Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus [Solved]

Started by applestarz , Oct 17 2009 04:33 AM

  • This topic is locked This topic is locked

#16
applestarz
Posted 20 October 2009 - 03:20 AM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Yes. I'm still affected with this virus. I've attached the summary. Thanks a lot! :)

Attached Files


  • 0

Advertisements

#17
hammerman
Posted 20 October 2009 - 06:49 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please follow these steps.

-- Step 1 --

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

RegNull::
[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16B2D189-8F7B-F72F-47F0-89930C6014AD}*]
RegLockDel::
[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{16B2D189-8F7B-F72F-47F0-89930C6014AD}*]


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

Allow Combofix to install the Recovery Console if prompted.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

-- Step 3 --

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Edited by hammerman, 20 October 2009 - 10:30 AM.

  • 0

#18
applestarz
Posted 21 October 2009 - 03:27 AM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi. I think the virus is actually gone now. Thanks a lot!

Log for ComboFix:
ComboFix 09-10-17.01 - Jenny 21/10/2009 16:36.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1706 [GMT 11:00]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
Command switches used :: c:\users\Jenny\Desktop\CFScript.txt
FW: Internet Security Firewall *disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 05:48 . 2009-10-21 05:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-21 05:48 . 2009-10-21 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-21 01:11 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-21 00:52 . 2009-10-21 00:52 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-21 00:48 . 2009-10-21 00:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-21 00:37 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-10-21 00:37 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-10-21 00:37 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-10-21 00:37 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-10-21 00:37 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-10-21 00:37 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-10-21 00:36 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-10-21 00:27 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-10-21 00:27 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-10-21 00:27 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-21 00:26 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-10-21 00:26 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-10-20 09:03 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-20 09:03 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-20 08:46 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-20 08:46 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-20 08:46 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-20 08:46 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-20 08:46 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-20 08:46 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-20 08:46 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-20 08:46 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-20 08:46 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-20 08:46 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-20 08:46 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-20 08:46 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-20 08:45 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-20 08:45 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-20 08:45 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-20 08:45 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-20 08:45 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-20 08:45 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-20 08:06 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-20 08:06 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-20 08:06 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-20 08:06 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-20 08:05 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-20 07:56 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-20 07:56 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-20 07:16 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-20 07:16 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-20 06:46 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-19 01:29 . 2009-10-19 01:30 -------- d-----w- c:\program files\Article Page Machine
2009-10-18 12:32 . 2009-10-21 05:49 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2009-10-18 11:55 . 2009-10-18 11:55 -------- d-----w- C:\_OTL
2009-10-18 10:05 . 2009-10-18 10:05 -------- d-----w- c:\program files\Advanced Site Submitter
2009-10-18 09:18 . 2009-10-18 09:18 -------- d-----w- c:\program files\ERUNT
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-17 10:19 . 2009-10-17 10:19 -------- d-----w- c:\program files\Trend Micro
2009-10-17 08:48 . 2009-10-20 09:12 -------- d-----w- C:\Combo-Fix
2009-10-17 07:41 . 2009-10-17 07:41 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 07:40 . 2009-10-17 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 07:40 . 2009-10-17 07:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 04:11 . 2009-09-30 23:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 18:06 . 2009-10-12 18:08 -------- d-----w- c:\users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
2009-10-12 17:20 . 2009-10-17 02:17 -------- d--h--w- c:\programdata\CanonIJEGV
2009-10-12 00:40 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-12 00:40 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iPod
2009-10-12 00:38 . 2009-10-16 06:19 -------- d-----w- c:\program files\iPod(11)
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iTunes
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\program files\iTunes(12)
2009-10-12 00:21 . 2009-10-12 00:22 -------- d-----w- c:\program files\Safari
2009-10-09 06:44 . 2009-10-09 06:44 93479 ----a-w- c:\windows\Email Marketing Pro Uninstaller.exe
2009-10-09 03:47 . 2009-10-17 02:18 -------- d-----w- c:\program files\McAfee
2009-10-07 23:31 . 2009-10-21 04:20 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM5.dll
2009-10-06 05:26 . 2009-10-20 04:47 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ubisoft
2009-10-06 01:47 . 2009-10-06 01:47 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-05 07:33 . 2009-10-05 07:33 -------- d-----w- c:\program files\Microsoft
2009-10-01 15:51 . 2009-10-01 15:51 -------- d-----w- c:\program files\Brain Spa
2009-10-01 15:15 . 2009-10-01 15:15 -------- d-----w- c:\program files\BrainTrainAge
2009-10-01 14:28 . 2009-10-01 14:28 -------- d-----w- C:\GameHouse Games
2009-10-01 08:55 . 2009-10-01 08:55 -------- d-----w- c:\users\Jenny\AppData\Local\Adwizard
2009-10-01 08:55 . 2009-10-01 08:55 -------- d-----w- c:\program files\Adwizard
2009-09-24 09:39 . 2009-09-24 09:41 -------- d-----w- c:\programdata\Findbasic
2009-09-24 09:39 . 2009-09-24 09:41 -------- d-----w- c:\program files\Findbasic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 05:33 . 2009-07-10 09:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\DMCache
2009-10-21 04:23 . 2009-06-02 06:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\LimeWire
2009-10-21 04:20 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM4.dll
2009-10-21 04:20 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM3.dll
2009-10-21 04:20 . 2009-07-10 09:28 -------- d-----w- c:\users\Jenny\AppData\Roaming\IDM
2009-10-21 04:20 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM2.dll
2009-10-21 04:20 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM1.dll
2009-10-21 04:15 . 2009-02-02 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-21 01:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-21 01:09 . 2008-07-22 23:27 -------- d-----w- c:\programdata\Microsoft Help
2009-10-21 00:37 . 2009-01-30 11:37 -------- d-----w- c:\program files\PC Tools Internet Security
2009-10-17 02:33 . 2009-02-02 12:26 -------- d-----w- c:\program files\QuickTime
2009-10-17 02:18 . 2009-07-25 09:03 -------- d-----w- c:\program files\LiveZilla
2009-10-17 02:17 . 2009-07-25 09:03 -------- d-----w- c:\programdata\{99132AC5-3A7A-446C-AE3C-8DF2A46D5D29}
2009-10-17 02:17 . 2009-02-02 12:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 06:23 . 2009-01-30 10:09 -------- d-----w- c:\programdata\McAfee
2009-10-14 15:00 . 2009-06-03 06:00 -------- d-----w- c:\users\Jenny\AppData\Roaming\FileZilla
2009-10-12 18:08 . 2009-09-07 07:18 -------- d-----w- c:\users\Jenny\AppData\Roaming\Canon
2009-10-12 03:10 . 2009-08-22 23:17 -------- d-----w- c:\users\Jenny\AppData\Roaming\Apple Computer
2009-10-09 06:47 . 2009-09-09 13:20 -------- d-----w- c:\program files\Email Marketing Pro
2009-10-09 05:54 . 2009-07-10 10:20 -------- d-----w- c:\program files\Unlocker
2009-10-01 15:54 . 2009-06-01 10:33 -------- d-----w- c:\program files\LimeWire
2009-10-01 14:27 . 2009-09-06 11:29 -------- d-----w- c:\program files\RealArcade
2009-09-21 12:04 . 2009-09-18 09:06 -------- d-----w- c:\users\Jenny\AppData\Roaming\.purple
2009-09-18 13:55 . 2009-09-18 13:55 1185 ----a-w- c:\users\Jenny\AppData\Roaming\.purple\certificates\x509\tls_peers\typists.quicktate.com
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Pidgin
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Common Files\GTK
2009-09-18 08:50 . 2009-09-18 08:50 680 ----a-w- c:\users\Jenny\AppData\Local\d3d9caps.dat
2009-09-17 13:35 . 2009-07-01 08:53 -------- d-----w- c:\users\Jenny\AppData\Roaming\Skype
2009-09-17 13:35 . 2009-07-01 08:54 -------- d-----w- c:\users\Jenny\AppData\Roaming\skypePM
2009-09-14 08:29 . 2009-09-14 08:29 -------- d-----w- c:\users\Jenny\AppData\Roaming\DivX
2009-09-12 01:25 . 2009-08-06 08:53 -------- d-----w- c:\program files\DivX
2009-09-12 01:25 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-12 01:24 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-11 10:45 . 2009-09-11 10:45 -------- d-----w- c:\programdata\EMP
2009-09-09 12:51 . 2009-09-09 12:33 1186980 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\DwnlData\Jenny\emp_200\emp.exe
2009-09-07 08:05 . 2009-09-07 07:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ahead
2009-09-07 07:58 . 2009-01-30 11:28 -------- d-----w- c:\program files\Yahoo!
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Nero
2009-09-07 07:19 . 2009-09-07 07:19 -------- d--h--w- c:\programdata\CanonIJScan
2009-09-06 09:13 . 2009-09-06 09:13 -------- d-----w- c:\program files\The Color Picker
2009-09-02 06:50 . 2009-07-01 12:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-09-01 12:56 . 2009-05-05 12:33 -------- d-----w- c:\users\Jenny\AppData\Roaming\gtk-2.0
2009-08-29 11:11 . 2009-08-29 11:10 -------- d-----w- c:\program files\RKET
2009-08-27 13:32 . 2009-10-20 09:31 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-20 09:31 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-20 09:31 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 06:56 . 2009-08-27 06:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\UClick
2009-08-27 06:56 . 2009-08-27 06:56 -------- d-----w- c:\programdata\UClick
2009-08-27 05:58 . 2009-03-07 06:58 -------- d-----w- c:\users\Jenny\AppData\Roaming\PlayFirst
2009-08-27 05:58 . 2009-03-07 06:58 -------- d-----w- c:\programdata\PlayFirst
2009-08-26 21:54 . 2009-03-06 23:05 -------- d-----w- c:\programdata\NeoEdge Networks
2009-08-26 21:53 . 2009-03-06 23:02 -------- d-----w- c:\program files\MostFun
2009-08-26 11:14 . 2009-08-26 11:14 -------- d-----w- c:\program files\Convert AVI to MP4
2009-08-26 10:41 . 2009-08-26 10:41 -------- d-----w- c:\program files\Free WMV to AVI MPEG Converter
2009-08-24 08:30 . 2009-02-05 08:29 -------- d-----w- c:\program files\Brother
2009-08-24 08:30 . 2008-07-22 23:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-22 23:17 . 2009-08-22 23:16 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-22 23:16 . 2009-08-22 23:14 -------- d-----w- c:\programdata\Apple Computer
2009-08-22 23:15 . 2009-08-22 23:15 -------- d-----w- c:\program files\Bonjour
2009-08-22 14:08 . 2009-03-06 08:42 -------- d-----w- c:\users\Jenny\AppData\Roaming\uTorrent
2009-08-04 20:32 . 2009-01-30 10:12 101528 ----a-w- c:\users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-29 22:36 . 2009-07-29 22:26 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-07-26 05:44 . 2009-07-26 05:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 11:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-01 840704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-24 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-24 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-24 138008]
"BtcMouseMaestro"="c:\program files\MMaestro\KMaestro.exe" [2007-07-23 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-22 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-07-08 2754888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-8-1 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{438F5819-AD9D-4E7D-ACF0-B0D68EADD920}"= c:\program files\CyberLink\SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{1C1F45F8-469C-4359-A8CE-A755A6337107}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{299062FA-CC4C-4B18-A1D2-9F763766DB22}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{F408B6CA-36F1-461C-B202-B66085A3B8F8}"= UDP:97:Inventoria Stock Manager Web Server
"{66290614-A98B-4E72-8BF8-4E5DD2665A31}"= UDP:96:Express Invoice Web Server
"{9C7F2DC9-8483-46F8-8450-B3611BBD5FB9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{69C60FCD-9D73-4CB1-A519-955EC69E0444}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FE95CAEF-A966-4271-82F9-DFC854A76DA6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{AC80F3CB-77F6-4BAA-9C46-515E339F41B7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{554E188F-3264-4F34-B04A-1202ACD70B97}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{56CBB772-AAF7-4ADD-8E24-669E297358D9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2B940DB5-5C35-424D-AF07-C3BAFCA69397}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{025E8EC1-F0E7-404E-9C5A-AA8F23A35502}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{187DA6A6-8AB6-4CF1-8F59-4C51754E482D}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{4A1A0A99-C5B4-4E5C-8731-E68AAF518A6F}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{031EC03A-1381-4F93-8B23-B38CE4251D79}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{38B514DA-B2BD-44AD-9E70-EF53E50E9CDE}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{56B14FC2-82E9-45FF-97A2-4AB9A7CE3DBE}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{83D4D3B7-E565-4993-9E21-EC882C259015}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EC34E7C4-444E-4FC0-B968-FAE6ECFBEF86}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [30/01/2009 10:38 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [30/01/2009 10:38 PM 38208]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [30/01/2009 10:38 PM 160808]
R2 CLHNService;CLHNService;c:\program files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [23/07/2008 10:45 AM 77824]
R2 NTIPPKernel;NTIPPKernel;c:\program files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys [23/07/2008 10:45 AM 122624]
R3 FWAuth;FWAuth Driver;c:\windows\System32\drivers\FWAuthDriver.sys [30/01/2009 10:37 PM 58152]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [30/01/2009 10:38 PM 33088]
R3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [30/01/2009 10:37 PM 356920]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\s7dorkb6.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\users\Jenny\AppData\Roaming\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 16:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\Shared Files\RichVideo.exe\"\00\00\00\00\00lú\12\00
[\13`w\00\00\00\00\00\00\00\00Z\00\\00\ó\12\00€õ\12\00Ø+_\05S\00-\001\00-\005\00-\002\001\00-\001"

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{469f79f0-f5f2-4c0d-af66-f409e5e97c22}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ff
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,48,8c,7f,fa,6b,27,46,05,dc,e8,2e,a7,83,a5,f6,c0,c5,6f,27,24,2e,2e,\

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bc,0a,cd,75,ca,98,d4,56,cf,31,d9,25,d4,e9,14,e1,3d,75,49,7f,34,
00,20,be,c9,e0,85,18,ea,7c,70,4c,ac,ff,48,7f,19,15,6c,40,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(716)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll

- - - - - - - > 'Explorer.exe'(7256)
c:\program files\PC Tools Internet Security\TFEngine\TFWAH.dll
.
Completion time: 2009-10-21 16:53
ComboFix-quarantined-files.txt 2009-10-21 05:53
ComboFix2.txt 2009-10-18 12:32

Pre-Run: 75,706,060,800 bytes free
Post-Run: 75,763,138,560 bytes free

344 --- E O F --- 2009-10-21 01:12


Log for GMER:
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-21 20:20:38
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Jenny\AppData\Local\Temp\fglcypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x805BC4EE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 820C2E18 4 Bytes [EE, C4, 5B, 80] {OUT DX, AL ; LES EBX, DWORD [EBX-0x80]}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1944] SHELL32.dll!SHFileOperationW 7655CD3E 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743688B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [743A98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7436B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7435FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74367A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7435EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7439B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7436BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7436074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743606B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743571B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [743ED848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74387379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7435E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7435697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743569A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1944] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74362465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctfw2.sys
AttachedDevice \Driver\tdx \Device\Udp pctfw2.sys
AttachedDevice \Driver\tdx \Device\RawIp pctfw2.sys

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\SystemRestore\FRStaging\Windows:Z_PI.EXE 23552 bytes executable
ADS C:\System Volume Information\SystemRestore\WmiStaging\Windows:Z_PI.EXE 23552 bytes executable

---- EOF - GMER 1.0.15 ----

Log for GooredFix:
GooredFix by jpshortstuff (24.09.09.1)
Log created at 20:21 on 21/10/2009 (Jenny)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:39 15/10/2009]
{B13721C7-F507-4982-B2E5-502A71474FED} [06:45 01/07/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [06:06 02/06/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [05:47 03/07/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord" [23:41 22/07/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [00:43 21/10/2009]

---------- Old Logs ----------
GooredFix[05.59.45_21-10-2009].txt

-=E.O.F=-
  • 0

#19
hammerman
Posted 21 October 2009 - 07:05 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hi,

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report
  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

  • 0

#20
applestarz
Posted 23 October 2009 - 05:33 PM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
The file takes a while to download so I'll do it and get back to you soon. Thanks!
  • 0

#21
hammerman
Posted 23 October 2009 - 09:35 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
OK. Kaspersky can take a few hours to scan but it's very thorough.
  • 0

#22
applestarz
Posted 24 October 2009 - 11:54 PM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi. Attached is the Kaspersky report. I'm infected with 5 viruses. Somehow, I still have the Google Redirect Virus. Thanks for helping me out. I can't post the log because its a html file :)

Attached Files


  • 0

#23
hammerman
Posted 25 October 2009 - 01:51 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Program Files\Article Page Machine\cache\74790.html
C:\Users\Jenny\Documents\Installation Programs\Photoshop\CS4_Cracking_Kit_www.slwarez.com
C:\Users\Jenny\Documents\Installation Programs\Photoshop\CS4_Cracking_Kit_www.slwarez.com.rar
C:\Users\Jenny\Documents\Installation Programs\Photoshop\Photoshop_CS4Keygen_Latest
C:\Users\Jenny\Documents\Installation Programs\Photoshop\Photoshop_CS4Keygen_Latest.rar
C:\Users\Jenny\Music\English Songs\i love you tila tequila mp3.wma

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Run OTL
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scans/Fixes box paste this in the following.

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
    %systemroot%\system32\drivers\*.sys

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

-- Step 3 --

Please run a GMER scan and post the report.
  • 0

#24
applestarz
Posted 28 October 2009 - 05:32 AM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi hammerman,

Sorry for the late reply. Thanks for helping me out.

Step 1 - OTL lOG
All processes killed
========== FILES ==========
File\Folder C:\Program Files\Article Page Machine\cache\74790.html not found.
File\Folder C:\Users\Jenny\Documents\Installation Programs\Photoshop\CS4_Cracking_Kit_www.slwarez.com not found.
File\Folder C:\Users\Jenny\Documents\Installation Programs\Photoshop\CS4_Cracking_Kit_www.slwarez.com.rar not found.
File\Folder C:\Users\Jenny\Documents\Installation Programs\Photoshop\Photoshop_CS4Keygen_Latest not found.
File\Folder C:\Users\Jenny\Documents\Installation Programs\Photoshop\Photoshop_CS4Keygen_Latest.rar not found.
File\Folder C:\Users\Jenny\Music\English Songs\i love you tila tequila mp3.wma not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\1752 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET177A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET5B1B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET5B79.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET5D00.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET5E28.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 2568815 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\chatCard[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\nametrade[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\nametrade[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\chatCard[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\chatCard[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\nametrade[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\chatCard[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\nametrade[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\chatCard[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\nametrade[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\nametrade[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 5709122 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78037613 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 582656 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.87 mb

Error: Unable to interpret <%systemroot%\system32\logevent.dll> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.sys> in the current context!

OTL by OldTimer - Version 3.0.21.0 log created on 10282009_212147

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\1752 not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET177A.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET5B1B.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET5B79.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET5D00.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET5E28.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\chatCard[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\nametrade[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\nametrade[2].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW1QLWE6\openhand_8_8[1].bmp moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\chatCard[2].htm moved successfully.
File\Folder C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\chatCard[3].htm not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JW7K6K4Q\nametrade[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\chatCard[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\en[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3B6IC8P\nametrade[1].htm moved successfully.
File\Folder C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\chatCard[3].htm not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\nametrade[2].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGND3CMF\nametrade[3].htm moved successfully.

Registry entries deleted on Reboot...



Step 2 - OTL log:
OTL logfile created on: 28/10/2009 9:16:26 PM - Run 4
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 60.90% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 63.12 Gb Free Space | 45.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Program Files\MMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
PRC - C:\Program Files\trademanager\AliUpdate.exe (Alibaba software (Shanghai) Corporation.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Users\Jenny\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc [Auto | Stopped]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CLHNService [Auto | Running]) -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ThreatFire [On_Demand | Stopped]) -- C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
SRV - (W3SVC [Auto | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 F0 33 00 4A D7 93 46 91 8B 6B 01 AF 69 4D C5 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.1.09060400
FF - prefs.js..extensions.enabledItems: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/23 10:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/22 14:26:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/17 14:39:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/18 11:16:36 | 00,000,000 | ---D | M]

[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2009/01/30 22:24:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/10/28 17:40:02 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions
[2009/10/22 21:21:04 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/10 19:50:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/13 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2009/10/17 13:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}
[2009/07/24 11:41:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/13 17:48:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/12 16:59:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/02/01 17:26:14 | 00,000,417 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\kim-doan.xml
[2009/06/13 10:24:30 | 00,000,585 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\scour---search-socially.xml
[2009/08/13 17:47:30 | 00,000,705 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\webster.xml
[2009/10/16 01:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/17 14:39:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 17:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/02 17:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/03 16:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/25 07:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/25 07:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/14 08:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/12 06:16:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/05/21 12:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/14 08:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 13:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/08/25 07:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/30 12:57:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/14 08:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1.activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [BtcMouseMaestro] C:\Program Files\MMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/18 22:49:05 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6EAC7F44-7E0A-E89C-C79A-750BD6F7352D} - Adobe Shockwave Director 10.1
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9CE848E2-B9D1-47a5-A74E-15B1AFD915D6} -
ActiveX: {BD49AA52-58EF-0A19-B51E-7C8EA37F03AB} - DirectX
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{80AD858D-F240-45BB-8D3D-C1BC5ADBC68A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\CYBERL~1\MAGICD~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/17 18:41:02 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2009/10/18 23:32:29 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/18 21:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Site Submitter
[2009/10/19 12:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Article Page Machine
[2009/10/18 20:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/23 09:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\KMaestro
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/21 11:52:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/17 21:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/28 18:52:36 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\My WangWang
[2009/10/25 00:31:46 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/10/24 20:29:01 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe
[2009/10/23 16:39:51 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\manufacturer
[2009/10/23 09:39:48 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/10/21 17:05:26 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\gmer
[2009/10/21 16:59:45 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\GooredFix Backups
[2009/10/21 16:53:22 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/21 16:33:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/21 16:33:27 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Users\Jenny\Documents\GooredFix.exe
[2009/10/19 16:23:23 | 00,221,184 | ---- | C] (AX Gold Software Limited) -- C:\Users\Jenny\Documents\weblinkchecker.exe
[2009/10/18 22:55:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/18 22:49:05 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/18 21:18:12 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\sitemapmaker
[2009/10/18 20:01:43 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:01:23 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 19:58:27 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:57:56 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/17 22:52:16 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\ClubLive Bot
[2009/10/17 21:11:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 19:48:44 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/10/17 18:40:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 18:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/17 18:27:34 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 15:40:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/17 15:40:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/17 15:40:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/17 15:40:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 15:39:44 | 00,000,000 | ---D | C] -- C:\Qoobox

========== Files - Modified Within 14 Days ==========

[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/28 21:16:13 | 00,000,530 | ---- | M] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/28 19:39:12 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/28 19:39:12 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/28 18:17:31 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
[2009/10/28 15:39:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/28 15:39:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/28 15:39:08 | 32,110,59200 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/28 02:07:15 | 04,731,287 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/10/26 23:07:13 | 00,000,949 | ---- | M] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 16:33:48 | 00,012,198 | ---- | M] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:35:47 | 01,569,462 | ---- | M] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:46:19 | 00,001,252 | ---- | M] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 19:59:04 | 00,001,673 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | M] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:31:00 | 00,036,320 | ---- | M] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:34 | 00,026,989 | ---- | M] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/25 00:32:49 | 00,784,118 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/25 00:32:49 | 00,694,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/25 00:32:49 | 00,138,984 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/24 20:41:16 | 00,001,675 | ---- | M] () -- C:\Users\Jenny\Desktop\CCleaner.lnk
[2009/10/24 20:40:18 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe
[2009/10/24 20:22:19 | 00,678,936 | ---- | M] () -- C:\Users\Jenny\Desktop\GameHouse-Installer_am-4elements_gamehouse_.exe
[2009/10/24 19:39:47 | 00,000,800 | ---- | M] () -- C:\Users\Jenny\Desktop\Super Bounce Out.lnk
[2009/10/24 19:35:13 | 00,000,775 | ---- | M] () -- C:\Users\Jenny\Desktop\Scuba in Aruba.lnk
[2009/10/24 10:58:17 | 00,000,876 | ---- | M] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:58:17 | 00,000,788 | ---- | M] () -- C:\Users\Jenny\Desktop\Lemonade Tycoon.lnk
[2009/10/24 10:56:03 | 00,000,916 | ---- | M] () -- C:\Users\Jenny\Desktop\Little Shop of Treasures.lnk
[2009/10/24 10:35:20 | 00,045,043 | ---- | M] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf
[2009/10/23 16:36:44 | 00,000,435 | ---- | M] () -- C:\Users\Jenny\Documents\manufacturer.zip
[2009/10/23 13:20:10 | 00,101,528 | ---- | M] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/23 13:19:37 | 02,306,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/23 13:11:57 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/23 09:32:32 | 00,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/10/23 09:25:00 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/10/22 23:11:39 | 00,013,848 | ---- | M] () -- C:\Users\Jenny\Documents\Towards Independence - Commerce Notes.docx
[2009/10/21 20:38:52 | 00,464,432 | ---- | M] () -- C:\Users\Jenny\Documents\Membership Application Form 2009-2010.pdf
[2009/10/21 17:02:10 | 00,282,833 | ---- | M] () -- C:\Users\Jenny\Documents\gmer.zip
[2009/10/21 16:49:22 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/21 16:33:34 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Users\Jenny\Documents\GooredFix.exe
[2009/10/20 22:34:33 | 00,025,600 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:11:32 | 03,489,792 | ---- | M] () -- C:\Users\Jenny\Documents\PC Tools Log.doc
[2009/10/20 17:53:26 | 05,452,228 | ---- | M] () -- C:\Users\Jenny\Documents\Big Bang - Crazy Dog.mp3
[2009/10/20 17:33:43 | 00,809,855 | ---- | M] () -- C:\Users\Jenny\Documents\infections 20-10.htm
[2009/10/20 17:14:09 | 00,071,798 | ---- | M] () -- C:\Users\Jenny\Documents\JavaRa.zip
[2009/10/19 16:29:21 | 00,040,753 | ---- | M] () -- C:\Users\Jenny\Documents\code.zip
[2009/10/19 16:28:21 | 00,658,217 | ---- | M] () -- C:\Users\Jenny\Documents\getpaidtoshop-p.zip
[2009/10/19 16:27:58 | 00,044,842 | ---- | M] () -- C:\Users\Jenny\Documents\bookmark-p.zip
[2009/10/19 16:25:28 | 00,221,184 | ---- | M] (AX Gold Software Limited) -- C:\Users\Jenny\Documents\weblinkchecker.exe
[2009/10/19 12:32:44 | 01,173,077 | ---- | M] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:32:21 | 00,697,981 | ---- | M] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:28:45 | 00,779,661 | ---- | M] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/19 12:27:40 | 00,007,324 | ---- | M] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/18 23:18:46 | 03,367,094 | R--- | M] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/10/18 22:46:58 | 00,132,597 | ---- | M] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:19:17 | 00,684,806 | ---- | M] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 21:03:39 | 01,036,811 | ---- | M] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 21:01:38 | 01,261,404 | ---- | M] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:58:24 | 00,177,362 | ---- | M] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | M] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | M] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | M] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 20:07:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:04:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 20:03:33 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:50 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:59:05 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 12:27:45 | 00,459,659 | ---- | M] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,813 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:49:01 | 00,422,906 | ---- | M] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 21:19:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 18:41:00 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 18:39:22 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 14:40:00 | 00,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/17 14:34:44 | 00,180,192 | ---- | M] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/17 13:32:59 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/17 13:31:54 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | M] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 10:03:05 | 00,339,968 | ---- | M] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:37:43 | 06,818,297 | ---- | M] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 02:21:29 | 00,053,253 | ---- | M] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 01:46:42 | 00,305,910 | ---- | M] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:20 | 00,009,986 | ---- | M] () -- C:\Users\Jenny\Documents\nice quotes.docx

========== Files - No Company Name ==========
[2009/10/28 21:16:13 | 00,000,530 | ---- | C] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/26 23:07:13 | 00,000,949 | ---- | C] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 15:47:54 | 00,012,198 | ---- | C] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:28:15 | 01,569,462 | ---- | C] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:41:19 | 00,001,252 | ---- | C] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | C] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:27:29 | 00,036,320 | ---- | C] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:22 | 00,026,989 | ---- | C] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/24 20:20:34 | 00,678,936 | ---- | C] () -- C:\Users\Jenny\Desktop\GameHouse-Installer_am-4elements_gamehouse_.exe
[2009/10/24 19:39:47 | 00,000,800 | ---- | C] () -- C:\Users\Jenny\Desktop\Super Bounce Out.lnk
[2009/10/24 19:35:13 | 00,000,775 | ---- | C] () -- C:\Users\Jenny\Desktop\Scuba in Aruba.lnk
[2009/10/24 10:58:17 | 00,000,876 | ---- | C] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:58:17 | 00,000,788 | ---- | C] () -- C:\Users\Jenny\Desktop\Lemonade Tycoon.lnk
[2009/10/24 10:56:03 | 00,000,916 | ---- | C] () -- C:\Users\Jenny\Desktop\Little Shop of Treasures.lnk
[2009/10/24 10:35:20 | 00,045,043 | ---- | C] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf
[2009/10/23 16:36:43 | 00,000,435 | ---- | C] () -- C:\Users\Jenny\Documents\manufacturer.zip
[2009/10/23 09:23:04 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/10/23 09:20:54 | 00,045,056 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2009/10/22 21:48:31 | 00,013,848 | ---- | C] () -- C:\Users\Jenny\Documents\Towards Independence - Commerce Notes.docx
[2009/10/21 20:35:31 | 00,464,432 | ---- | C] () -- C:\Users\Jenny\Documents\Membership Application Form 2009-2010.pdf
[2009/10/21 16:32:57 | 00,282,833 | ---- | C] () -- C:\Users\Jenny\Documents\gmer.zip
[2009/10/20 20:11:21 | 03,489,792 | ---- | C] () -- C:\Users\Jenny\Documents\PC Tools Log.doc
[2009/10/20 19:06:39 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/10/20 17:33:41 | 00,809,855 | ---- | C] () -- C:\Users\Jenny\Documents\infections 20-10.htm
[2009/10/20 17:32:17 | 05,452,228 | ---- | C] () -- C:\Users\Jenny\Documents\Big Bang - Crazy Dog.mp3
[2009/10/20 17:13:55 | 00,071,798 | ---- | C] () -- C:\Users\Jenny\Documents\JavaRa.zip
[2009/10/19 16:29:18 | 00,040,753 | ---- | C] () -- C:\Users\Jenny\Documents\code.zip
[2009/10/19 16:25:40 | 00,658,217 | ---- | C] () -- C:\Users\Jenny\Documents\getpaidtoshop-p.zip
[2009/10/19 16:23:16 | 00,044,842 | ---- | C] () -- C:\Users\Jenny\Documents\bookmark-p.zip
[2009/10/19 12:27:24 | 00,007,324 | ---- | C] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/19 12:27:07 | 01,173,077 | ---- | C] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:26:56 | 00,697,981 | ---- | C] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:26:02 | 00,779,661 | ---- | C] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/18 23:07:07 | 03,367,094 | R--- | C] () -- C:\Users\Jenny\Desktop\ComboFix.exe
[2009/10/18 22:46:34 | 00,132,597 | ---- | C] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:15:58 | 00,684,806 | ---- | C] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 20:54:32 | 01,036,811 | ---- | C] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 20:54:26 | 01,261,404 | ---- | C] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:52:05 | 00,177,362 | ---- | C] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | C] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | C] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | C] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 12:25:31 | 00,459,659 | ---- | C] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:45:50 | 00,422,906 | ---- | C] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 18:41:00 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:40:50 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/17 15:40:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/17 15:40:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/17 15:40:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/17 14:34:44 | 00,180,192 | ---- | C] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/16 01:39:13 | 00,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | C] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 09:51:21 | 00,339,968 | ---- | C] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:21:01 | 00,053,253 | ---- | C] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 02:05:16 | 06,818,297 | ---- | C] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 01:44:51 | 00,305,910 | ---- | C] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:19 | 00,009,986 | ---- | C] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/09/18 19:50:55 | 00,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/07/30 09:39:35 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/30 09:26:18 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/07/14 01:51:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/02 14:12:32 | 00,000,600 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:30 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/23 14:53:24 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 19:55:22 | 00,099,864 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/06 23:21:11 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/25 11:24:39 | 00,025,600 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 19:36:04 | 00,000,213 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/05 19:36:04 | 00,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/05 19:22:54 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/05 19:22:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 22:06:32 | 00,024,206 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
[2009/01/30 22:00:57 | 04,731,287 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/01/30 21:12:38 | 00,101,528 | ---- | C] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/12/27 18:27:18 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/27 18:27:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2006/11/07 10:57:56 | 00,049,152 | ---- | C] () -- C:\Windows\System32\RunSetup.dll
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 21:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/02 02:49:17 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2009/10/27 23:18:17 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming
[2009/09/21 23:04:35 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\.purple
[2009/09/07 19:05:59 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ahead
[2009/04/08 16:47:31 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\BitZipper
[2009/02/08 22:51:48 | 00,000,000 | R--D | M] -- C:\Users\Jenny\AppData\Roaming\Brother
[2009/10/13 05:08:05 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Canon
[2009/10/28 15:39:23 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DMCache
[2009/10/26 19:18:38 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\FileZilla
[2009/10/28 20:40:23 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gtk-2.0
[2009/10/28 15:39:45 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\IDM
[2009/07/06 00:50:08 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\iSerial Reader
[2009/10/28 15:42:29 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LimeWire
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Media Center Programs
[2009/06/07 23:47:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Opera
[2009/01/30 22:46:16 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsFirewallPlus
[2009/01/30 22:46:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PCToolsSpamMonitorPlus
[2009/08/27 16:58:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2009/08/05 21:03:53 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung
[2009/06/02 18:16:06 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SmartFTP
[2009/10/21 23:08:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/08/27 17:56:07 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\UClick
[2009/08/23 01:08:15 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent
[2009/10/28 15:39:14 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/28 02:07:19 | 00,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/28 18:17:31 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/21 13:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\*.sys >
[2006/11/02 19:55:12 | 00,053,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\1394bus.sys
[2008/01/21 13:23:00 | 00,266,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\acpi.sys
[2008/01/21 13:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys
[2008/01/21 13:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys
[2008/01/21 13:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys
[2008/01/21 13:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys
[2008/01/21 13:24:17 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\afd.sys
[2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AGP440.sys
[2008/01/21 13:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys
[2008/01/21 13:23:01 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\AMDAGP.SYS
[2008/01/21 13:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdide.sys
[2008/01/21 13:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk7.sys
[2008/01/21 13:23:00 | 00,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\amdk8.sys
[2008/01/21 13:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys
[2008/01/21 13:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys
[2008/01/21 13:24:04 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\asyncmac.sys
[2008/01/21 13:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\atapi.sys
[2008/01/21 13:23:00 | 00,110,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ataport.sys
[2008/01/21 13:23:00 | 00,028,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\battc.sys
[2008/01/21 13:23:31 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bdasup.sys
[2008/01/21 13:23:44 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\beep.sys
[2008/01/21 13:23:01 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\blbdrive.sys
[2008/01/21 13:23:53 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bowser.sys
[2006/11/02 19:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltLo.sys
[2006/11/02 19:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\BrFiltUp.sys
[2008/01/21 13:23:43 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bridge.sys
[2006/11/02 19:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerId.sys
[2006/11/02 19:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrSerWdm.sys
[2006/11/02 19:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbMdm.sys
[2006/11/02 19:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\BrUsbSer.sys
[2006/11/02 19:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\bthmodem.sys
[2008/01/21 13:23:51 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdfs.sys
[2008/01/21 13:23:02 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\cdrom.sys
[2008/01/21 13:23:26 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\circlass.sys
[2008/01/21 13:24:39 | 00,127,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Classpnp.sys
[2008/01/21 13:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys
[2008/01/21 13:23:00 | 00,020,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\compbatt.sys
[2008/01/21 13:23:49 | 00,036,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crashdmp.sys
[2008/01/21 13:23:22 | 00,024,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crcdisk.sys
[2008/01/21 13:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\crusoe.sys
[2008/01/21 13:24:55 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dfsc.sys
[2008/01/21 13:23:20 | 00,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\disk.sys
[2008/01/21 13:24:31 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Diskdump.sys
[2006/11/02 20:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys
[2008/01/21 13:23:20 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmk.sys
[2008/01/21 13:23:21 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\drmkaud.sys
[2008/01/21 13:24:21 | 00,029,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Dumpata.sys
[2008/01/21 13:24:21 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxapi.sys
[2008/01/21 13:24:14 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxg.sys
[2008/08/02 12:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2008/01/21 13:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\E1G60I32.sys
[2008/01/21 13:23:39 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ecache.sys
[2008/01/21 13:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys
[2008/01/21 13:23:00 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\errdev.sys
[2008/01/21 13:25:02 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\exfat.sys
[2008/01/21 13:24:13 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fastfat.sys
[2008/01/21 13:23:20 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fdc.sys
[2008/01/21 13:24:04 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fileinfo.sys
[2008/01/21 13:24:21 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\filetrace.sys
[2008/01/21 13:23:20 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\flpydisk.sys
[2008/01/21 13:24:01 | 00,192,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fltMgr.sys
[2008/01/21 13:24:06 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\fs_rec.sys
[2008/08/25 12:36:34 | 00,058,152 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\FWAuthDriver.sys
[2008/01/21 13:23:55 | 00,101,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\FWPKCLNT.SYS
[2008/01/21 13:23:22 | 00,061,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\GAGP30KX.SYS
[2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys
[2008/01/21 13:23:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hdaudbus.sys
[2006/11/02 18:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\HdAudio.sys
[2006/11/02 19:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidbth.sys
[2008/01/21 13:23:26 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidclass.sys
[2006/11/02 19:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidir.sys
[2008/01/21 13:23:26 | 00,025,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidparse.sys
[2008/01/21 13:23:26 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\hidusb.sys
[2008/01/21 13:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\HpCISSs.sys
[2008/01/21 13:23:50 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\http.sys
[2008/01/21 13:23:02 | 00,019,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omgmt.sys
[2008/01/21 13:23:02 | 00,030,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i2omp.sys
[2008/01/21 13:23:20 | 00,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\i8042prt.sys
[2008/01/21 13:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iaStorV.sys
[2008/02/11 19:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\igdkmd32.sys
[2006/11/02 20:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys
[2008/08/25 12:36:30 | 00,040,872 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\ikfilesec.sys
[2008/08/25 12:36:30 | 00,066,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\iksysflt.sys
[2008/08/25 12:36:32 | 00,081,320 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\iksyssec.sys
[2005/08/15 12:08:26 | 00,005,888 | ---- | M] (Ahead Software AG) -- C:\Windows\system32\drivers\imagedrv.sys
[2005/08/15 12:08:26 | 00,127,488 | ---- | M] (Ahead Software AG) -- C:\Windows\system32\drivers\imagesrv.sys
[2008/01/21 13:23:00 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelide.sys
[2008/01/21 13:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\intelppm.sys
[2008/01/21 13:24:45 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipfltdrv.sys
[2008/01/21 13:23:22 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\IPMIDrv.sys
[2008/01/21 13:24:25 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ipnat.sys
[2008/01/21 13:24:31 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irda.sys
[2008/01/21 13:23:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\irenum.sys
[2008/01/21 13:23:01 | 00,049,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\isapnp.sys
[2006/11/02 20:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys
[2006/11/02 20:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys
[2008/01/21 13:23:23 | 00,035,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdclass.sys
[2008/01/21 13:23:23 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\kbdhid.sys
[2008/07/03 19:06:50 | 00,029,608 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\kcom.sys
[2008/10/09 15:42:42 | 00,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\system32\drivers\KMWDFILTER.sys
[2008/01/21 13:24:30 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ks.sys
[2009/06/16 05:20:59 | 00,439,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
[2008/01/21 13:24:37 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\lltdio.sys
[2008/01/21 13:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys
[2008/01/21 13:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys
[2008/01/21 13:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys
[2008/01/21 13:24:37 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\luafv.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamswissarmy.sys
[2008/01/21 13:24:47 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mcd.sys
[2008/01/21 13:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys
[2008/01/21 13:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\MegaSR.sys
[2008/01/21 13:24:57 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\modem.sys
[2008/01/21 13:23:22 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\monitor.sys
[2008/01/21 13:23:20 | 00,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouclass.sys
[2008/01/21 13:23:20 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mouhid.sys
[2008/01/21 13:23:43 | 00,057,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mountmgr.sys
[2008/01/21 13:23:20 | 00,105,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpio.sys
[2008/01/21 13:24:47 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mpsdrv.sys
[2006/11/02 20:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\Mraid35x.sys
[2008/01/21 13:23:39 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxdav.sys
[2008/01/21 13:24:11 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb.sys
[2008/08/27 12:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb10.sys
[2008/01/21 13:24:28 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mrxsmb20.sys
[2008/01/21 13:23:00 | 00,028,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msahci.sys
[2008/01/21 13:23:21 | 00,094,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msdsm.sys
[2008/01/21 13:23:51 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msfs.sys
[2008/01/21 13:23:01 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msisadrv.sys
[2008/01/21 13:23:01 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msiscsi.sys
[2008/01/21 13:24:50 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mskssrv.sys
[2008/01/21 13:24:51 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspclock.sys
[2008/01/21 13:24:51 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mspqm.sys
[2008/01/21 13:24:26 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\msrpc.sys
[2008/01/21 13:23:01 | 00,031,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mssmbios.sys
[2008/01/21 13:24:51 | 00,006,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mstee.sys
[2008/01/21 13:24:14 | 00,049,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\mup.sys
[2008/01/21 13:23:50 | 00,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndis.sys
[2008/01/21 13:24:25 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndistapi.sys
[2008/01/21 13:24:55 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndisuio.sys
[2008/01/21 13:24:13 | 00,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndiswan.sys
[2008/01/21 13:24:25 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ndproxy.sys
[2008/01/21 13:24:20 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbios.sys
[2008/01/21 13:24:59 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netbt.sys
[2008/01/21 13:24:43 | 00,223,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\netio.sys
[2006/11/02 20:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys
[2008/01/21 13:23:51 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\npfs.sys
[2008/01/21 13:24:47 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nsiproxy.sys
[2008/01/21 13:23:51 | 01,081,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2006/11/02 18:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys
[2008/01/21 13:23:50 | 00,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\null.sys
[2008/01/21 13:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys
[2008/01/21 13:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys
[2008/01/21 13:23:01 | 00,109,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\NV_AGP.SYS
[2008/05/20 13:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\nwifi.sys
[2006/11/02 19:55:16 | 00,062,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ohci1394.sys
[2008/04/05 12:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pacer.sys
[2008/01/21 13:23:01 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parport.sys
[2008/01/21 13:24:44 | 00,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\partmgr.sys
[2008/01/21 13:23:01 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\parvdm.sys
[2008/01/21 13:23:01 | 00,151,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pci.sys
[2008/01/21 13:23:00 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciide.sys
[2008/01/21 13:23:00 | 00,045,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pciidex.sys
[2006/11/02 20:51:12 | 00,167,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\pcmcia.sys
[2008/07/17 17:53:46 | 00,093,952 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\pctfw.sys
[2008/08/25 12:36:38 | 00,160,808 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\pctfw2.sys
[2006/11/02 20:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\PEAuth.sys
[2008/01/21 13:23:21 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\portcls.sys
[2008/01/21 13:23:00 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\processr.sys
[2008/01/21 13:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys
[2006/11/02 20:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys
[2008/01/21 13:23:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\qwavedrv.sys
[2008/01/21 13:24:19 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasacd.sys
[2008/01/21 13:24:55 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rasl2tp.sys
[2008/01/21 13:24:35 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspppoe.sys
[2008/01/21 13:24:55 | 00,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\raspptp.sys
[2008/01/21 13:25:05 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rassstp.sys
[2008/01/21 13:24:18 | 00,224,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdbss.sys
[2008/01/21 13:24:06 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPCDD.sys
[2008/01/21 13:23:01 | 00,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpdr.sys
[2008/01/21 13:24:50 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RDPENCDD.sys
[2008/01/21 13:24:49 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys
[2008/05/10 12:33:10 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rmcast.sys
[2008/01/21 13:24:28 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\RNDISMP.sys
[2008/01/21 13:24:49 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rootmdm.sys
[2008/01/21 13:24:37 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rspndr.sys
[2009/01/06 19:07:10 | 02,261,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys
[2009/09/02 03:09:24 | 00,176,128 | ---- | M] (Realtek ) -- C:\Windows\system32\drivers\Rtlh86.sys
[2009/04/08 03:53:12 | 00,064,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTSTOR.sys
[2006/11/02 20:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sbp2port.sys
[2008/01/21 13:23:54 | 00,142,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\scsiport.sys
[2006/11/02 17:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\system32\drivers\secdrv.sys
[2008/01/21 13:23:01 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serenum.sys
[2008/01/21 13:23:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\serial.sys
[2008/01/21 13:23:20 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sermouse.sys
[2008/01/21 13:23:23 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffdisk.sys
[2008/01/21 13:23:23 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_mmc.sys
[2008/01/21 13:23:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sffp_sd.sys
[2006/11/02 19:51:40 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sfloppy.sys
[2008/01/21 13:23:01 | 00,055,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\SISAGP.SYS
[2008/01/21 13:23:26 | 00,041,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\sisraid2.sys
[2008/01/21 13:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys
[2008/01/21 13:25:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smb.sys
[2008/01/21 13:24:55 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\smclib.sys
[2008/01/21 13:24:11 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spldr.sys
[2008/01/21 13:24:38 | 00,681,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\spsys.sys
[2008/12/16 13:42:39 | 00,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv.sys
[2009/09/14 20:44:57 | 00,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srv2.sys
[2008/01/21 13:23:45 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\srvnet.sys
[2009/07/30 09:36:52 | 00,005,632 | ---- | M] () -- C:\Windows\system32\drivers\StarOpen.sys
[2008/01/21 13:24:03 | 00,123,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Storport.sys
[2008/01/21 13:24:05 | 00,052,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\stream.sys
[2008/01/21 13:23:01 | 00,015,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\swenum.sys
[2006/11/02 20:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys
[2006/11/02 20:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys
[2006/11/02 20:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys
[2008/01/21 13:24:44 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tape.sys
[2009/08/15 04:07:56 | 00,897,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpip.sys
[2008/01/21 13:23:43 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tcpipreg.sys
[2008/01/21 13:24:05 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdi.sys
[2008/01/21 13:24:08 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdpipe.sys
[2008/01/21 13:24:08 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdtcp.sys
[2008/01/21 13:24:53 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tdx.sys
[2008/01/21 13:23:01 | 00,054,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\termdd.sys
[2008/06/06 12:15:28 | 00,051,520 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfFsMon.sys
[2008/06/06 12:15:30 | 00,012,608 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfKbMon.sys
[2008/06/06 12:15:32 | 00,033,088 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfNetMon.sys
[2008/06/06 12:15:34 | 00,038,208 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\TfSysMon.sys
[2008/01/21 13:24:59 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tssecsrv.sys
[2008/01/21 13:24:25 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\TUNMP.SYS
[2008/01/21 13:24:25 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\tunnel.sys
[2008/01/21 13:23:22 | 00,059,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\UAGP35.SYS
[2008/01/21 13:23:51 | 00,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\udfs.sys
[2008/01/21 13:23:01 | 00,060,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ULIAGPKX.SYS
[2008/01/21 13:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys
[2006/11/02 20:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys
[2008/01/21 13:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys
[2008/01/21 13:23:22 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umbus.sys
[2008/01/21 13:23:49 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\umpass.sys
[2008/01/21 13:24:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usb8023.sys
[2008/01/21 13:24:24 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD.sys
[2008/01/21 13:24:24 | 00,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBCAMD2.sys
[2008/01/21 13:23:20 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbccgp.sys
[2006/11/02 19:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbcir.sys
[2008/01/21 13:23:03 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbd.sys
[2008/01/21 13:23:03 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbehci.sys
[2008/01/21 13:23:03 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbhub.sys
[2006/11/02 19:55:05 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbohci.sys
[2008/01/21 13:23:03 | 00,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbport.sys
[2008/01/21 13:23:22 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbprint.sys
[2008/01/21 13:23:27 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbscan.sys
[2008/01/21 13:23:24 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\USBSTOR.SYS
[2008/01/21 13:23:03 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbuhci.sys
[2008/01/21 13:24:50 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vga.sys
[2008/01/21 13:23:02 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\vgapnp.sys
[2008/01/21 13:23:01 | 00,056,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\VIAAGP.SYS
[2008/01/21 13:23:00 | 00,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\viac7.sys
[2008/01/21 13:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys
[2008/01/21 13:23:42 | 00,110,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\videoprt.sys
[2008/01/21 13:23:01 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgr.sys
[2008/01/21 13:24:27 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volmgrx.sys
[2008/01/21 13:23:21 | 00,227,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\volsnap.sys
[2008/01/21 13:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys
[2006/11/02 19:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wacompen.sys
[2008/01/21 13:24:25 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wanarp.sys
[2008/01/21 13:24:39 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\watchdog.sys
[2008/01/21 13:23:24 | 00,022,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wd.sys
[2008/01/21 13:23:51 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\Wdf01000.sys
[2008/01/21 13:23:51 | 00,035,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WdfLdr.sys
[2008/01/21 13:23:00 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmiacpi.sys
[2008/01/21 13:23:42 | 00,017,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\wmilib.sys
[2008/01/21 13:24:47 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ws2ifsl.sys
[2008/01/21 13:24:59 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFPf.sys
[2008/01/21 13:24:59 | 00,083,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\WUDFRd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2785F3BB
< End of report >


Step 3: Here is the gmer log:
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 17:34:53
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\Jenny\AppData\Local\Temp\fglcypog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x807FA4EE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 854 820C9E18 4 Bytes [EE, A4, 7F, 80] {OUT DX, AL ; MOVSB ; JG 0xffffffffffffff84}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1952] SHELL32.dll!SHFileOperationW 7663CD3E 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FA88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FE98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FAB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73F9FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FA7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73F9EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FDB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FABC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FA074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FA06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73F971B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7402D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FC7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73F9E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73F9697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73F969A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FA2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp pctfw2.sys
AttachedDevice \Driver\tdx \Device\Udp pctfw2.sys
AttachedDevice \Driver\tdx \Device\RawIp pctfw2.sys

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\SystemRestore\FRStaging\Windows:Z_PI.EXE 23552 bytes executable
ADS C:\System Volume Information\SystemRestore\WmiStaging\Windows:Z_PI.EXE 23552 bytes executable

---- EOF - GMER 1.0.15 ----
  • 0

#25
hammerman
Posted 28 October 2009 - 07:58 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\AutoRun\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found
O33 - MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\Shell\open\command - "" = J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe -- File not found

:Services

:Reg

:Files
@C:\System Volume Information\SystemRestore\FRStaging\Windows:Z_PI.EXE
@C:\System Volume Information\SystemRestore\WmiStaging\Windows:Z_PI.EXE

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.
-- Step 2 --

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
-- Step 3 --

Run OTL
  • When the window appears, select None
  • Under the Custom Scans/Fixes box paste this in the following.

    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

Advertisements

#26
applestarz
Posted 29 October 2009 - 11:58 PM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi Hammerman

Here are the reports. I have also downloaded and installed JavaRa.

Run/Fix Report

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afc5770a-78df-11de-954c-001d92941cf3}\ not found.
File J:\RESTORE\k-1-3542-4232123213-7676767-8888886\RanDll.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
ADS C:\System Volume Information\SystemRestore\FRStaging\Windows:Z_PI.EXE deleted successfully.
ADS C:\System Volume Information\SystemRestore\WmiStaging\Windows:Z_PI.EXE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\900 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET647.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET6C4.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET879.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET916.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETEB0E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\tmp945E.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 524669 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B9037033-EC8B-4100-9840-DF28906DECB9}.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXCXAGCW\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 653972 bytes
->Java cache emptied: 0 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\E5917B7Dd01 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 40624532 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1173 bytes
RecycleBin emptied: 1083870 bytes

Total Files Cleaned = 40.90 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10292009_162354

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\900 not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET647.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET6C4.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET879.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET916.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETEB0E.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\tmp945E.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B9037033-EC8B-4100-9840-DF28906DECB9}.tmp moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXCXAGCW\en[1].htm moved successfully.
File\Folder C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\E5917B7Dd01 not found!
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite-journal not found!
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...



Customs Scan/Fixes Report

OTL logfile created on: 30/10/2009 4:38:22 PM - Run 5
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Users\Jenny\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 82.73% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.28 Gb Total Space | 76.81 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JENNY-PC
Current User Name: Jenny
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe ()
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\KMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
PRC - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\MMaestro\Kmaestro.exe (Kmaestro)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\pctsTray.exe (PC Tools)
PRC - C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Users\Jenny\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppHostSvc [Auto | Running]) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc [Auto | Stopped]) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CLHNService [Auto | Running]) -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ [On_Demand | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\PC Tools Internet Security\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\PC Tools Internet Security\pctsSvc.exe (PC Tools)
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ThreatFire [On_Demand | Running]) -- C:\Program Files\PC Tools Internet Security\TFEngine\TFService.exe (PC Tools)
SRV - (W3SVC [Auto | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WAS [On_Demand | Running]) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wlidsvc [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FWAuth [On_Demand | Running]) -- C:\Windows\System32\drivers\FWAuthDriver.sys (PC Tools)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IKFileSec [Boot | Running]) -- C:\Windows\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt [System | Running]) -- C:\Windows\System32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec [System | Running]) -- C:\Windows\System32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KMWDFILTER [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NTIPPKernel [Auto | Running]) -- C:\Program Files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pctfw2 [System | Running]) -- C:\Windows\System32\drivers\pctfw2.sys (PC Tools)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek )
DRV - (RTSTOR [On_Demand | Running]) -- C:\Windows\System32\drivers\RTSTOR.SYS (Realtek Semiconductor Corp.)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SFilter [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\pctfw.sys (PC Tools)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (StarOpen [System | Running]) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (TfFsMon [Boot | Running]) -- C:\Windows\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon [On_Demand | Running]) -- C:\Windows\System32\drivers\TfNetMon.sys (PC Tools)
DRV - (TfSysMon [Boot | Running]) -- C:\Windows\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 99 F0 33 00 4A D7 93 46 91 8B 6B 01 AF 69 4D C5 [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: {8B72860F-C5F8-4286-865E-D2C2DB98A9E6}:0.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:3.1.09060400
FF - prefs.js..extensions.enabledItems: {b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/23 10:41:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/22 14:26:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 21:45:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 21:45:48 | 00,000,000 | ---D | M]

[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2009/01/30 22:24:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/02 17:08:24 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/10/29 17:47:55 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions
[2009/10/22 21:21:04 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/10 19:50:27 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/08/13 17:48:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{8B72860F-C5F8-4286-865E-D2C2DB98A9E6}
[2009/10/17 13:17:40 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{b16728a5-d2ee-4011-ac93-9d4a6af0fd6e}
[2009/07/24 11:41:30 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/13 17:48:42 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2009/08/04 22:39:12 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/08/12 16:59:37 | 00,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\s7dorkb6.default\extensions\[email protected]
[2009/02/01 17:26:14 | 00,000,417 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\kim-doan.xml
[2009/06/13 10:24:30 | 00,000,585 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\scour---search-socially.xml
[2009/08/13 17:47:30 | 00,000,705 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Mozilla\FireFox\Profiles\s7dorkb6.default\searchplugins\webster.xml
[2009/10/30 16:14:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/28 21:45:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/01 17:45:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/02 17:06:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/30 16:14:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/28 21:45:46 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/28 21:45:46 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/14 08:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 19:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/02/12 06:16:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/10/30 16:14:23 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/14 08:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/27 13:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/10/28 21:45:46 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/27 14:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/17 13:33:06 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/17 13:33:07 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/30 12:57:06 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2009/05/14 08:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/08/25 05:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/25 05:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/25 05:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/25 05:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/25 05:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/25 05:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/25 05:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1.activate.adobe.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BtcMaestro] C:\Program Files\KMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [BtcMouseMaestro] C:\Program Files\MMaestro\KMaestro.exe (Kmaestro)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CoInstMaestro] C:\Windows\System32\DriverStore\FileRepository\usbwinvt.inf_5cddd14d [2009/10/23 09:20:46 | 00,000,000 | ---D | M]
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Internet Security\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (SPAUN Power GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/18 22:49:05 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/12 11:38:55 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/13 04:20:10 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2009/10/06 12:47:13 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2009/10/17 18:41:02 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Malwarebytes
[2009/10/06 16:26:45 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Ubisoft
[2009/10/01 19:55:30 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Adwizard
[2009/10/13 05:06:32 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
[2009/10/18 23:32:29 | 00,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Local\temp
[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/18 21:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Advanced Site Submitter
[2009/10/01 19:55:30 | 00,000,000 | ---D | C] -- C:\Program Files\Adwizard
[2009/10/19 12:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Article Page Machine
[2009/10/02 02:51:21 | 00,000,000 | ---D | C] -- C:\Program Files\Brain Spa
[2009/10/02 02:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\BrainTrainAge
[2009/10/18 20:18:13 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/12 11:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(11)
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/12 11:38:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes(12)
[2009/10/23 09:20:54 | 00,000,000 | ---D | C] -- C:\Program Files\KMaestro
[2009/10/17 18:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/09 14:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/10/18 02:14:52 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/10/05 18:33:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/21 11:52:52 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/12 11:21:31 | 00,000,000 | ---D | C] -- C:\Program Files\Safari
[2009/10/17 21:19:33 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/30 16:14:42 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/30 16:14:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/30 16:14:42 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/10/29 00:14:15 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/10/28 22:34:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2009/10/28 18:52:36 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\My WangWang
[2009/10/28 16:02:39 | 10,627,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/10/28 16:02:37 | 00,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2009/10/28 16:02:36 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/10/25 00:31:46 | 00,000,000 | ---D | C] -- C:\Windows\SQL9_KB970892_ENU
[2009/10/24 20:29:01 | 03,309,072 | ---- | C] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe
[2009/10/24 10:36:51 | 12,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2009/10/24 10:36:47 | 03,408,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2009/10/24 10:36:47 | 01,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2009/10/24 10:36:45 | 02,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2009/10/24 10:36:45 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2009/10/24 10:36:44 | 02,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2009/10/24 10:36:42 | 01,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2009/10/24 10:36:41 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2009/10/24 10:36:40 | 01,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2009/10/24 10:36:39 | 00,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2009/10/24 10:36:39 | 00,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/10/24 10:36:39 | 00,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys
[2009/10/24 10:36:39 | 00,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2009/10/24 10:36:38 | 00,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2009/10/24 10:36:37 | 02,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
[2009/10/24 10:36:37 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2009/10/24 10:36:36 | 00,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2009/10/24 10:36:36 | 00,558,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmain.dll
[2009/10/24 10:36:36 | 00,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2009/10/24 10:36:36 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2009/10/24 10:36:35 | 00,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/10/24 10:36:34 | 01,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2009/10/24 10:36:34 | 00,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
[2009/10/24 10:36:33 | 00,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2009/10/24 10:36:33 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2009/10/24 10:36:33 | 00,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2009/10/24 10:36:33 | 00,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2009/10/24 10:36:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2009/10/24 10:36:33 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2009/10/24 10:36:32 | 11,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/10/24 10:36:31 | 00,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2009/10/24 10:36:31 | 00,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\p2psvc.dll
[2009/10/24 10:36:31 | 00,441,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2009/10/24 10:36:30 | 00,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2009/10/24 10:36:30 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2009/10/24 10:36:30 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2009/10/24 10:36:30 | 00,278,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/10/24 10:36:30 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2009/10/24 10:36:29 | 01,459,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\esent.dll
[2009/10/24 10:36:29 | 00,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2009/10/24 10:36:29 | 00,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2009/10/24 10:36:29 | 00,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/10/24 10:36:28 | 01,017,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll
[2009/10/24 10:36:28 | 00,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2009/10/24 10:36:28 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2009/10/24 10:36:28 | 00,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2009/10/24 10:36:28 | 00,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2009/10/24 10:36:28 | 00,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
[2009/10/24 10:36:28 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2009/10/24 10:36:28 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2009/10/24 10:36:28 | 00,041,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/10/24 10:36:26 | 01,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2009/10/24 10:36:26 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MPSSVC.dll
[2009/10/24 10:36:25 | 01,381,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Query.dll
[2009/10/24 10:36:25 | 01,336,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/10/24 10:36:25 | 00,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2009/10/24 10:36:25 | 00,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qmgr.dll
[2009/10/24 10:36:24 | 01,316,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
[2009/10/24 10:36:24 | 01,202,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
[2009/10/24 10:36:24 | 01,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2009/10/24 10:36:24 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2009/10/24 10:36:24 | 00,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2009/10/24 10:36:23 | 02,092,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe
[2009/10/24 10:36:23 | 01,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2009/10/24 10:36:23 | 01,183,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
[2009/10/24 10:36:23 | 00,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009/10/24 10:36:23 | 00,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2009/10/24 10:36:23 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/10/24 10:36:23 | 00,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2009/10/24 10:36:23 | 00,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2009/10/24 10:36:22 | 00,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2009/10/24 10:36:22 | 00,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
[2009/10/24 10:36:22 | 00,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2009/10/24 10:36:22 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2009/10/24 10:36:21 | 02,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2009/10/24 10:36:21 | 01,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009/10/24 10:36:21 | 00,891,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/10/24 10:36:21 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2009/10/24 10:36:21 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolss.dll
[2009/10/24 10:36:21 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2009/10/24 10:36:21 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe
[2009/10/24 10:36:20 | 00,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2009/10/24 10:36:20 | 00,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2009/10/24 10:36:20 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schedsvc.dll
[2009/10/24 10:36:20 | 00,406,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
[2009/10/24 10:36:20 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2009/10/24 10:36:20 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2009/10/24 10:36:20 | 00,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/10/24 10:36:19 | 03,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2009/10/24 10:36:19 | 00,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\es.dll
[2009/10/24 10:36:18 | 01,083,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ntfs.sys
[2009/10/24 10:36:18 | 00,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
[2009/10/24 10:36:18 | 00,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2009/10/24 10:36:18 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2009/10/24 10:36:18 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2009/10/24 10:36:18 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2009/10/24 10:36:17 | 01,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comsvcs.dll
[2009/10/24 10:36:17 | 00,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2009/10/24 10:36:17 | 00,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2009/10/24 10:36:17 | 00,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/10/24 10:36:17 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/10/24 10:36:17 | 00,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WebClnt.dll
[2009/10/24 10:36:17 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2009/10/24 10:36:16 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2009/10/24 10:36:16 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2009/10/24 10:36:16 | 01,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
[2009/10/24 10:36:15 | 01,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2009/10/24 10:36:15 | 00,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
[2009/10/24 10:36:15 | 00,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
[2009/10/24 10:36:15 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2009/10/24 10:36:15 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2009/10/24 10:36:15 | 00,576,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll
[2009/10/24 10:36:15 | 00,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2009/10/24 10:36:15 | 00,323,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/10/24 10:36:15 | 00,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2009/10/24 10:36:15 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/10/24 10:36:15 | 00,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/10/24 10:36:14 | 02,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/10/24 10:36:14 | 01,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2009/10/24 10:36:14 | 01,591,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
[2009/10/24 10:36:14 | 00,550,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/10/24 10:36:14 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2009/10/24 10:36:13 | 01,135,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2009/10/24 10:36:13 | 01,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2009/10/24 10:36:13 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
[2009/10/24 10:36:13 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2009/10/24 10:36:13 | 00,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2009/10/24 10:36:13 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2009/10/24 10:36:13 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2009/10/24 10:36:12 | 01,324,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
[2009/10/24 10:36:12 | 00,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys
[2009/10/24 10:36:12 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\photowiz.dll
[2009/10/24 10:36:12 | 00,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2009/10/24 10:36:12 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2009/10/24 10:36:11 | 01,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2009/10/24 10:36:11 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/10/24 10:36:11 | 00,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
[2009/10/24 10:36:11 | 00,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2009/10/24 10:36:11 | 00,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2009/10/24 10:36:11 | 00,563,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
[2009/10/24 10:36:11 | 00,483,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samsrv.dll
[2009/10/24 10:36:11 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/10/24 10:36:11 | 00,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2009/10/24 10:36:10 | 03,174,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
[2009/10/24 10:36:10 | 01,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2009/10/24 10:36:10 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2009/10/24 10:36:10 | 00,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IKEEXT.DLL
[2009/10/24 10:36:10 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/10/24 10:36:10 | 00,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiosrv.dll
[2009/10/24 10:36:10 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdbss.sys
[2009/10/24 10:36:10 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2009/10/24 10:36:10 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2009/10/24 10:36:09 | 01,160,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2009/10/24 10:36:09 | 01,055,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VSSVC.exe
[2009/10/24 10:36:09 | 00,807,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
[2009/10/24 10:36:09 | 00,679,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
[2009/10/24 10:36:09 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\emdmgmt.dll
[2009/10/24 10:36:09 | 00,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2009/10/24 10:36:09 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\QAGENTRT.DLL
[2009/10/24 10:36:09 | 00,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/10/24 10:36:09 | 00,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2009/10/24 10:36:09 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iphlpsvc.dll
[2009/10/24 10:36:09 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxdav.sys
[2009/10/24 10:36:08 | 01,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
[2009/10/24 10:36:08 | 00,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009/10/24 10:36:08 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2009/10/24 10:36:08 | 00,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2009/10/24 10:36:08 | 00,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2009/10/24 10:36:08 | 00,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbhub.sys
[2009/10/24 10:36:08 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2009/10/24 10:36:08 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2009/10/24 10:36:08 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/10/24 10:36:07 | 01,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2009/10/24 10:36:07 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2009/10/24 10:36:07 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2009/10/24 10:36:06 | 02,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2009/10/24 10:36:06 | 00,747,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmSvc.dll
[2009/10/24 10:36:06 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
[2009/10/24 10:36:06 | 00,311,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swprv.dll
[2009/10/24 10:36:05 | 01,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2009/10/24 10:36:05 | 00,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/10/24 10:36:05 | 00,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2009/10/24 10:36:05 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vds.exe
[2009/10/24 10:36:05 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2009/10/24 10:36:05 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BFE.DLL
[2009/10/24 10:36:05 | 00,199,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsldpc.dll
[2009/10/24 10:36:05 | 00,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2009/10/24 10:36:05 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfp.dll
[2009/10/24 10:36:05 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2009/10/24 10:36:05 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2009/10/24 10:36:05 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2009/10/24 10:36:04 | 01,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2009/10/24 10:36:04 | 01,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2009/10/24 10:36:04 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/10/24 10:36:04 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/10/24 10:36:04 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/10/24 10:36:04 | 00,287,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
[2009/10/24 10:36:04 | 00,279,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\services.exe
[2009/10/24 10:36:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2009/10/24 10:36:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2009/10/24 10:36:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2009/10/24 10:36:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2009/10/24 10:36:04 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2009/10/24 10:36:03 | 00,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2009/10/24 10:36:03 | 00,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2009/10/24 10:36:03 | 00,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2009/10/24 10:36:03 | 00,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/10/24 10:36:03 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
[2009/10/24 10:36:03 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcncsvc.dll
[2009/10/24 10:36:03 | 00,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2009/10/24 10:36:03 | 00,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2009/10/24 10:36:03 | 00,323,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
[2009/10/24 10:36:03 | 00,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/10/24 10:36:03 | 00,222,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\umpnpmgr.dll
[2009/10/24 10:36:03 | 00,180,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys
[2009/10/24 10:36:03 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2009/10/24 10:36:03 | 00,168,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
[2009/10/24 10:36:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2009/10/24 10:36:03 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2009/10/24 10:36:03 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2009/10/24 10:36:03 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2009/10/24 10:36:03 | 00,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/10/24 10:36:02 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/10/24 10:36:02 | 00,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2009/10/24 10:36:02 | 00,527,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/10/24 10:36:02 | 00,364,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPSECSVC.DLL
[2009/10/24 10:36:02 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2009/10/24 10:36:02 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/10/24 10:36:02 | 00,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\w32time.dll
[2009/10/24 10:36:02 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2009/10/24 10:36:02 | 00,241,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
[2009/10/24 10:36:02 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2009/10/24 10:36:02 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2009/10/24 10:36:02 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2009/10/24 10:36:02 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2009/10/24 10:36:02 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthserv.dll
[2009/10/24 10:36:02 | 00,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2009/10/24 10:36:02 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2009/10/24 10:36:01 | 00,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcomm.dll
[2009/10/24 10:36:01 | 00,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
[2009/10/24 10:36:01 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\termsrv.dll
[2009/10/24 10:36:01 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2009/10/24 10:36:01 | 00,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mtxclu.dll
[2009/10/24 10:36:01 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\profsvc.dll
[2009/10/24 10:36:01 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2009/10/24 10:36:01 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2009/10/24 10:36:01 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptsvc.dll
[2009/10/24 10:36:01 | 00,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetpp.dll
[2009/10/24 10:36:01 | 00,093,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/10/24 10:36:01 | 00,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/10/24 10:36:01 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hidserv.dll
[2009/10/24 10:36:00 | 01,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2009/10/24 10:36:00 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2009/10/24 10:36:00 | 01,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2009/10/24 10:36:00 | 00,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmans.dll
[2009/10/24 10:36:00 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2009/10/24 10:36:00 | 00,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsvcs.dll
[2009/10/24 10:36:00 | 00,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/10/24 10:36:00 | 00,149,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pci.sys
[2009/10/24 10:36:00 | 00,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2009/10/24 10:36:00 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2009/10/24 10:36:00 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2009/10/24 10:36:00 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msiexec.exe
[2009/10/24 10:35:59 | 01,122,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appwiz.cpl
[2009/10/24 10:35:59 | 00,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2009/10/24 10:35:59 | 00,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2009/10/24 10:35:59 | 00,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2009/10/24 10:35:59 | 00,265,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\acpi.sys
[2009/10/24 10:35:59 | 00,245,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/10/24 10:35:59 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pdh.dll
[2009/10/24 10:35:59 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
[2009/10/24 10:35:59 | 00,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrrun.dll
[2009/10/24 10:35:59 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
[2009/10/24 10:35:59 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wersvc.dll
[2009/10/24 10:35:59 | 00,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2009/10/24 10:35:59 | 00,109,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2009/10/24 10:35:59 | 00,053,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\termdd.sys
[2009/10/24 10:35:59 | 00,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2009/10/24 10:35:59 | 00,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2009/10/24 10:35:59 | 00,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/10/24 10:35:58 | 02,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2009/10/24 10:35:58 | 01,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2009/10/24 10:35:58 | 00,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2009/10/24 10:35:58 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2009/10/24 10:35:58 | 00,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/10/24 10:35:58 | 00,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
[2009/10/24 10:35:58 | 00,054,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\partmgr.sys
[2009/10/24 10:35:57 | 01,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2009/10/24 10:35:57 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2009/10/24 10:35:57 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUINotify.dll
[2009/10/24 10:35:57 | 00,048,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mup.sys
[2009/10/24 10:35:56 | 00,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2009/10/24 10:35:56 | 00,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2009/10/24 10:35:56 | 00,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/10/24 10:35:56 | 00,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2009/10/24 10:35:56 | 00,292,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys
[2009/10/24 10:35:56 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2009/10/24 10:35:56 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
[2009/10/24 10:35:56 | 00,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2009/10/24 10:35:56 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2009/10/24 10:35:56 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2009/10/24 10:35:56 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
[2009/10/24 10:35:56 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2009/10/24 10:35:56 | 00,053,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/10/24 10:35:56 | 00,043,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pciidex.sys
[2009/10/24 10:35:56 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2009/10/24 10:35:56 | 00,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2009/10/24 10:35:55 | 00,869,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printui.dll
[2009/10/24 10:35:55 | 00,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2009/10/24 10:35:55 | 00,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autochk.exe
[2009/10/24 10:35:55 | 00,226,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\volsnap.sys
[2009/10/24 10:35:55 | 00,190,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fltMgr.sys
[2009/10/24 10:35:55 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2009/10/24 10:35:55 | 00,141,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys
[2009/10/24 10:35:55 | 00,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2009/10/24 10:35:54 | 01,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
[2009/10/24 10:35:54 | 00,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009/10/24 10:35:54 | 00,161,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys
[2009/10/24 10:35:54 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2009/10/24 10:35:54 | 00,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2009/10/24 10:35:54 | 00,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2009/10/24 10:35:54 | 00,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2009/10/24 10:35:53 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2009/10/24 10:35:53 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
[2009/10/24 10:35:53 | 00,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2009/10/24 10:35:53 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
[2009/10/24 10:35:53 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2009/10/24 10:35:53 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2009/10/24 10:35:53 | 00,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/10/24 10:35:53 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2009/10/24 10:35:52 | 00,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2009/10/24 10:35:52 | 00,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2009/10/24 10:35:52 | 00,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2009/10/24 10:35:52 | 00,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2009/10/24 10:35:52 | 00,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2009/10/24 10:35:52 | 00,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
[2009/10/24 10:35:52 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netbt.sys
[2009/10/24 10:35:52 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
[2009/10/24 10:35:52 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnsrslvr.dll
[2009/10/24 10:35:51 | 00,971,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
[2009/10/24 10:35:51 | 00,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2009/10/24 10:35:51 | 00,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2009/10/24 10:35:51 | 00,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
[2009/10/24 10:35:51 | 00,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2009/10/24 10:35:51 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaservc.dll
[2009/10/24 10:35:51 | 00,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2009/10/24 10:35:51 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2009/10/24 10:35:51 | 00,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2009/10/24 10:35:51 | 00,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2009/10/24 10:35:51 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2009/10/24 10:35:51 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2009/10/24 10:35:51 | 00,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2009/10/24 10:35:51 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2009/10/24 10:35:51 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
[2009/10/24 10:35:51 | 00,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscript.exe
[2009/10/24 10:35:51 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2009/10/24 10:35:51 | 00,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2009/10/24 10:35:51 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2009/10/24 10:35:51 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2009/10/24 10:35:51 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2009/10/24 10:35:51 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2009/10/24 10:35:51 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys
[2009/10/24 10:35:51 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2009/10/24 10:35:51 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/10/24 10:35:51 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2009/10/24 10:35:50 | 01,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2009/10/24 10:35:50 | 01,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2009/10/24 10:35:50 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2009/10/24 10:35:50 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2009/10/24 10:35:50 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2009/10/24 10:35:50 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
[2009/10/24 10:35:50 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/10/24 10:35:50 | 00,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2009/10/24 10:35:50 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2009/10/24 10:35:50 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2009/10/24 10:35:50 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
[2009/10/24 10:35:50 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2009/10/24 10:35:50 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2009/10/24 10:35:50 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2009/10/24 10:35:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastapi.dll
[2009/10/24 10:35:50 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscsvc.dll
[2009/10/24 10:35:50 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2009/10/24 10:35:50 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2009/10/24 10:35:49 | 02,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2009/10/24 10:35:49 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2009/10/24 10:35:49 | 00,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2009/10/24 10:35:49 | 00,825,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdlg.dll
[2009/10/24 10:35:49 | 00,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\zipfldr.dll
[2009/10/24 10:35:49 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2009/10/24 10:35:49 | 00,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2009/10/24 10:35:49 | 00,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/10/24 10:35:49 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2009/10/24 10:35:49 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regsvc.dll
[2009/10/24 10:35:49 | 00,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshext.dll
[2009/10/24 10:35:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2009/10/24 10:35:49 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2009/10/24 10:35:48 | 01,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2009/10/24 10:35:48 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/10/24 10:35:48 | 00,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2009/10/24 10:35:48 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2009/10/24 10:35:48 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srvsvc.dll
[2009/10/24 10:35:48 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
[2009/10/24 10:35:48 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/10/24 10:35:48 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2009/10/24 10:35:48 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbehci.sys
[2009/10/24 10:35:48 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2009/10/24 10:35:48 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uxsms.dll
[2009/10/24 10:35:48 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsbyuv.dll
[2009/10/24 10:35:47 | 03,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2009/10/24 10:35:47 | 01,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2009/10/24 10:35:47 | 00,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2009/10/24 10:35:47 | 00,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2009/10/24 10:35:47 | 00,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstsc.exe
[2009/10/24 10:35:47 | 00,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
[2009/10/24 10:35:47 | 00,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2009/10/24 10:35:47 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
[2009/10/24 10:35:47 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstlsapi.dll
[2009/10/24 10:35:47 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
[2009/10/24 10:35:47 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2009/10/24 10:35:47 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2009/10/24 10:35:46 | 02,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2009/10/24 10:35:46 | 01,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2009/10/24 10:35:46 | 01,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2009/10/24 10:35:46 | 01,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2009/10/24 10:35:46 | 00,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2009/10/24 10:35:46 | 00,615,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll
[2009/10/24 10:35:46 | 00,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2009/10/24 10:35:46 | 00,175,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3svc.dll
[2009/10/24 10:35:46 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
[2009/10/24 10:35:46 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2009/10/24 10:35:46 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys
[2009/10/24 10:35:45 | 01,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2009/10/24 10:35:45 | 01,102,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmsys.cpl
[2009/10/24 10:35:45 | 00,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2009/10/24 10:35:45 | 00,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2009/10/24 10:35:45 | 00,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2009/10/24 10:35:45 | 00,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2009/10/24 10:35:45 | 00,306,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scesrv.dll
[2009/10/24 10:35:45 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/10/24 10:35:45 | 00,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tapisrv.dll
[2009/10/24 10:35:45 | 00,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2009/10/24 10:35:45 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2009/10/24 10:35:45 | 00,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys
[2009/10/24 10:35:45 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2009/10/24 10:35:45 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2009/10/24 10:35:45 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2009/10/24 10:35:45 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
[2009/10/24 10:35:45 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2009/10/24 10:35:45 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2009/10/24 10:35:45 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2009/10/24 10:35:45 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
[2009/10/24 10:35:45 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\regapi.dll
[2009/10/24 10:35:45 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2009/10/24 10:35:45 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2009/10/24 10:35:45 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2009/10/24 10:35:45 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2009/10/24 10:35:44 | 01,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2009/10/24 10:35:44 | 01,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2009/10/24 10:35:44 | 00,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2009/10/24 10:35:44 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2009/10/24 10:35:44 | 00,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2009/10/24 10:35:44 | 00,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2009/10/24 10:35:44 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2009/10/24 10:35:44 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2009/10/24 10:35:44 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2009/10/24 10:35:44 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2009/10/24 10:35:44 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/10/24 10:35:44 | 00,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2009/10/24 10:35:44 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2009/10/24 10:35:44 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2009/10/24 10:35:44 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perfdisk.dll
[2009/10/24 10:35:44 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2009/10/24 10:35:44 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2009/10/24 10:35:43 | 01,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSVidCtl.dll
[2009/10/24 10:35:43 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2009/10/24 10:35:43 | 00,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2009/10/24 10:35:43 | 00,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/10/24 10:35:43 | 00,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2009/10/24 10:35:43 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\afd.sys
[2009/10/24 10:35:43 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2009/10/24 10:35:43 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2009/10/24 10:35:43 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
[2009/10/24 10:35:43 | 00,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontext.dll
[2009/10/24 10:35:43 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpmon.dll
[2009/10/24 10:35:43 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll
[2009/10/24 10:35:43 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2009/10/24 10:35:43 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2009/10/24 10:35:43 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2009/10/24 10:35:43 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2009/10/24 10:35:43 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2009/10/24 10:35:43 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2009/10/24 10:35:43 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2009/10/24 10:35:42 | 06,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2009/10/24 10:35:42 | 02,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2009/10/24 10:35:42 | 00,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2009/10/24 10:35:42 | 00,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2009/10/24 10:35:42 | 00,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2009/10/24 10:35:42 | 00,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2009/10/24 10:35:42 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unimdm.tsp
[2009/10/24 10:35:42 | 00,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasppp.dll
[2009/10/24 10:35:42 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2009/10/24 10:35:42 | 00,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2009/10/24 10:35:42 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2009/10/24 10:35:42 | 00,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2009/10/24 10:35:42 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2009/10/24 10:35:42 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys
[2009/10/24 10:35:42 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys
[2009/10/24 10:35:42 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2009/10/24 10:35:42 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\npfs.sys
[2009/10/24 10:35:42 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2009/10/24 10:35:41 | 02,226,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
[2009/10/24 10:35:41 | 00,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2009/10/24 10:35:41 | 00,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2009/10/24 10:35:41 | 00,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2009/10/24 10:35:41 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netplwiz.dll
[2009/10/24 10:35:41 | 00,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\credui.dll
[2009/10/24 10:35:41 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2009/10/24 10:35:41 | 00,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fastfat.sys
[2009/10/24 10:35:41 | 00,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2009/10/24 10:35:41 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2009/10/24 10:35:41 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2009/10/24 10:35:41 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
[2009/10/24 10:35:41 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2009/10/24 10:35:41 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certprop.dll
[2009/10/24 10:35:40 | 00,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2009/10/24 10:35:40 | 00,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2009/10/24 10:35:40 | 00,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcsvc.dll
[2009/10/24 10:35:40 | 00,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2009/10/24 10:35:40 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/10/24 10:35:40 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2009/10/24 10:35:40 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2009/10/24 10:35:40 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2009/10/24 10:35:40 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2009/10/24 10:35:39 | 00,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2009/10/24 10:35:39 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2009/10/24 10:35:39 | 00,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2009/10/24 10:35:39 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\udfs.sys
[2009/10/24 10:35:39 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/10/24 10:35:39 | 00,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2009/10/24 10:35:39 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2009/10/24 10:35:39 | 00,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2009/10/24 10:35:39 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
[2009/10/24 10:35:39 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2009/10/24 10:35:39 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sendmail.dll
[2009/10/24 10:35:39 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys
[2009/10/24 10:35:39 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2009/10/24 10:35:39 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidusb.sys
[2009/10/24 10:35:38 | 00,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2009/10/24 10:35:38 | 00,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2009/10/24 10:35:38 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2009/10/24 10:35:38 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpwd.sys
[2009/10/24 10:35:38 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/10/24 10:35:38 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
[2009/10/24 10:35:38 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2009/10/24 10:35:38 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiswan.sys
[2009/10/24 10:35:38 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2009/10/24 10:35:38 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mprapi.dll
[2009/10/24 10:35:38 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/10/24 10:35:38 | 00,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2009/10/24 10:35:38 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/10/24 10:35:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2009/10/24 10:35:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys
[2009/10/24 10:35:38 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2009/10/24 10:35:38 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2009/10/24 10:35:38 | 00,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2009/10/24 10:35:38 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2009/10/24 10:35:38 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2009/10/24 10:35:38 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2009/10/24 10:35:38 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2009/10/24 10:35:38 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/10/24 10:35:38 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshbth.dll
[2009/10/24 10:35:38 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2009/10/24 10:35:38 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
[2009/10/24 10:35:38 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2009/10/24 10:35:38 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/10/24 10:35:38 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2009/10/24 10:35:38 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscdll.dll
[2009/10/24 10:35:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2009/10/24 10:35:38 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2009/10/24 10:35:38 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\version.dll
[2009/10/24 10:35:38 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2009/10/24 10:35:38 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2009/10/24 10:35:38 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2009/10/24 10:35:38 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2009/10/24 10:35:38 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2009/10/24 10:35:37 | 00,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys
[2009/10/24 10:35:37 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2009/10/24 10:35:37 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2009/10/24 10:35:37 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2009/10/24 10:35:37 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys
[2009/10/24 10:35:37 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2009/10/24 10:35:37 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/10/24 10:35:37 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2009/10/24 10:35:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2009/10/24 10:35:37 | 00,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2009/10/24 10:35:37 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2009/10/24 10:35:37 | 00,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2009/10/24 10:35:37 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2009/10/24 10:35:37 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2009/10/24 10:35:37 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2009/10/24 10:35:37 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2009/10/24 10:35:37 | 00,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2009/10/24 10:35:37 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2009/10/24 10:35:37 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2009/10/24 10:35:37 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
[2009/10/24 10:35:37 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2009/10/24 10:35:37 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2009/10/24 10:35:37 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2009/10/24 10:35:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2009/10/24 10:35:37 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2009/10/24 10:35:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2009/10/24 10:35:37 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2009/10/24 10:35:37 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2009/10/24 10:35:36 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bridge.sys
[2009/10/24 10:35:36 | 00,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2009/10/24 10:35:36 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2009/10/24 10:35:36 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
[2009/10/24 10:35:36 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
[2009/10/24 10:35:36 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2009/10/24 10:35:35 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\raspppoe.sys
[2009/10/24 10:35:35 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2009/10/24 10:35:35 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2009/10/24 10:35:24 | 00,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2009/10/24 10:35:24 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2009/10/24 10:35:24 | 00,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2009/10/24 10:35:20 | 00,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2009/10/23 21:52:13 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/10/23 16:39:51 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\manufacturer
[2009/10/23 09:39:48 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009/10/23 09:23:07 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/23 09:23:07 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/23 09:23:06 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/23 09:23:06 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/10/23 09:23:06 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/10/23 09:23:06 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/23 09:23:05 | 00,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/23 09:23:05 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/10/23 09:23:05 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/10/23 09:23:05 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/10/23 09:23:04 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/23 09:23:04 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/23 09:23:04 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/10/23 09:23:04 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/23 09:23:04 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/10/23 09:23:04 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/10/23 09:23:03 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/10/23 09:23:03 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/23 09:23:02 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/23 09:23:01 | 05,940,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/23 09:21:05 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/10/23 09:21:05 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/10/23 09:21:05 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/10/23 09:21:05 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/10/23 09:21:04 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/10/23 09:21:04 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/10/23 09:21:04 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/10/23 09:21:04 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/10/23 09:21:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/10/23 09:21:03 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/10/23 09:21:03 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/10/23 09:21:02 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/10/23 09:21:02 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/10/23 09:21:01 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/10/23 09:21:01 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/23 09:21:01 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/10/23 09:21:01 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/10/23 09:21:01 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/10/23 09:21:01 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/10/23 09:21:00 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/23 09:21:00 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/10/23 09:21:00 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/10/23 09:20:59 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/23 09:20:59 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/10/23 09:20:59 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/10/23 09:20:58 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/23 09:20:57 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/10/23 09:20:57 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/10/23 09:20:57 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/10/23 09:20:57 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/10/23 09:20:57 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/10/23 09:20:57 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/10/23 09:20:57 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/10/21 17:05:26 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\gmer
[2009/10/21 16:59:45 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\GooredFix Backups
[2009/10/21 16:53:22 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/10/21 16:33:27 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Users\Jenny\Documents\GooredFix.exe
[2009/10/21 12:11:12 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/10/21 11:27:08 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/10/20 19:46:54 | 01,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2009/10/20 19:46:54 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/10/20 19:46:51 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/10/20 19:46:22 | 00,904,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/10/20 19:46:21 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/10/20 19:46:20 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys
[2009/10/20 19:46:19 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/10/20 19:46:19 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/10/20 19:46:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/10/20 19:46:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/10/20 19:46:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/10/20 19:46:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/10/20 19:46:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/10/20 19:46:18 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/10/20 19:45:27 | 01,259,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/10/20 19:45:26 | 00,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/20 19:45:25 | 00,439,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/10/20 19:45:25 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/10/20 19:45:24 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/10/20 19:45:24 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/10/20 19:06:38 | 00,513,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/10/20 19:06:38 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/10/20 19:06:38 | 00,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2009/10/20 19:06:37 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/10/20 19:06:37 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/10/20 19:06:37 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2009/10/20 19:05:04 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/10/20 19:05:03 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/10/20 19:05:01 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2009/10/20 19:05:01 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2009/10/20 19:05:01 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2009/10/20 19:05:00 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2009/10/20 18:56:50 | 03,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/20 18:56:49 | 03,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/20 18:16:46 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/20 18:16:40 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/20 17:46:28 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/19 16:23:23 | 00,221,184 | ---- | C] (AX Gold Software Limited) -- C:\Users\Jenny\Documents\weblinkchecker.exe
[2009/10/18 22:55:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/18 22:49:05 | 00,000,000 | R--D | C] -- C:\autorun.inf
[2009/10/18 21:18:12 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\sitemapmaker
[2009/10/18 20:01:43 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:01:23 | 00,472,064 | ---- | C] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 19:58:27 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:57:56 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/17 22:52:16 | 00,000,000 | ---D | C] -- C:\Users\Jenny\Documents\ClubLive Bot
[2009/10/17 21:11:16 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 19:48:44 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/10/17 18:40:58 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 18:40:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/10/17 18:27:34 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 15:40:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/17 15:40:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/17 15:40:50 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/17 15:40:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/17 15:39:44 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/16 15:11:34 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/12 11:40:31 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2009/10/12 11:40:30 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2009/10/02 01:28:33 | 00,000,000 | ---D | C] -- C:\GameHouse Games

========== Files - Modified Within 30 Days ==========

[1 C:\Users\Jenny\Documents\*.tmp files]
[2009/10/30 16:14:22 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/10/30 16:14:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/10/30 16:14:22 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/10/30 16:14:21 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/10/30 15:49:05 | 00,840,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/30 15:49:05 | 00,707,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/30 15:49:05 | 00,143,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/30 15:42:48 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 15:42:48 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/30 15:42:20 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/30 15:42:16 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/30 15:41:49 | 32,110,59200 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/29 21:16:57 | 03,549,218 | -H-- | M] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/10/29 21:15:51 | 00,871,654 | ---- | M] () -- C:\Users\Jenny\Desktop\look and delete.htm
[2009/10/29 18:49:52 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
[2009/10/29 15:50:28 | 02,306,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/29 00:08:55 | 00,014,038 | ---- | M] () -- C:\Users\Jenny\Documents\Hair Extension Suppliers.docx
[2009/10/28 21:21:44 | 00,036,647 | ---- | M] () -- C:\Users\Jenny\Documents\Hi hammerman.docx
[2009/10/28 21:16:13 | 00,000,530 | ---- | M] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/26 23:07:13 | 00,000,949 | ---- | M] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 16:33:48 | 00,012,198 | ---- | M] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:35:47 | 01,569,462 | ---- | M] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:46:19 | 00,001,252 | ---- | M] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 19:59:04 | 00,001,673 | ---- | M] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | M] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:31:00 | 00,036,320 | ---- | M] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:34 | 00,026,989 | ---- | M] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/24 20:41:16 | 00,001,675 | ---- | M] () -- C:\Users\Jenny\Desktop\CCleaner.lnk
[2009/10/24 20:40:18 | 03,309,072 | ---- | M] (Piriform Ltd) -- C:\Users\Jenny\Documents\ccsetup224.exe
[2009/10/24 20:22:19 | 00,678,936 | ---- | M] () -- C:\Users\Jenny\Desktop\GameHouse-Installer_am-4elements_gamehouse_.exe
[2009/10/24 19:39:47 | 00,000,800 | ---- | M] () -- C:\Users\Jenny\Desktop\Super Bounce Out.lnk
[2009/10/24 19:35:13 | 00,000,775 | ---- | M] () -- C:\Users\Jenny\Desktop\Scuba in Aruba.lnk
[2009/10/24 10:58:17 | 00,000,876 | ---- | M] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:58:17 | 00,000,788 | ---- | M] () -- C:\Users\Jenny\Desktop\Lemonade Tycoon.lnk
[2009/10/24 10:56:03 | 00,000,916 | ---- | M] () -- C:\Users\Jenny\Desktop\Little Shop of Treasures.lnk
[2009/10/24 10:35:20 | 00,045,043 | ---- | M] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf
[2009/10/23 16:36:44 | 00,000,435 | ---- | M] () -- C:\Users\Jenny\Documents\manufacturer.zip
[2009/10/23 13:20:10 | 00,101,528 | ---- | M] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/23 13:11:57 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/10/23 09:32:32 | 00,000,422 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2009/10/23 09:25:00 | 00,000,240 | ---- | M] () -- C:\Windows\win.ini
[2009/10/22 23:11:39 | 00,013,848 | ---- | M] () -- C:\Users\Jenny\Documents\Towards Independence - Commerce Notes.docx
[2009/10/21 20:38:52 | 00,464,432 | ---- | M] () -- C:\Users\Jenny\Documents\Membership Application Form 2009-2010.pdf
[2009/10/21 17:02:10 | 00,282,833 | ---- | M] () -- C:\Users\Jenny\Documents\gmer.zip
[2009/10/21 16:49:22 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/10/21 16:33:34 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Users\Jenny\Documents\GooredFix.exe
[2009/10/20 22:34:33 | 00,025,600 | ---- | M] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:11:32 | 03,489,792 | ---- | M] () -- C:\Users\Jenny\Documents\PC Tools Log.doc
[2009/10/20 17:53:26 | 05,452,228 | ---- | M] () -- C:\Users\Jenny\Documents\Big Bang - Crazy Dog.mp3
[2009/10/20 17:33:43 | 00,809,855 | ---- | M] () -- C:\Users\Jenny\Documents\infections 20-10.htm
[2009/10/20 17:14:09 | 00,071,798 | ---- | M] () -- C:\Users\Jenny\Documents\JavaRa.zip
[2009/10/19 16:29:21 | 00,040,753 | ---- | M] () -- C:\Users\Jenny\Documents\code.zip
[2009/10/19 16:28:21 | 00,658,217 | ---- | M] () -- C:\Users\Jenny\Documents\getpaidtoshop-p.zip
[2009/10/19 16:27:58 | 00,044,842 | ---- | M] () -- C:\Users\Jenny\Documents\bookmark-p.zip
[2009/10/19 16:25:28 | 00,221,184 | ---- | M] (AX Gold Software Limited) -- C:\Users\Jenny\Documents\weblinkchecker.exe
[2009/10/19 12:32:44 | 01,173,077 | ---- | M] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:32:21 | 00,697,981 | ---- | M] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:28:45 | 00,779,661 | ---- | M] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/19 12:27:40 | 00,007,324 | ---- | M] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/18 22:46:58 | 00,132,597 | ---- | M] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:19:17 | 00,684,806 | ---- | M] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 21:03:39 | 01,036,811 | ---- | M] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 21:01:38 | 01,261,404 | ---- | M] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:58:24 | 00,177,362 | ---- | M] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | M] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | M] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | M] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 20:07:36 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\OTL.exe
[2009/10/18 20:04:08 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jenny\Documents\erunt_setup.exe
[2009/10/18 20:03:33 | 00,472,064 | ---- | M] ( ) -- C:\Users\Jenny\Documents\RootRepeal.exe
[2009/10/18 19:59:50 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jenny\Documents\SysRestorePoint.exe
[2009/10/18 19:59:05 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Users\Jenny\Documents\TFC.exe
[2009/10/18 12:27:45 | 00,459,659 | ---- | M] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,813 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:49:01 | 00,422,906 | ---- | M] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | M] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 21:19:06 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jenny\Documents\HJTInstall.exe
[2009/10/17 18:41:00 | 00,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 18:39:22 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jenny\Documents\mbam-setup.exe
[2009/10/17 14:40:00 | 00,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/17 14:34:44 | 00,180,192 | ---- | M] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/17 13:32:59 | 00,001,731 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/17 13:31:54 | 00,002,413 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | M] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 10:03:05 | 00,339,968 | ---- | M] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:37:43 | 06,818,297 | ---- | M] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 02:21:29 | 00,053,253 | ---- | M] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 01:46:42 | 00,305,910 | ---- | M] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:20 | 00,009,986 | ---- | M] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/14 03:13:13 | 00,012,795 | ---- | M] () -- C:\Users\Jenny\Documents\girraween appeal.docx
[2009/10/12 11:33:31 | 00,053,760 | ---- | M] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:14 | 00,055,296 | ---- | M] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/09 19:37:31 | 00,010,493 | ---- | M] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | M] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/10/02 02:54:48 | 00,001,715 | ---- | M] () -- C:\Users\Jenny\Desktop\LimeWire PRO 5.2.13.lnk
[2009/10/02 02:51:30 | 00,000,816 | ---- | M] () -- C:\Users\Jenny\Desktop\Brain Spa.lnk
[2009/10/02 02:15:27 | 00,000,802 | ---- | M] () -- C:\Users\Jenny\Desktop\Brain Train Age.lnk
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/29 21:15:48 | 00,871,654 | ---- | C] () -- C:\Users\Jenny\Desktop\look and delete.htm
[2009/10/28 23:34:16 | 00,014,038 | ---- | C] () -- C:\Users\Jenny\Documents\Hair Extension Suppliers.docx
[2009/10/28 21:21:43 | 00,036,647 | ---- | C] () -- C:\Users\Jenny\Documents\Hi hammerman.docx
[2009/10/28 21:16:13 | 00,000,530 | ---- | C] () -- C:\Users\Jenny\Desktop\OTL.exe - Shortcut.lnk
[2009/10/26 23:07:13 | 00,000,949 | ---- | C] () -- C:\Users\Jenny\Desktop\Windows Media Player (2).lnk
[2009/10/26 15:47:54 | 00,012,198 | ---- | C] () -- C:\Users\Jenny\Documents\Lockerz ad.docx
[2009/10/26 00:28:15 | 01,569,462 | ---- | C] () -- C:\Users\Jenny\Documents\Malouf_Mothers_Day07.pdf
[2009/10/25 21:41:19 | 00,001,252 | ---- | C] () -- C:\Users\Jenny\Desktop\gmer.exe - Shortcut.lnk
[2009/10/25 16:47:34 | 00,004,172 | ---- | C] () -- C:\Users\Jenny\Documents\kaspersky report.html
[2009/10/25 16:27:29 | 00,036,320 | ---- | C] () -- C:\Users\Jenny\Documents\Properties of Shapes.docx
[2009/10/25 12:54:22 | 00,026,989 | ---- | C] () -- C:\Users\Jenny\Documents\0789215 RMA.PDF
[2009/10/24 20:20:34 | 00,678,936 | ---- | C] () -- C:\Users\Jenny\Desktop\GameHouse-Installer_am-4elements_gamehouse_.exe
[2009/10/24 19:39:47 | 00,000,800 | ---- | C] () -- C:\Users\Jenny\Desktop\Super Bounce Out.lnk
[2009/10/24 19:35:13 | 00,000,775 | ---- | C] () -- C:\Users\Jenny\Desktop\Scuba in Aruba.lnk
[2009/10/24 10:58:17 | 00,000,876 | ---- | C] () -- C:\Windows\$_hpcst$.hpc
[2009/10/24 10:58:17 | 00,000,788 | ---- | C] () -- C:\Users\Jenny\Desktop\Lemonade Tycoon.lnk
[2009/10/24 10:56:03 | 00,000,916 | ---- | C] () -- C:\Users\Jenny\Desktop\Little Shop of Treasures.lnk
[2009/10/24 10:36:22 | 00,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2009/10/24 10:36:20 | 00,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2009/10/24 10:36:14 | 00,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2009/10/24 10:36:13 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:36:13 | 00,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/24 10:36:11 | 03,662,128 | ---- | C] () -- C:\Windows\System32\locale.nls
[2009/10/24 10:36:11 | 00,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2009/10/24 10:36:08 | 00,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2009/10/24 10:36:00 | 00,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2009/10/24 10:35:59 | 00,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2009/10/24 10:35:36 | 00,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2009/10/24 10:35:32 | 00,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2009/10/24 10:35:20 | 00,045,043 | ---- | C] () -- C:\Users\Jenny\Documents\chanel-voucher00.pdf
[2009/10/23 16:36:43 | 00,000,435 | ---- | C] () -- C:\Users\Jenny\Documents\manufacturer.zip
[2009/10/23 09:23:04 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/10/23 09:20:54 | 00,045,056 | ---- | C] () -- C:\Windows\System32\KmRemove.exe
[2009/10/22 21:48:31 | 00,013,848 | ---- | C] () -- C:\Users\Jenny\Documents\Towards Independence - Commerce Notes.docx
[2009/10/21 20:35:31 | 00,464,432 | ---- | C] () -- C:\Users\Jenny\Documents\Membership Application Form 2009-2010.pdf
[2009/10/21 16:32:57 | 00,282,833 | ---- | C] () -- C:\Users\Jenny\Documents\gmer.zip
[2009/10/20 20:11:21 | 03,489,792 | ---- | C] () -- C:\Users\Jenny\Documents\PC Tools Log.doc
[2009/10/20 19:06:39 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/10/20 17:33:41 | 00,809,855 | ---- | C] () -- C:\Users\Jenny\Documents\infections 20-10.htm
[2009/10/20 17:32:17 | 05,452,228 | ---- | C] () -- C:\Users\Jenny\Documents\Big Bang - Crazy Dog.mp3
[2009/10/20 17:13:55 | 00,071,798 | ---- | C] () -- C:\Users\Jenny\Documents\JavaRa.zip
[2009/10/19 16:29:18 | 00,040,753 | ---- | C] () -- C:\Users\Jenny\Documents\code.zip
[2009/10/19 16:25:40 | 00,658,217 | ---- | C] () -- C:\Users\Jenny\Documents\getpaidtoshop-p.zip
[2009/10/19 16:23:16 | 00,044,842 | ---- | C] () -- C:\Users\Jenny\Documents\bookmark-p.zip
[2009/10/19 12:27:24 | 00,007,324 | ---- | C] () -- C:\Users\Jenny\Documents\articlesyndicate-p.zip
[2009/10/19 12:27:07 | 01,173,077 | ---- | C] () -- C:\Users\Jenny\Documents\scripts_2_sell123.zip
[2009/10/19 12:26:56 | 00,697,981 | ---- | C] () -- C:\Users\Jenny\Documents\ebaymoney-p.exe
[2009/10/19 12:26:02 | 00,779,661 | ---- | C] () -- C:\Users\Jenny\Documents\apm.zip
[2009/10/18 22:46:34 | 00,132,597 | ---- | C] () -- C:\Users\Jenny\Documents\Flash_Disinfector.exe
[2009/10/18 21:15:58 | 00,684,806 | ---- | C] () -- C:\Users\Jenny\Documents\16dassys.exe
[2009/10/18 20:54:32 | 01,036,811 | ---- | C] () -- C:\Users\Jenny\Documents\AdvancedSiteSubmitter.zip
[2009/10/18 20:54:26 | 01,261,404 | ---- | C] () -- C:\Users\Jenny\Documents\sitemapmaker.zip
[2009/10/18 20:52:05 | 00,177,362 | ---- | C] () -- C:\Users\Jenny\Documents\truth.zip
[2009/10/18 20:26:03 | 00,000,000 | ---- | C] () -- C:\Users\Jenny\Documents\settings.dat
[2009/10/18 20:18:14 | 00,000,738 | ---- | C] () -- C:\Users\Jenny\Desktop\NTREGOPT.lnk
[2009/10/18 20:18:14 | 00,000,719 | ---- | C] () -- C:\Users\Jenny\Desktop\ERUNT.lnk
[2009/10/18 12:25:31 | 00,459,659 | ---- | C] () -- C:\Users\Jenny\Documents\Loc Anh Huynh.pdf
[2009/10/18 02:14:52 | 00,000,813 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan.lnk
[2009/10/17 22:45:50 | 00,422,906 | ---- | C] () -- C:\Users\Jenny\Documents\ClubLive Bot.rar
[2009/10/17 21:19:33 | 00,001,879 | ---- | C] () -- C:\Users\Jenny\Desktop\HijackThis.lnk
[2009/10/17 18:41:00 | 00,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2009/10/17 15:40:50 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/17 15:40:50 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/17 15:40:50 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/17 15:40:50 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/17 14:34:44 | 00,180,192 | ---- | C] () -- C:\Users\Jenny\Documents\Nitrogen Cycle.docx
[2009/10/16 01:39:13 | 00,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/10/15 23:57:13 | 00,000,104 | ---- | C] () -- C:\Users\Jenny\Desktop\Outlook.lnk
[2009/10/15 09:51:21 | 00,339,968 | ---- | C] () -- C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe
[2009/10/15 02:21:01 | 00,053,253 | ---- | C] () -- C:\Users\Jenny\Documents\PS_MinimumQTY_ps1.1.zip
[2009/10/15 02:05:16 | 06,818,297 | ---- | C] () -- C:\Users\Jenny\Documents\prestashop_1.2.4.0.zip
[2009/10/15 01:44:51 | 00,305,910 | ---- | C] () -- C:\Users\Jenny\Documents\1255574692-125e4209.sql.gz
[2009/10/15 00:57:19 | 00,009,986 | ---- | C] () -- C:\Users\Jenny\Documents\nice quotes.docx
[2009/10/12 11:40:46 | 00,002,413 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/12 11:35:16 | 00,001,731 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/10/12 11:33:30 | 00,053,760 | ---- | C] () -- C:\Users\Jenny\Documents\YG.doc
[2009/10/12 11:33:11 | 00,055,296 | ---- | C] () -- C:\Users\Jenny\Documents\audition_us_2005_yg.doc
[2009/10/09 19:37:27 | 00,010,493 | ---- | C] () -- C:\Users\Jenny\Documents\4 hour email promotion 09-10-09.docx
[2009/10/09 17:44:44 | 00,093,479 | ---- | C] () -- C:\Windows\Email Marketing Pro Uninstaller.exe
[2009/10/05 18:12:33 | 00,001,673 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2009/10/02 02:54:48 | 00,001,715 | ---- | C] () -- C:\Users\Jenny\Desktop\LimeWire PRO 5.2.13.lnk
[2009/10/02 02:51:30 | 00,000,816 | ---- | C] () -- C:\Users\Jenny\Desktop\Brain Spa.lnk
[2009/10/02 02:15:27 | 00,000,802 | ---- | C] () -- C:\Users\Jenny\Desktop\Brain Train Age.lnk
[2009/09/18 19:50:55 | 00,000,680 | ---- | C] () -- C:\Users\Jenny\AppData\Local\d3d9caps.dat
[2009/07/30 09:39:35 | 00,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/07/30 09:26:18 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/07/14 01:51:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/02 14:12:32 | 00,000,600 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\winscp.rnd
[2009/07/01 19:54:30 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/05/23 14:53:24 | 00,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2009/04/07 19:55:22 | 00,099,864 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\GDIPFONTCACHEV1.DAT
[2009/04/06 23:21:11 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/25 11:24:39 | 00,025,600 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/05 19:36:04 | 00,000,213 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/02/05 19:36:04 | 00,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/02/05 19:22:54 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/02/05 19:22:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/01/30 22:06:32 | 00,024,206 | ---- | C] () -- C:\Users\Jenny\AppData\Roaming\UserTile.png
[2009/01/30 22:00:57 | 03,549,218 | -H-- | C] () -- C:\Users\Jenny\AppData\Local\IconCache.db
[2009/01/30 21:12:38 | 00,101,528 | ---- | C] () -- C:\Users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/02/11 19:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/12/27 18:27:18 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/12/27 18:27:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1277.dll
[2006/11/07 10:57:56 | 00,049,152 | ---- | C] () -- C:\Windows\System32\RunSetup.dll
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 21:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/09/02 02:49:17 | 03,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\ERDNT\cache\scecli.dll -> [2008/01/21 13:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\System32\scecli.dll -> [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/21 13:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/11 17:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\ERDNT\cache\netlogon.dll -> [2008/01/21 13:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\System32\netlogon.dll -> [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/21 13:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/11 17:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\ERDNT\cache\cngaudit.dll -> [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)
cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 20:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\drivers\nvstor.sys -> [2008/01/21 13:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/21 13:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 20:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation)
nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/21 13:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation)

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\drivers\atapi.sys -> [2009/04/11 17:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys -> [2009/04/11 17:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 20:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/21 13:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/21 13:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/11 17:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\ERDNT\cache\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\drivers\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 20:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)
AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/21 13:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Users\All Users\TEMP:430C6D84
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 129 bytes -> C:\Users\All Users\TEMP:1CA73D29
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 108 bytes -> C:\Users\All Users\TEMP:2785F3BB
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:2785F3BB
< End of report >
  • 0

#27
hammerman
Posted 30 October 2009 - 01:19 PM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

Are you redirected with both Internet Explorer and Firefox?
Do you recognise these sites: alipay.com, alisoft.com, taobao.com

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 2 --

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • update_for_media_player_(KB972036).exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
-- Step 3 --

Run Combofix again and post the log.
  • 0

#28
applestarz
Posted 02 November 2009 - 02:24 AM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi hammerman. I searched for update_for_media_player_(KB972036).exe on my computer however I couldn't find it. Do you want me to proceed with step 3?

Here is the OTL lOG:
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jenny
File delete failed. C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\2140 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET8CB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JET938.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETA13.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETAEE.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Temp\JETF042.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 1324640 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WONRUI3Q\en[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FY00KJD\openhand_8_8[1].bmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 3052552 bytes
->Java cache emptied: 25493434 bytes
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 98621608 bytes
->Google Chrome cache emptied: 1905008 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 708064 bytes
RecycleBin emptied: 610583 bytes

Total Files Cleaned = 125.61 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.0.21.0 log created on 11022009_170600

Files\Folders moved on Reboot...
File\Folder C:\Users\Jenny\AppData\Local\Temp\hsperfdata_Jenny\2140 not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET8CB.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JET938.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETA13.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETAEE.tmp not found!
File\Folder C:\Users\Jenny\AppData\Local\Temp\JETF042.tmp not found!
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WONRUI3Q\en[1].htm moved successfully.
C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FY00KJD\openhand_8_8[1].bmp moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\urlclassifier3.sqlite moved successfully.
C:\Users\Jenny\AppData\Local\Mozilla\Firefox\Profiles\s7dorkb6.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#29
hammerman
Posted 02 November 2009 - 04:53 AM

hammerman

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,183 posts
Hello,

I should have given you the full path to that file. It is

C:\Users\Jenny\Documents\update_for_media_player_(KB972036).exe

Yes, you can carry on with step 3. Can you also answer the questions about the 3 web sites and whether you are redirected with both IE and Firefox.

Cheers.
  • 0

#30
applestarz
Posted 02 November 2009 - 05:57 AM

applestarz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi there

Yes I recognise the three websites.

As for the redirection, it only redirects with Mozilla Firefox. I usually only use Mozilla Firefox because it's faster but I tried googling today in IE and I wasn't redirected. Thanks for your continual help :)

Here are the results for Virscan: I'm very shocked!

VirSCAN.org Scanned Report :
Scanned time : 2009/11/02 21:12:51 (EST)
Scanner results: 22% Scanner(s) (8/37) found malware!
File Name : update_for_media_player_(KB972036).exe
File Size : 339968 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 4627f361a1be80dba121b405694ab4de
SHA1 : f80bd48804693011ae6132654d6619d5f6609eea
Online report : http://virscan.org/r...9a6199cef6.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091102183636 2009-11-02 4.27 -
AhnLab V3 2009.11.02.00 2009.11.02 2009-11-02 0.98 -
AntiVir 8.2.1.53 7.1.6.175 2009-11-02 0.10 ADWARE/Adware.Gen
Antiy 2.0.18 20091102.3201984 2009-11-02 0.12 -
Arcavir 2009 200911010804 2009-11-01 0.05 -
Authentium 5.1.1 200911011547 2009-11-01 1.18 -
AVAST! 4.7.4 091101-1 2009-11-01 0.04 -
AVG 8.5.288 270.14.44/2475 2009-11-02 0.30 Downloader.Generic8.CDCQ
BitDefender 7.81008.4480740 7.28707 2009-11-02 3.87 Trojan.Generic.2526719
CA (VET) 35.1.0 7094 2009-10-30 7.28 -
ClamAV 0.95.2 9971 2009-11-01 0.06 -
Comodo 3.12 2813 2009-11-02 0.90 -
CP Secure 1.3.0.5 2009.10.30 2009-10-30 0.00 -
Dr.Web 4.44.0.9170 2009.11.02 2009-11-02 6.25 Trojan.MulDrop.35979
F-Prot 4.4.4.56 20091101 2009-11-01 1.20 -
F-Secure 7.02.73807 2009.11.02.04 2009-11-02 8.74 -
Fortinet 2.81-3.120 11.13 2009-11-02 0.25 -
GData 19.8693/19.531 20091102 2009-11-02 5.58 -
ViRobot 20091102 2009.11.02 2009-11-02 0.44 -
Ikarus T3.1.01.72 2009.11.02.74403 2009-11-02 4.28 -
JiangMin 11.0.800 2009.11.02 2009-11-02 4.17 -
Kaspersky 5.5.10 2009.11.02 2009-11-02 0.07 -
KingSoft 2009.2.5.15 2009.11.2.16 2009-11-02 0.51 -
McAfee 5.3.00 5789 2009-11-01 3.35 Downloader-BMN
Microsoft 1.5202 2009.11.02 2009-11-02 8.74 TrojanDownloader:Win32/Tracur.A
Norman 6.01.09 6.01.00 2009-11-01 4.00 W32/DLoader.AAONN
Panda 9.05.01 2009.10.31 2009-10-31 1.76 Generic Trojan
Trend Micro 8.700-1004 6.596.04 2009-11-02 0.08 -
Quick Heal 10.00 2009.11.02 2009-11-02 1.28 -
Rising 20.0 21.54.03.00 2009-11-02 0.84 -
Sophos 3.00.1 4.46 2009-11-02 2.83 -
Sunbelt 5482 5482 2009-11-01 1.87 -
Symantec 1.3.0.24 20091031.035 2009-10-31 0.00 -
nProtect 20091030.01 6063347 2009-10-30 7.70 -
The Hacker 6.5.0.2 v00058 2009-10-31 0.75 -
VBA32 3.12.10.11 20091101.2111 2009-11-01 2.05 -
VirusBuster 4.5.11.10 10.113.4/1996453 2009-11-02 2.52 -


Combofix Log:
ComboFix 09-11-01.04 - Jenny 02/11/2009 22:38.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3062.1990 [GMT 11:00]
Running from: c:\users\Jenny\Desktop\ComboFix.exe
FW: Internet Security Firewall *enabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 11:52 . 2009-11-02 11:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-02 11:52 . 2009-11-02 11:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-02 08:41 . 2009-11-02 08:41 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM5.dll
2009-11-02 05:33 . 2009-11-02 05:33 -------- d-----w- c:\programdata\Zylom
2009-11-02 05:33 . 2009-11-02 05:33 -------- d-----w- c:\program files\Zylom Games
2009-10-31 00:29 . 2009-10-31 00:29 -------- d-----w- c:\program files\Graboid
2009-10-30 09:01 . 2009-10-30 09:01 -------- d-----w- c:\users\Jenny\AppData\Local\Grubby Games
2009-10-30 08:57 . 2009-10-30 08:57 1078 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{8A898DE2-15E4-434E-A30E-0FAF0B2F106A}\_7A640DC41DCB4FD441882E.exe
2009-10-30 08:57 . 2009-10-30 08:57 1078 ----a-r- c:\users\Jenny\AppData\Roaming\Microsoft\Installer\{8A898DE2-15E4-434E-A30E-0FAF0B2F106A}\_215D5AED555C35071E1CE6.exe
2009-10-30 08:57 . 2009-10-30 08:57 -------- d-----w- c:\program files\Yuri Software HEdit
2009-10-30 08:49 . 2009-10-30 09:01 -------- d-----w- c:\program files\My Tribe
2009-10-30 05:21 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-30 05:21 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-30 05:21 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-30 05:21 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-30 05:20 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-30 05:20 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-30 05:20 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-30 05:20 . 2009-08-06 08:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-30 05:20 . 2009-08-06 07:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 13:14 . 2009-10-28 13:14 -------- d-----w- c:\windows\system32\ca-ES
2009-10-28 13:14 . 2009-10-28 13:14 -------- d-----w- c:\windows\system32\eu-ES
2009-10-28 13:14 . 2009-10-28 13:14 -------- d-----w- c:\windows\system32\vi-VN
2009-10-28 11:34 . 2009-10-28 11:34 -------- d-----w- c:\windows\system32\EventProviders
2009-10-28 05:02 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 05:02 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-24 13:31 . 2009-10-24 13:31 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-23 23:35 . 2009-04-11 06:32 122344 ----a-w- c:\windows\system32\drivers\Storport.sys
2009-10-22 22:39 . 2009-10-22 22:39 -------- d-----w- c:\windows\Panther
2009-10-22 22:21 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-22 22:20 . 2009-03-08 11:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-10-22 22:20 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe
2009-10-22 22:20 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2009-10-22 22:20 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2009-10-22 22:20 . 2009-03-08 11:33 103936 ----a-w- c:\windows\system32\SetDepNx.exe
2009-10-22 22:20 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe
2009-10-22 22:20 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2009-10-22 22:20 . 2009-11-02 07:45 -------- d-----w- c:\program files\KMaestro
2009-10-22 22:20 . 2006-09-15 14:06 45056 ------w- c:\windows\system32\KmRemove.exe
2009-10-21 01:11 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-21 00:52 . 2009-10-21 00:52 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-21 00:48 . 2009-10-21 00:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-21 00:27 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-20 08:45 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-20 08:45 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-20 08:45 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-20 08:45 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-20 08:45 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-20 08:45 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-20 08:06 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-10-20 08:06 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-10-20 08:06 . 2009-04-11 06:28 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-20 08:06 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-10-20 08:06 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-10-20 08:06 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-10-20 08:05 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-20 08:05 . 2009-04-11 06:28 98816 ----a-w- c:\windows\system32\mfps.dll
2009-10-20 08:05 . 2009-04-11 06:27 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-10-20 08:05 . 2009-04-11 06:27 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-10-20 08:05 . 2009-04-11 04:54 2048 ----a-w- c:\windows\system32\mferror.dll
2009-10-20 07:56 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-20 07:56 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-20 07:16 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-20 07:16 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-20 06:46 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-19 01:29 . 2009-10-19 01:30 -------- d-----w- c:\program files\Article Page Machine
2009-10-18 12:32 . 2009-11-02 11:52 -------- d-----w- c:\users\Jenny\AppData\Local\temp
2009-10-18 11:55 . 2009-10-18 11:55 -------- d-----w- C:\_OTL
2009-10-18 10:05 . 2009-10-18 10:05 -------- d-----w- c:\program files\Advanced Site Submitter
2009-10-18 09:18 . 2009-10-18 09:18 -------- d-----w- c:\program files\ERUNT
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\programdata\McAfee Security Scan
2009-10-17 15:14 . 2009-10-17 15:14 -------- d-----w- c:\program files\McAfee Security Scan
2009-10-17 10:19 . 2009-10-17 10:19 -------- d-----w- c:\program files\Trend Micro
2009-10-17 08:48 . 2009-10-20 09:12 -------- d-----w- C:\Combo-Fix
2009-10-17 07:41 . 2009-10-17 07:41 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 07:40 . 2009-10-17 07:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-17 07:40 . 2009-10-17 07:40 -------- d-----w- c:\programdata\Malwarebytes
2009-10-17 07:40 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-16 04:11 . 2009-09-30 23:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-12 18:06 . 2009-10-12 18:08 -------- d-----w- c:\users\Jenny\AppData\Local\Canon Easy-PhotoPrint EX
2009-10-12 17:20 . 2009-10-17 02:17 -------- d--h--w- c:\programdata\CanonIJEGV
2009-10-12 00:40 . 2008-04-17 02:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-12 00:40 . 2009-05-18 03:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iPod
2009-10-12 00:38 . 2009-10-16 06:19 -------- d-----w- c:\program files\iPod(11)
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-12 00:38 . 2009-10-17 02:31 -------- d-----w- c:\program files\iTunes
2009-10-12 00:38 . 2009-10-12 00:40 -------- d-----w- c:\program files\iTunes(12)
2009-10-12 00:21 . 2009-10-12 00:22 -------- d-----w- c:\program files\Safari
2009-10-09 06:44 . 2009-10-09 06:44 93479 ----a-w- c:\windows\Email Marketing Pro Uninstaller.exe
2009-10-09 03:47 . 2009-10-17 02:18 -------- d-----w- c:\program files\McAfee
2009-10-06 05:26 . 2009-10-21 12:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ubisoft
2009-10-06 01:47 . 2009-10-06 01:47 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-05 07:33 . 2009-10-22 22:20 -------- d-----w- c:\program files\Microsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-02 11:35 . 2009-01-30 11:37 -------- d-----w- c:\program files\PC Tools Internet Security
2009-11-02 11:34 . 2009-07-10 09:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\DMCache
2009-11-02 08:42 . 2009-06-02 06:08 -------- d-----w- c:\users\Jenny\AppData\Roaming\LimeWire
2009-11-02 08:41 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM4.dll
2009-11-02 08:41 . 2009-07-10 09:28 -------- d-----w- c:\users\Jenny\AppData\Roaming\IDM
2009-11-02 08:40 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM3.dll
2009-11-02 08:40 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM2.dll
2009-11-02 08:40 . 2009-07-10 09:28 28672 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\NP_IDM1.dll
2009-11-02 05:33 . 2008-07-22 23:47 -------- d-----w- c:\program files\Google
2009-11-02 05:31 . 2009-09-06 11:29 -------- d-----w- c:\program files\RealArcade
2009-10-30 09:56 . 2009-05-31 01:49 -------- d-----w- c:\program files\trademanager
2009-10-30 07:07 . 2009-06-02 06:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-28 13:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-28 13:14 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-28 09:40 . 2009-05-05 12:33 -------- d-----w- c:\users\Jenny\AppData\Roaming\gtk-2.0
2009-10-26 08:18 . 2009-06-03 06:00 -------- d-----w- c:\users\Jenny\AppData\Roaming\FileZilla
2009-10-24 13:35 . 2008-07-22 23:27 -------- d-----w- c:\programdata\Microsoft Help
2009-10-24 13:32 . 2008-07-22 23:32 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-23 11:03 . 2009-07-02 10:57 -------- d-----w- c:\programdata\Messenger Plus!
2009-10-23 02:20 . 2009-01-30 10:12 101528 ----a-w- c:\users\Jenny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-22 22:27 . 2008-07-22 23:30 -------- d-----w- c:\program files\Microsoft Works
2009-10-21 04:15 . 2009-02-02 12:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-17 02:33 . 2009-02-02 12:26 -------- d-----w- c:\program files\QuickTime
2009-10-17 02:18 . 2009-07-25 09:03 -------- d-----w- c:\program files\LiveZilla
2009-10-17 02:17 . 2009-07-25 09:03 -------- d-----w- c:\programdata\{99132AC5-3A7A-446C-AE3C-8DF2A46D5D29}
2009-10-17 02:17 . 2009-02-02 12:26 -------- d-----w- c:\program files\Common Files\Apple
2009-10-16 06:23 . 2009-01-30 10:09 -------- d-----w- c:\programdata\McAfee
2009-10-12 18:08 . 2009-09-07 07:18 -------- d-----w- c:\users\Jenny\AppData\Roaming\Canon
2009-10-12 03:10 . 2009-08-22 23:17 -------- d-----w- c:\users\Jenny\AppData\Roaming\Apple Computer
2009-10-09 06:47 . 2009-09-09 13:20 -------- d-----w- c:\program files\Email Marketing Pro
2009-10-09 05:54 . 2009-07-10 10:20 -------- d-----w- c:\program files\Unlocker
2009-10-01 15:54 . 2009-06-01 10:33 -------- d-----w- c:\program files\LimeWire
2009-10-01 15:51 . 2009-10-01 15:51 -------- d-----w- c:\program files\Brain Spa
2009-10-01 15:15 . 2009-10-01 15:15 -------- d-----w- c:\program files\BrainTrainAge
2009-10-01 08:55 . 2009-10-01 08:55 -------- d-----w- c:\program files\Adwizard
2009-09-24 09:41 . 2009-09-24 09:39 -------- d-----w- c:\programdata\Findbasic
2009-09-24 09:41 . 2009-09-24 09:39 -------- d-----w- c:\program files\Findbasic
2009-09-21 12:04 . 2009-09-18 09:06 -------- d-----w- c:\users\Jenny\AppData\Roaming\.purple
2009-09-18 13:55 . 2009-09-18 13:55 1185 ----a-w- c:\users\Jenny\AppData\Roaming\.purple\certificates\x509\tls_peers\typists.quicktate.com
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Pidgin
2009-09-18 08:51 . 2009-09-18 08:51 -------- d-----w- c:\program files\Common Files\GTK
2009-09-18 08:50 . 2009-09-18 08:50 680 ----a-w- c:\users\Jenny\AppData\Local\d3d9caps.dat
2009-09-17 13:35 . 2009-07-01 08:53 -------- d-----w- c:\users\Jenny\AppData\Roaming\Skype
2009-09-17 13:35 . 2009-07-01 08:54 -------- d-----w- c:\users\Jenny\AppData\Roaming\skypePM
2009-09-14 08:29 . 2009-09-14 08:29 -------- d-----w- c:\users\Jenny\AppData\Roaming\DivX
2009-09-12 01:25 . 2009-08-06 08:53 -------- d-----w- c:\program files\DivX
2009-09-12 01:25 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-12 01:24 . 2009-09-12 01:24 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-11 10:45 . 2009-09-11 10:45 -------- d-----w- c:\programdata\EMP
2009-09-09 12:51 . 2009-09-09 12:33 1186980 ----a-w- c:\users\Jenny\AppData\Roaming\IDM\DwnlData\Jenny\emp_200\emp.exe
2009-09-07 08:05 . 2009-09-07 07:56 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ahead
2009-09-07 07:58 . 2009-01-30 11:28 -------- d-----w- c:\program files\Yahoo!
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Common Files\Ahead
2009-09-07 07:54 . 2009-09-07 07:54 -------- d-----w- c:\program files\Nero
2009-09-07 07:19 . 2009-09-07 07:19 -------- d--h--w- c:\programdata\CanonIJScan
2009-09-06 09:13 . 2009-09-06 09:13 -------- d-----w- c:\program files\The Color Picker
2009-09-01 16:09 . 2009-09-01 16:09 176128 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-29 00:27 . 2009-10-20 08:46 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-10-20 08:46 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-22 22:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-22 22:23 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-22 22:23 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-22 22:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 12:33 . 2009-08-17 12:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-10-20 08:46 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-10-20 08:46 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-10-20 08:46 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-10-20 08:46 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-10-20 08:46 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-10-20 08:46 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-10-20 08:46 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-10-20 08:46 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-10-20 08:46 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-10-20 08:46 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-10-20 08:46 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 11:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-03 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2007-10-01 840704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BtcMouseMaestro"="c:\program files\MMaestro\KMaestro.exe" [2007-07-23 385024]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-22 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2009-07-08 2754888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"BtcMaestro"="c:\program files\KMaestro\KMaestro.exe" [2006-11-22 346960]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]

c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-8-1 139776]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7c,55,c3,b1,53,58,ca,01

R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [30/01/2009 10:38 PM 51520]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [30/01/2009 10:38 PM 38208]
R1 pctfw2;pctfw2;c:\windows\System32\drivers\pctfw2.sys [30/01/2009 10:38 PM 160808]
R2 CLHNService;CLHNService;c:\program files\CyberLink\SoftDMA\Kernel\DMP\CLHNService.exe [23/07/2008 10:45 AM 77824]
R2 NTIPPKernel;NTIPPKernel;c:\program files\CyberLink\SoftDMA\Kernel\DMP\NTIPPKernel.sys [23/07/2008 10:45 AM 122624]
R3 FWAuth;FWAuth Driver;c:\windows\System32\drivers\FWAuthDriver.sys [30/01/2009 10:37 PM 58152]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [30/01/2009 10:38 PM 33088]
S2 gupdate1ca5b7dd56aebca;Google Update Service (gupdate1ca5b7dd56aebca);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 4:32 PM 133104]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Internet Security\pctsAuxs.exe [30/01/2009 10:37 PM 356920]
S3 ThreatFire;ThreatFire;c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Internet Security\TFEngine\TFService.exe service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 05:31]

2009-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-02 05:31]

2009-11-02 c:\windows\Tasks\User_Feed_Synchronization-{E94DFA29-8D31-482E-91E1-781862F24D2A}.job
- c:\windows\system32\msfeedssync.exe [2009-10-22 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
mStart Page = file:///C:/Windows/NECCUST/OWR/OWR_EN.HTM
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
FF - ProfilePath - c:\users\Jenny\AppData\Roaming\Mozilla\Firefox\Profiles\s7dorkb6.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 22:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\Shared Files\RichVideo.exe\"\00\00\00\00\00lú\12\00
[\13`w\00\00\00\00\00\00\00\00Z\00\\00\ó\12\00€õ\12\00Ø+_\05S\00-\001\00-\005\00-\002\001\00-\001"

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{469f79f0-f5f2-4c0d-af66-f409e5e97c22}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ff
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,48,8c,7f,fa,6b,27,46,05,dc,e8,2e,a7,83,a5,f6,c0,c5,6f,27,24,2e,2e,\

[HKEY_USERS\S-1-5-21-567813713-2864583929-3900996650-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bc,0a,cd,75,ca,98,d4,56,cf,31,d9,25,d4,e9,14,e1,3d,75,49,7f,34,
00,20,be,c9,e0,85,18,ea,7c,70,4c,ac,ff,48,7f,19,15,6c,40,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5900)
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-02 22:55
ComboFix-quarantined-files.txt 2009-11-02 11:55
ComboFix2.txt 2009-10-21 05:53
ComboFix3.txt 2009-10-18 12:32

Pre-Run: 73,355,046,912 bytes free
Post-Run: 73,328,807,936 bytes free

- - End Of File - - C3AA5F6F5D2CB16E34EB4449D75F834D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP