044,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/11/22 23:13:08 | 000,229,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/11/22 23:13:08 | 000,119,808 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/11/22 23:13:04 | 001,875,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/11/22 23:13:03 | 000,098,304 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/11/22 23:12:57 | 000,092,416 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/11/22 23:12:57 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/11/22 23:12:56 | 000,092,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/11/22 23:12:56 | 000,085,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/11/22 23:12:56 | 000,037,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/11/22 23:12:56 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/11/22 23:12:55 | 000,065,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/11/22 23:12:54 | 000,022,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/11/22 23:12:54 | 000,022,016 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/11/22 23:12:54 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/11/22 23:12:54 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/11/22 23:12:53 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/11/22 23:12:52 | 000,070,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/11/22 23:12:51 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/11/22 23:12:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/11/22 23:12:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/11/22 23:12:50 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/11/22 23:12:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/11/22 23:12:49 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/11/22 23:12:49 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/11/22 23:12:49 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/11/22 23:12:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/11/22 23:12:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/11/22 23:12:49 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/11/22 23:12:48 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/11/22 23:12:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/11/22 23:12:48 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/11/22 23:12:47 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/11/22 23:12:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/11/22 23:12:46 | 000,018,432 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/11/22 23:12:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/11/22 23:12:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/11/22 23:12:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/11/22 23:12:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/11/22 23:12:45 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/11/22 23:12:45 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/11/22 23:12:45 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/11/22 23:12:44 | 000,035,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/11/22 23:12:43 | 000,257,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/11/22 23:12:43 | 000,015,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/11/22 23:12:43 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/11/22 23:12:42 | 000,471,102 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/11/22 23:12:42 | 000,315,455 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/11/22 23:12:42 | 000,274,489 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/11/22 23:12:42 | 000,102,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/11/22 23:12:42 | 000,059,904 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/11/22 23:12:41 | 000,307,257 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/11/22 23:12:41 | 000,262,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/11/22 23:12:41 | 000,233,527 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/11/22 23:12:41 | 000,208,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/11/22 23:12:41 | 000,155,705 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/11/22 23:12:41 | 000,081,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/11/22 23:12:41 | 000,045,109 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/11/22 23:12:40 | 000,811,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/11/22 23:12:40 | 000,716,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/11/22 23:12:40 | 000,368,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/11/22 23:12:40 | 000,340,023 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/11/22 23:12:40 | 000,311,359 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/11/22 23:12:40 | 000,057,398 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/11/22 23:12:39 | 000,106,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/11/22 23:12:39 | 000,102,463 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/11/22 23:12:39 | 000,094,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/11/22 23:12:39 | 000,086,016 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/11/22 23:12:39 | 000,044,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/11/22 23:12:39 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/11/22 23:12:38 | 000,145,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/11/22 23:12:38 | 000,079,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/11/22 23:12:38 | 000,060,928 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/11/22 23:12:38 | 000,025,088 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/11/22 23:12:38 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/11/22 23:12:38 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/11/22 23:12:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/11/22 23:12:33 | 010,129,408 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/11/22 23:12:26 | 010,096,640 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/11/22 23:12:26 | 000,268,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/11/22 23:12:26 | 000,061,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/11/22 23:12:26 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/11/22 23:12:25 | 000,039,936 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/11/22 23:12:24 | 000,036,864 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/11/22 23:12:24 | 000,032,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/11/22 23:12:23 | 000,400,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/11/22 23:12:23 | 000,192,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/11/22 23:12:23 | 000,154,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/11/22 23:12:22 | 000,562,176 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/11/22 23:12:22 | 000,397,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/11/22 23:12:22 | 000,267,776 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/11/22 23:12:22 | 000,246,272 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/11/22 23:12:22 | 000,031,744 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/11/22 23:12:22 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/11/22 23:12:22 | 000,011,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/11/22 23:12:22 | 000,008,704 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/11/22 23:12:22 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/11/22 23:12:21 | 000,451,584 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/11/22 23:12:21 | 000,285,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/11/22 23:12:21 | 000,229,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/11/22 23:12:21 | 000,142,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/11/22 23:12:21 | 000,132,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/11/22 23:12:21 | 000,111,104 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/11/22 23:12:21 | 000,072,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/11/22 23:12:21 | 000,055,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/11/22 23:12:21 | 000,026,624 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/11/22 23:12:21 | 000,023,552 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/11/22 23:12:20 | 000,125,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/11/22 23:12:20 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/11/22 23:12:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/11/22 23:12:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/11/22 23:12:19 | 000,024,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/11/22 23:12:19 | 000,020,541 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/11/22 23:12:19 | 000,014,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/11/22 23:12:18 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/11/22 23:12:18 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/11/22 23:12:18 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/11/22 23:12:17 | 000,101,888 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/11/22 23:12:17 | 000,092,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/11/22 23:12:17 | 000,025,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/11/22 23:12:17 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/11/22 23:12:16 | 000,057,856 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/11/22 23:12:16 | 000,045,056 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/11/22 23:12:16 | 000,031,744 | -H-- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/11/22 23:12:08 | 000,078,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/11/22 23:12:08 | 000,042,496 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/11/22 23:12:06 | 000,057,399 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/11/22 23:12:06 | 000,018,944 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/11/22 23:12:05 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/11/22 23:12:05 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/11/22 23:12:05 | 000,020,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/11/22 23:12:04 | 000,024,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/11/22 23:12:03 | 000,480,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/11/22 23:12:03 | 000,198,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/11/22 23:12:03 | 000,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/11/22 23:12:02 | 000,838,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/11/22 23:12:02 | 000,097,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/11/22 23:12:02 | 000,056,320 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/11/22 23:12:01 | 001,677,824 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/11/22 23:12:01 | 000,015,872 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/11/22 23:12:01 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/11/22 23:12:01 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/11/22 23:12:01 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/11/22 23:12:00 | 000,078,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/11/22 23:11:59 | 000,218,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/11/22 23:11:59 | 000,054,528 | -H-- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/11/22 23:11:59 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/11/22 23:11:59 | 000,006,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/11/22 23:11:51 | 000,045,568 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/11/22 23:11:49 | 000,029,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/11/22 23:11:49 | 000,009,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/11/22 23:11:48 | 000,369,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/11/22 23:11:48 | 000,331,264 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/11/22 23:11:48 | 000,045,056 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/11/22 23:11:48 | 000,010,240 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/11/22 23:11:47 | 000,108,544 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/11/22 23:11:47 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2011/11/22 23:11:46 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/11/22 23:11:46 | 000,019,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2011/11/22 23:11:45 | 000,049,664 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/11/22 23:11:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/11/22 23:11:44 | 000,029,696 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/11/22 23:11:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/11/22 23:11:40 | 000,007,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/11/22 23:11:39 | 000,032,827 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/11/22 23:11:39 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/11/22 23:11:39 | 000,008,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/11/22 23:11:38 | 002,134,528 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2011/11/22 23:11:38 | 000,189,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2011/11/22 23:11:38 | 000,020,536 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/11/22 23:11:38 | 000,016,437 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/11/22 23:11:34 | 000,076,800 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/11/22 23:11:33 | 000,829,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/11/22 23:11:33 | 000,169,984 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/11/22 23:11:33 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/11/22 23:11:33 | 000,019,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/11/22 23:11:33 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/11/22 23:11:33 | 000,007,680 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/11/22 23:11:32 | 000,133,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/11/22 23:11:32 | 000,068,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/11/22 23:11:32 | 000,064,512 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/11/22 23:11:32 | 000,030,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/11/22 23:11:32 | 000,020,538 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/11/22 23:11:32 | 000,014,336 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/11/22 23:11:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/11/22 23:11:32 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/11/22 23:11:31 | 000,598,071 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/11/22 23:11:31 | 000,208,896 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/11/22 23:11:31 | 000,188,494 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/11/22 23:11:31 | 000,109,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/11/22 23:11:31 | 000,020,541 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/11/22 23:11:30 | 000,876,653 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/11/22 23:11:30 | 000,102,509 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/11/22 23:11:30 | 000,049,212 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/11/22 23:11:30 | 000,049,210 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/11/22 23:11:30 | 000,041,020 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/11/22 23:11:30 | 000,032,826 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/11/22 23:11:30 | 000,014,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/11/22 23:11:29 | 000,184,435 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/11/22 23:11:29 | 000,147,513 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/11/22 23:11:29 | 000,082,035 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/11/22 23:11:28 | 000,275,968 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/11/22 23:11:28 | 000,188,480 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/11/22 23:11:28 | 000,094,720 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/11/22 23:11:28 | 000,076,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/11/22 23:11:28 | 000,046,592 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/11/22 23:11:27 | 000,290,816 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/11/22 23:11:27 | 000,043,520 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/11/22 23:11:27 | 000,020,540 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/11/22 23:11:27 | 000,016,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/11/22 23:11:26 | 000,020,540 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/11/22 23:11:26 | 000,016,439 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/11/22 23:09:01 | 000,016,384 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/11/22 22:57:44 | 000,024,661 | -H-- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/11/22 22:57:44 | 000,024,661 | -H-- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/11/22 22:57:44 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/11/22 22:57:44 | 000,013,312 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/11/22 22:16:13 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\21883758.sys
[2011/11/22 21:58:19 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\25163123.sys
[2011/11/22 21:49:09 | 000,094,896 | -H-- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\41318304.sys
[2011/11/22 19:16:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/22 19:16:49 | 000,022,216 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/22 19:16:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/22 19:13:29 | 000,000,000 | -H-D | C] -- C:\TDSSKiller_Quarantine
[2011/11/21 14:24:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\im
[2011/11/04 11:33:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/04 11:33:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy CD-DA Extractor 15
[2011/11/04 11:33:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Easy CD-DA Extractor
[2011/11/04 11:33:09 | 000,000,000 | -H-D | C] -- C:\Program Files\Easy CD-DA Extractor 15
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 11:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 11:16:07 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/29 11:09:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\one10\Desktop\OTL.exe
[2011/11/27 19:40:21 | 633,213,029 | ---- | M] () -- C:\Documents and Settings.zip
[2011/11/23 14:01:00 | 000,000,232 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/23 13:58:27 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/23 13:58:25 | 000,000,376 | -H-- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
[2011/11/23 13:58:25 | 000,000,268 | -H-- | M] () -- C:\WINDOWS\tasks\ASC4_PerformanceMonitor.job
[2011/11/23 13:58:25 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/23 13:07:10 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\one10\Desktop\iExplore.exe
[2011/11/23 11:55:14 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/23 11:54:02 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/23 11:39:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/23 11:01:30 | 007,413,448 | -H-- | M] () -- C:\Documents and Settings\one10\Desktop\rules.ref
[2011/11/22 23:34:04 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/22 23:16:18 | 000,136,464 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/22 23:15:45 | 000,000,655 | -H-- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/11/22 23:11:08 | 000,316,640 | -H-- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/22 23:11:06 | 000,023,392 | -H-- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/22 23:11:06 | 000,016,832 | -H-- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/22 23:10:47 | 000,004,161 | -H-- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/22 23:07:46 | 000,022,748 | -H-- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/11/22 23:06:09 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/11/22 22:16:13 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\21883758.sys
[2011/11/22 21:58:19 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\25163123.sys
[2011/11/22 21:49:09 | 000,094,896 | -H-- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\41318304.sys
[2011/11/22 18:51:26 | 009,852,544 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\one10\Desktop\blank.exe
[2011/11/22 15:51:30 | 000,000,685 | -H-- | M] () -- C:\WINDOWS\setupapi.old
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 19:42:55 | 633,213,029 | ---- | C] () -- C:\Documents and Settings.zip
[2011/11/23 13:54:55 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\one10\Desktop\iExplore.exe
[2011/11/23 13:27:53 | 007,413,448 | -H-- | C] () -- C:\Documents and Settings\one10\Desktop\rules.ref
[2011/11/23 12:10:07 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Outlook Express.lnk
[2011/11/23 12:09:25 | 000,000,767 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Internet Explorer.lnk
[2011/11/23 12:08:21 | 000,001,599 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Remote Assistance.lnk
[2011/11/23 12:08:21 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\one10\Start Menu\Programs\Windows Media Player.lnk
[2011/11/22 23:34:05 | 000,013,646 | -H-- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/11/22 23:13:17 | 000,175,104 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/11/22 23:12:52 | 001,158,818 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/11/22 23:12:42 | 000,059,392 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/11/22 23:12:41 | 000,196,665 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/11/22 23:12:39 | 000,134,339 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/11/22 23:12:29 | 013,463,552 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/11/22 23:12:24 | 000,108,827 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/11/22 23:12:20 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/11/22 23:12:02 | 000,173,568 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/11/22 22:57:33 | 000,144,484 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/11/22 22:57:33 | 000,026,991 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/11/22 22:57:33 | 000,014,433 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/11/22 22:57:32 | 001,296,669 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2011/11/22 22:57:32 | 000,797,189 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/11/22 22:57:32 | 000,399,645 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/11/22 22:57:32 | 000,112,918 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/11/22 22:57:32 | 000,037,484 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/11/22 22:57:32 | 000,034,747 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/11/22 22:57:32 | 000,034,063 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/11/22 22:57:32 | 000,016,535 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/11/22 22:57:32 | 000,013,472 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/11/22 22:57:32 | 000,012,363 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/11/22 22:57:32 | 000,010,027 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/11/22 22:57:32 | 000,008,574 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/11/22 22:57:32 | 000,007,710 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/11/22 22:57:31 | 002,144,487 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/11/22 22:57:31 | 000,522,220 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/11/22 22:39:34 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/05/19 22:30:27 | 000,080,528 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/19 10:08:20 | 000,022,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/22 08:52:18 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/11/22 08:52:18 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/11/22 08:52:18 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2010/07/20 18:55:02 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/19 11:54:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/06 14:08:50 | 000,012,800 | -H-- | C] () -- C:\WINDOWS\System32\EKDeviceServices.dll
[2010/06/06 13:35:57 | 000,002,007 | -H-- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
[2010/06/06 13:32:24 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010/06/05 10:52:31 | 000,000,728 | -H-- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2010/06/05 09:12:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/04 22:54:02 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/04 22:52:50 | 000,136,464 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/04 22:12:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 22:06:49 | 000,022,748 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 07:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,432,356 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,067,312 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/15 11:52:33 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/04/15 11:52:33 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | -H-- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\one10\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | -H-- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\one10\Local Settings\Temp\RarSFX0\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 07:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\one10\Local Settings\Temp\RarSFX0\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/05/26 19:47:22 | 000,031,232 | -H-- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\one10\Local Settings\Temp\RarSFX0\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 07:00:00 | 000,093,184 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/11/10 09:08:06 | 000,552,464 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/11/10 09:07:51 | 000,912,856 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/14 07:00:00 | 000,045,056 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2008/04/14 07:00:00 | 000,093,184 | -H-- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB22609$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B9ADB51

< End of report >

#7
Rick_F

Posted 01 December 2011 - 06:06 AM

Member

Topic Starter
Member
23 posts

Last of the 3 logs:

OTL Extras log

OTL Extras logfile created on: 12/1/2011 11:37:24 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\one10\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 92.21% Memory free
6.84 Gb Paging File | 6.78 Gb Available in Paging File | 99.24% Paging File free
Paging file location(s): c:\pagefile.sys 4093 4093 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 77.59 Gb Free Space | 60.62% Space Free | Partition Type: NTFS

Computer Name: USER-94BF4B7558 | User Name: one10 | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\O2\agent\bin\bcont.exe" = C:\Program Files\O2\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\bin\wificfg.exe" = C:\Program Files\O2\bin\wificfg.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
"C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe" = C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe:*:Enabled:ssrc.exe -- (SupportSoft, Inc.)
"C:\Program Files\O2\agent\bin\bcont_nm.exe" = C:\Program Files\O2\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker -- (Bitberry Software)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 -- (Sports Interactive)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Smart Live Spread Bet MT4 4.00
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{8304A711-3111-9D04-9DF7-201A9A5672AC}" = Newzum
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{952AB4DF-7318-4293-8575-D723C35DE117}" = Link Partner Analyzer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9FD81537-F8EC-41DB-BBEB-3FCFD70BB186}" = USB2.0 UVC VGA
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2E5EDDC-F02B-4F3A-9EF3-0C4C97616DB0}_is1" = eCalc Scientific (Trial v1.5.2)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = KODAK All-in-One Printer Software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"Easy CD-DA Extractor 15" = Easy CD-DA Extractor 15
"ExpressFX" = ExpressFX
"FileZilla Client" = FileZilla Client 3.4.0
"Football Manager 2008" = Football Manager 2008
"FreeFileViewer_is1" = Free File Viewer 2011
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"seopowersuite" = SEO SpyGlass
"Stealth Keyword Competition Analyzer_is1" = Stealth Keyword Competition Analyzer 2.1
"Traffic Travis_is1" = Traffic Travis 3.3.18
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#8
maliprog

Posted 01 December 2011 - 06:43 AM

Trusted Helper

Malware Removal
6,172 posts

Hi Rick_F,

Step 1

Please download GetPartitions from the link bellow on your desktop

getpartitions.exe

Double click it to run it
It will produce C:\DiskReport.txt log please post results from that log here to me.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

DiskReport.txt
Combofix log

It would be helpful if you could post each log in separate post

#9
Rick_F

Posted 01 December 2011 - 08:40 AM

Member

Topic Starter
Member
23 posts

Hi maliprog,

Step 1: I downloaded GetPartitions to the desktop and have tried to run it but it does not appear to run (i.e. no window appears to show that it is running). I have tried this 2-3 times including rebooting before next attempt and downloading a fresh copy in case the original was corrupted but cannot find the DiskReport.

Please advise what I should do.

Thanks

Edit: I have tried again and succeeded (log will follow).

However, Combofix could not complete because it reported 'This machine does not have the MS Recovery Console or the Recovery Console requires updating'. It invited me to allow it to obtain an update over the internet but it could not because the malware has disabled the LAN port (wired connection to router). As a result of this I am not sure how to complete Step 2.

Edited by Rick_F, 01 December 2011 - 10:00 AM.

#10
Rick_F

Posted 01 December 2011 - 10:02 AM

Member

Topic Starter
Member
23 posts

Copy of DiskReport:

Microsoft DiskPart version 5.1.3565

Copyright © 1999-2003 Microsoft Corporation.
On computer: USER-94BF4B7558

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 E DVD-ROM 0 B
Volume 2 C NTFS Partition 128 GB Healthy System

#11
maliprog

Posted 01 December 2011 - 01:54 PM

Trusted Helper

Malware Removal
6,172 posts

We need to download Recovery console manually

Click on the following link to go to Microsoft's Web site:

http://support.microsoft.com/kb/310994
At that page, scroll down and click on the appropriate download for your version of Windows XP (Home or Professional) and the service pack level that you have installed. When you click on the link to download the file, make sure you save it directly to your desktop. You are using Windows XP Service Pack 3 (SP3) and you need to select the Service Pack 2 download.
Once the Microsoft file has finished downloading, you should drag it on top of the ComboFix icon and let your mouse button go. This is shown in the following image.
ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Windows Recovery Console has finished installed, ComboFix will open a prompt stating that it was installed and asking if you would like to proceed with scanning your computer. Please press Yes button and continue as I described before.

#12
Rick_F

Posted 01 December 2011 - 04:06 PM

Member

Topic Starter
Member
23 posts

Hi maliprog,

That worked perfectly and I have finished running ComboFix. The scan detected 'Rootkit.ZeroAccess' infection which had also infected the tcp/ip stack. The Combofix log is attached:

ComboFix 11-12-01.01 - one10 12/01/2011 21:04:09.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3062.2707 [GMT 0:00]
Running from: c:\documents and settings\one10\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Gerrard\Application Data\BonsaiErrorLog.txt
c:\documents and settings\Rachel Only!!\My Documents\~WRL3523.tmp
c:\documents and settings\Rachel Only!!\My Documents\~WRL3891.tmp
c:\documents and settings\Rachel Only!!\WINDOWS
c:\documents and settings\User\Application Data\EurekaLog
c:\documents and settings\User\Application Data\EurekaLog\EurekaLog.ini
c:\documents and settings\User\Application Data\Liqai
c:\documents and settings\User\Application Data\Liqai\qoav.uro
c:\documents and settings\User\g2mdlhlpx.exe
c:\documents and settings\User\Local Settings\Application Data\{6B567EC2-6D21-4DF6-AC51-6F48053BC101}
c:\documents and settings\User\Local Settings\Application Data\{6B567EC2-6D21-4DF6-AC51-6F48053BC101}\chrome.manifest
c:\documents and settings\User\Local Settings\Application Data\{6B567EC2-6D21-4DF6-AC51-6F48053BC101}\chrome\content\_cfg.js
c:\documents and settings\User\Local Settings\Application Data\{6B567EC2-6D21-4DF6-AC51-6F48053BC101}\chrome\content\overlay.xul
c:\documents and settings\User\Local Settings\Application Data\{6B567EC2-6D21-4DF6-AC51-6F48053BC101}\install.rdf
c:\documents and settings\User\My Documents\~WRL0063.tmp
c:\documents and settings\User\My Documents\~WRL0934.tmp
c:\documents and settings\User\WINDOWS
c:\windows\CSC\d6
c:\windows\system32\swt-win32-3232.dll
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 11:29 . 2011-12-01 11:29 -------- d-----w- C:\_OTL
2011-11-23 12:08 . 2011-11-23 13:59 -------- d-----w- c:\documents and settings\one10
2011-11-23 11:55 . 2011-11-23 11:55 -------- d-----w- C:\4d24a32d91b14f87583aab5d0b1b
2011-11-23 10:17 . 2011-11-23 13:28 -------- d-----w- c:\program files\Magnum
2011-11-22 23:13 . 2001-08-17 22:36 7168 -c-ha-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2011-11-22 23:13 . 2001-08-17 22:36 12288 -c-ha-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-11-22 23:13 . 2001-08-17 22:36 57856 -c-ha-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2011-11-22 23:13 . 2001-08-17 22:36 26112 -c-ha-w- c:\windows\system32\dllcache\EXCH_seos.dll
2011-11-22 23:13 . 2001-08-17 22:36 23040 -c-ha-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2011-11-22 23:13 . 2001-08-17 22:36 38912 -c-ha-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-11-22 23:11 . 2008-04-14 07:00 6656 -c-ha-w- c:\windows\system32\dllcache\c_is2022.dll
2011-11-22 23:09 . 2008-04-14 07:00 16384 -c-ha-w- c:\windows\system32\dllcache\isignup.exe
2011-11-22 23:09 . 2008-04-14 07:00 16384 ---ha-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-11-22 22:57 . 2011-11-22 23:21 509204 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2011-11-22 22:57 . 2008-04-14 07:00 24661 ---ha-w- c:\windows\system32\spxcoins.dll
2011-11-22 22:57 . 2008-04-14 07:00 13312 -c-ha-w- c:\windows\system32\dllcache\irclass.dll
2011-11-22 22:57 . 2008-04-14 07:00 13312 ---ha-w- c:\windows\system32\irclass.dll
2011-11-22 22:57 . 2008-04-14 07:00 16535 ---ha-r- c:\windows\SETBA.tmp
2011-11-22 22:57 . 2008-04-14 07:00 1088840 ---ha-r- c:\windows\SETAE.tmp
2011-11-22 22:57 . 2008-04-14 07:00 1296669 ---ha-r- c:\windows\SETAB.tmp
2011-11-22 22:16 . 2011-11-22 22:16 94896 ---ha-w- c:\windows\system32\drivers\21883758.sys
2011-11-22 21:58 . 2011-11-22 21:58 94896 ---ha-w- c:\windows\system32\drivers\25163123.sys
2011-11-22 21:49 . 2011-11-22 21:49 94896 ---ha-w- c:\windows\system32\drivers\41318304.sys
2011-11-22 19:16 . 2011-11-22 19:16 -------- d--h--w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-22 19:16 . 2011-11-23 10:07 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-11-22 19:16 . 2011-08-31 17:00 22216 ---ha-w- c:\windows\system32\drivers\mbam.sys
2011-11-22 19:13 . 2011-11-22 21:58 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-21 14:24 . 2011-11-21 14:24 -------- d--h--w- c:\windows\im
2011-11-04 11:33 . 2011-11-04 11:46 -------- d--h--w- c:\documents and settings\User\Local Settings\Application Data\Easy CD-DA Extractor
2011-11-04 11:33 . 2011-11-04 11:33 -------- d--h--w- c:\documents and settings\All Users\Application Data\Easy CD-DA Extractor
2011-11-04 11:33 . 2011-11-04 11:33 -------- d--h--w- c:\program files\Easy CD-DA Extractor 15
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-27 19:40 . 2011-11-27 19:42 633213029 ----a-w- C:\Documents and Settings.zip
2011-10-11 13:45 . 2011-10-11 13:45 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-11 14:20 . 2011-09-11 14:20 107888 ---ha-w- c:\windows\system32\CmdLineExt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-07-18 1306624]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PAP7501_Monitor"="c:\windows\Pixart\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"Malwarebytes' Anti-Malware"="c:\program files\Magnum\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ---ha-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ---ha-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-04-18 16:40 2334560 ---ha-w- c:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 00:22 421160 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42 1695232 ---h--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\O2\\bin\\wificfg.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\ssrc.exe"=
"c:\\Program Files\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
.
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32301\RapportCerberus32_32301.sys [10/19/2011 8:03 AM 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [6/22/2011 5:01 PM 66360]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [10/8/2011 10:01 AM 328536]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 2:44 PM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 2:44 PM 497280]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [7/25/2008 12:34 PM 18944]
R2 MBAMService;MBAMService;c:\program files\Magnum\mbamservice.exe [11/23/2011 10:17 AM 366152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [6/22/2011 5:01 PM 870200]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [3/4/2009 2:52 PM 202016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/22/2011 7:16 PM 22216]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/11/2011 8:35 PM 136176]
S3 43944992;43944992; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/11/2011 8:35 PM 136176]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [6/22/2011 5:01 PM 158904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
2011-12-01 c:\windows\Tasks\ASC4_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-10-08 16:40]
.
2011-12-01 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-06-12 15:50]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 20:35]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 20:35]
.
2011-11-23 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 14:23]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\one10\Application Data\Mozilla\Firefox\Profiles\xypzu6rj.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\program files\AVAST Software\Avast\ashShell.dll
HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
SafeBoot-55868055.sys
AddRemove-avast - c:\program files\AVAST Software\Avast\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-01 21:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\one10\Application Data\Trusteer\Rapport\user\store\user\rapport_data_var_0.js.data 13280 bytes
c:\documents and settings\one10\Application Data\Trusteer\Rapport\user\store\user\rapport_var_0.cfg.data
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\CLASSES\CLSID\{777B6BBD-*FF2-11D3-88FE-00C04F8EF9B5}]
@="SpPhraseBuilder Class"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\CLSID\{777B6BBD-*FF2-11D3-88FE-00C04F8EF9B5}\InprocServer32]
@="c:\\Program Files\\Common Files\\Microsoft Shared\\Speech\\sapi.dll"
"ThreadingModel"="Both"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\CLSID\{777B6BBD-*FF2-11D3-88FE-00C04F8EF9B5}\ProgID]
@="SAPI.SpPhraseBuilder.1"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\CLSID\{777B6BBD-*FF2-11D3-88FE-00C04F8EF9B5}\TypeLib]
@="{9903F14C-12CE-4c99-9986-2EE3D7D588A8}"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\CLSID\{777B6BBD-*FF2-11D3-88FE-00C04F8EF9B5}\VersionIndependentProgID]
@="SAPI.SpPhraseBuilder"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\Interface\{0C9FB851-E5C9-43EB-A370-F0677B138*4C}]
@Class="REG_SZ"
@="IOperationsProgressDialog"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\Interface\{0C9FB851-E5C9-43EB-A370-F0677B138*4C}\NumMethods]
@Class="REG_SZ"
.
[HKEY_LOCAL_MACHINE\software\CLASSES\Interface\{0C9FB851-E5C9-43EB-A370-F0677B138*4C}\ProxyStubClsid32]
@Class="REG_SZ"
@="{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay\Applications]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectPlay8\Applications]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DABCFB401445D2581C*CEC9DA9147058]
"6E00FD90C0255D947B0E692161C5CA8A"="02:\\Software\\OpenOffice.org\\Layers\\URE\\1\\UREINSTALLLOCATION"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9*1e18e3b_8.0.50727.98_x-ww_b2891689\downlevel_manifest.8.0.50727.98]
@=""
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Nls\MUILanguages\RCV2\ce*56n5.sys]
"0"=hex:00,00,02,00,46,00,02,00
"1"=hex:ce,ce,37,cc,97,85,c3,9b,47,3a,22,60,79,c0,d8,5e
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(808)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(1888)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2011-12-01 21:27:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 21:27
.
Pre-Run: 77,557,051,392 bytes free
Post-Run: 78,148,341,760 bytes free
.
- - End Of File - - CA127D9372C0DB0F300FF0F04E2BD7F4

#13
maliprog

Posted 02 December 2011 - 03:49 AM

Trusted Helper

Malware Removal
6,172 posts

Combofix did great job! Let's finish it.

Step 1

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

You need to print screen Disk Management for me. To do this

Press Alt and Print Screen button on your keyboard
Open Paint program
From the menu choose Edit then Paste
Now save the picture and attach it here for me.

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

Disk Management print screen
VRT log

It would be helpful if you could post each log in separate post

#14
Rick_F

Posted 02 December 2011 - 05:17 PM

Member

Topic Starter
Member
23 posts

Hi maliprog,

Both steps completed and details attached.

1. Disk Management:

#15
Rick_F

Posted 02 December 2011 - 05:19 PM

Member

Topic Starter
Member
23 posts

Detected Threads report:

Status: Deleted (events: 25)
12/2/2011 15:47:28 Deleted adware not-a-virus:AdWare.Win32.NewDotNet C:\Documents and Settings\User\.housecall6.6\Quarantine\NNWDAC638.EXE.bac_a00668 Medium
12/2/2011 15:47:28 Deleted adware not-a-virus:AdWare.Win32.NewDotNet C:\Documents and Settings\User\.housecall6.6\Quarantine\NNWDAC638.EXE.bac_a00668//CryptFF.b Medium
12/2/2011 15:47:46 Deleted adware not-a-virus:AdWare.Win32.OneStep.a C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00916 Medium
12/2/2011 15:47:46 Deleted adware not-a-virus:AdWare.Win32.OneStep.a C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00916//CryptFF.b Medium
12/2/2011 15:47:46 Deleted adware not-a-virus:AdWare.Win32.OneStep.a C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00916//CryptFF.b/osfreez118.exe Medium
12/2/2011 15:47:46 Deleted adware not-a-virus:AdWare.Win32.OneStep.a C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00916//CryptFF.b/osfreez118.exe//data0000.res Medium
12/2/2011 15:47:46 Deleted adware not-a-virus:AdWare.Win32.OneStep.a C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00916//CryptFF.b/osfreez118.exe//data0000.res//data0006 Medium
12/2/2011 15:47:47 Deleted adware not-a-virus:AdWare.Win32.Shopper.q C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00668 Medium
12/2/2011 15:47:47 Deleted adware not-a-virus:AdWare.Win32.Shopper.q C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00668//CryptFF.b Medium
12/2/2011 15:47:47 Deleted adware not-a-virus:AdWare.Win32.Shopper.q C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00668//CryptFF.b/Installer_shopperreports.exe Medium
12/2/2011 15:47:47 Deleted adware not-a-virus:AdWare.Win32.Shopper.q C:\Documents and Settings\User\.housecall6.6\Quarantine\resource.0000.pkg.bac_a00668//CryptFF.b/Installer_shopperreports.exe//data0008 Medium
12/2/2011 15:48:06 Deleted Trojan program Trojan-Dropper.Win32.Small.azm C:\Documents and Settings\User\.housecall6.6\Quarantine\rt25.exe.bac_a00916 High
12/2/2011 15:48:06 Deleted Trojan program Trojan-Dropper.Win32.Small.azm C:\Documents and Settings\User\.housecall6.6\Quarantine\rt25.exe.bac_a00916//CryptFF.b High
12/2/2011 15:48:09 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall.exe.bac_a00916 High
12/2/2011 15:48:09 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall.exe.bac_a00916//CryptFF.b High
12/2/2011 15:48:09 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall.exe.bac_a00916//CryptFF.b//Execryptor High
12/2/2011 15:48:20 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall[1].exe.bac_a00916 High
12/2/2011 15:48:20 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall[1].exe.bac_a00916//CryptFF.b High
12/2/2011 15:48:20 Deleted Trojan program Trojan-FakeAV.Win32.VirusRemover.k C:\Documents and Settings\User\.housecall6.6\Quarantine\winsinstall[1].exe.bac_a00916//CryptFF.b//Execryptor High
12/2/2011 20:44:20 Deleted Trojan program Trojan-Downloader.Win32.Agent.drhd C:\TDSSKiller_Quarantine\22.11.2011_21.42.48\tdlfs0000\tsk0004.dta//UPX High
12/2/2011 20:30:56 Deleted Trojan program Trojan.Win32.FakeAV.itrg C:\_OTL\MovedFiles\12012011_112931\C_Documents and Settings\All Users\Application Data\CMHxHbrYhPJ.exe High
12/2/2011 20:45:29 Deleted Trojan program Trojan.Win32.Jorik.Fraud.ipp C:\_OTL\MovedFiles\12012011_112931\C_Documents and Settings\All Users\Application Data\mefWsJFF2XOW6S.exe High
12/2/2011 20:44:20 Deleted Trojan program Trojan-Downloader.Win32.Agent.drhd C:\TDSSKiller_Quarantine\22.11.2011_21.42.48\tdlfs0000\tsk0004.dta High
12/2/2011 22:12:28 Deleted Trojan program Trojan.Win32.Jorik.Fraud.ipp C:\System Volume Information\_restore{93E4B4D8-0EC7-44BA-B292-5D62AD0D7B4B}\RP8\A0015013.exe High
12/2/2011 22:12:22 Deleted Trojan program Trojan.Win32.FakeAV.itrg C:\System Volume Information\_restore{93E4B4D8-0EC7-44BA-B292-5D62AD0D7B4B}\RP8\A0015012.exe High