Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can someone check this for me?


  • This topic is locked This topic is locked
50 replies to this topic

#1 bk94caddy

bk94caddy

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 26 October 2008 - 11:42 AM

I've been having problems with my computer lately, like it will run fine after startup for about 2-5 minutes, then it hangs. If I try to go to yahoo to check my e-mail, it hangs firefox, and ie. I had a few trojans and other crap a few weeks ago, and think I got it all cleaned out. Also, when it hangs, I am not getting any cpu usage at all. Here is my hjt log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:25 AM, on 10/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162871506110
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195189837062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 4906 bytes

BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 04 November 2008 - 06:26 AM

Hi bk94caddy,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Note 1. Please refrain from making any changes to your system (installing, uninstalling, updating windows, removing or adding files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • As I understand we have 2-5 minitues after start up time to doe anything. Or the hang up is temporary and the computer works again without reboot. Is there any other feedback you can give so that I know what options we have?

  • Do you have another computer we can eventually use? Do you have the Windows installation CD we can eventually use. We don't need it right know just in case.

  • Tell me what tools you have used. Could you provide me the logs so I know what malware was on your system. I can then track down the eventual left overs causing problem.

  • Please download http://OTListIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTListIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]

#3 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 05 November 2008 - 01:09 PM

Ok, I tried to run that Otlistit program, and computer just messed up, first, everything froze, but could still use mouse, just nothing would open/execute. Then, everything on the desktop, except the background dissapeared.

I use Malwarebytes Anti Malware, Spybot Search and Destroy, Windows MRT, CCleaner, and Super anti spyware. I have AVG free now, was running Avast. I am still currently using windows firewall, just because any other firewall was slowing down my computer tremendously.

As for another computer, depends on what were going to need it for. I have PS3, which I can go online with, but that's pretty much the extent of that. An as for Windows c.d., I do not have one. I do however have the I386 folder in my computer, and was going to try to make a cd out of it, but just haven't had the time.

As for logs and such, I had Smitfraud-c, but got detected right away, and don't have a log showing that anymore, also had a virtumonde. The only "dirty" logs I have are from Anti Malware, and here they are.



Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 5.1.2600 Service Pack 2

10/12/2008 4:09:34 PM
mbam-log-2008-10-12 (16-09-34).txt

Scan type: Quick Scan
Objects scanned: 50915
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini104552663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


------------------------------------------------------------------------------------------------------------------------------------------------


Malwarebytes' Anti-Malware 1.28
Database version: 1261
Windows 5.1.2600 Service Pack 2

10/13/2008 9:12:42 AM
mbam-log-2008-10-13 (09-12-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 115290
Time elapsed: 3 hour(s), 42 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{B884FE7C-324C-4B16-BA5B-53066BA4271F}\RP112\A0062385.dll (Adware.Conduit) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B884FE7C-324C-4B16-BA5B-53066BA4271F}\RP147\A0070003.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 05 November 2008 - 01:43 PM

As I understand we have 2-5 minitues after start up time to doe anything. Or the hang up is temporary and the computer works again without reboot. Is there any other feedback you can give so that I know what options we have?

  • Please give me feedback on the question. I am not at the other end and I have no idea what is going on and what tools I can use unless you give me a clear answer to the specific questions I ask.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the list of Files/Folders created to 3 Months.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note:The logs will be created in this folder: C:\rsit


#5 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 November 2008 - 01:23 AM

I don't understand your question, which is why I didn't answer it. What you stated, about it working fine for 2-5 mins. is correct, but it is also correct that it works fine after that (without reboot). I don't know what more you want. I can run, install, modify, anything on the computer after its initial hang.

here are logs you requested,

log.txt-

Logfile of random's system information tool 1.04 (written by random/random)
Run by winner1 at 2008-11-06 00:15:29
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (40%) free of 38 GB
Total RAM: 510 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:31 AM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\winner1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\winner1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [iWinArcadeIECleanup] C:\DOCUME~1\winner1\LOCALS~1\Temp\iWinArcadeAutocleanup.bat
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162871506110
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195189837062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)

--
End of file - 4633 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-25 455960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-07-17 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-07-17 90112]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-25 1234712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iWinArcadeIECleanup"=C:\DOCUME~1\winner1\LOCALS~1\Temp\iWinArcadeAutocleanup.bat [2008-11-05 120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2
"AntiVirScheduler"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk.disabled - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Disabled:MediaServer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2008-11-06 00:15:29 ----DC---- C:\rsit
2008-11-05 21:54:31 ----DC---- C:\Program Files\Retro Records
2008-11-05 21:53:50 ----DC---- C:\Program Files\JEOPARDY! 2
2008-11-05 17:03:49 ----DC---- C:\Documents and Settings\All Users\Application Data\Redrum
2008-11-05 16:18:21 ----DC---- C:\Program Files\Operation Mania
2008-11-05 16:10:55 ----DC---- C:\Program Files\bfgclient
2008-11-05 16:09:47 ----DC---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-11-05 12:10:42 ----DC---- C:\WINDOWS\Temp
2008-11-02 12:20:28 ----DC---- C:\Program Files\FlameSoft
2008-11-02 12:19:00 ----DC---- C:\WINDOWS\Downloaded Installations
2008-11-02 08:43:56 ----HDC---- C:\$AVG8.VAULT$
2008-10-31 13:28:52 ----DC---- C:\Documents and Settings\All Users\Application Data\Legendo
2008-10-31 07:24:14 ----AC---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-31 07:24:05 ----AC---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-30 20:33:42 ----DC---- C:\Documents and Settings\winner1\Application Data\Flood Light Games
2008-10-28 10:06:23 ----DC---- C:\Documents and Settings\winner1\Application Data\Auslogics
2008-10-28 10:06:02 ----DC---- C:\Program Files\Auslogics
2008-10-26 18:50:23 ----DC---- C:\Documents and Settings\winner1\Application Data\eGames
2008-10-26 15:20:09 ----DC---- C:\Program Files\7-Zip
2008-10-26 09:39:41 ----DC---- C:\WINDOWS\Registry Drill
2008-10-25 21:45:41 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-25 21:45:12 ----DC---- C:\Program Files\AVG
2008-10-25 21:45:12 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-24 08:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 08:37:55 ----DC---- C:\Documents and Settings\winner1\Application Data\Gogii Games
2008-10-22 17:59:39 ----DC---- C:\Documents and Settings\winner1\Application Data\PetShowCraze
2008-10-20 23:21:51 ----DC---- C:\Documents and Settings\winner1\Application Data\NoteTab Light
2008-10-20 23:21:36 ----DC---- C:\Program Files\NoteTab Light
2008-10-19 14:25:03 ----D---- C:\temp
2008-10-19 13:51:53 ----AC---- C:\WINDOWS\SchedLgU.Txt
2008-10-19 07:33:18 ----DC---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-19 07:33:03 ----DC---- C:\Program Files\SUPERAntiSpyware
2008-10-19 07:33:03 ----DC---- C:\Documents and Settings\winner1\Application Data\SUPERAntiSpyware.com
2008-10-18 16:04:44 ----DC---- C:\Documents and Settings\winner1\Application Data\Ohana Games
2008-10-17 18:42:11 ----DC---- C:\Documents and Settings\winner1\Application Data\ViquaSoft
2008-10-15 11:39:19 ----DC---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-15 11:38:49 ----AC---- C:\WINDOWS\system32\SpOrder.dll
2008-10-15 11:36:54 ----DC---- C:\WINDOWS\Internet Logs
2008-10-15 11:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 16:07:11 ----DC---- C:\Documents and Settings\winner1\Application Data\AlterLab
2008-10-12 15:20:53 ----DC---- C:\Program Files\CCleaner
2008-10-12 14:54:41 ----DC---- C:\Documents and Settings\winner1\Application Data\Malwarebytes
2008-10-12 14:54:34 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-12 14:54:33 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 13:05:52 ----AC---- C:\WINDOWS\system32\E3TL.DLL
2008-10-12 12:52:42 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 09:17:03 ----AC---- C:\WINDOWS\wininit.ini
2008-10-11 19:55:44 ----DC---- C:\Documents and Settings\winner1\Application Data\com.zipeg
2008-10-11 08:04:49 ----DC---- C:\Program Files\Elaborate Bytes
2008-10-11 08:02:37 ----DC---- C:\Program Files\SlySoft
2008-10-10 12:00:58 ----DC---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-10-09 11:19:21 ----RC---- C:\WINDOWS\system32\unicows.dll
2008-10-08 14:04:51 ----DC---- C:\Documents and Settings\winner1\Application Data\MysteryStudio
2008-10-07 21:48:09 ----DC---- C:\Documents and Settings\winner1\Application Data\Gaijin Ent
2008-10-07 18:19:57 ----DC---- C:\Documents and Settings\winner1\Application Data\LinkedLetters
2008-10-06 21:33:15 ----DC---- C:\Documents and Settings\winner1\Application Data\BeachPartyCraze
2008-10-06 14:20:26 ----DC---- C:\Documents and Settings\winner1\Application Data\PendulumQuest
2008-10-05 22:53:07 ----HDC---- C:\WINDOWS\ie8
2008-10-05 20:47:57 ----DC---- C:\Documents and Settings\winner1\Application Data\EleFun Games
2008-10-03 20:50:45 ----DC---- C:\Documents and Settings\winner1\Application Data\Beanbag Studios
2008-10-03 15:46:18 ----DC---- C:\Documents and Settings\winner1\Application Data\panoramik
2008-09-26 20:50:37 ----DC---- C:\Documents and Settings\winner1\Application Data\Pogo Games
2008-09-24 14:40:34 ----DC---- C:\Documents and Settings\winner1\Application Data\ITTNord
2008-09-21 19:04:42 ----DC---- C:\Documents and Settings\winner1\Application Data\funkitron
2008-09-18 18:45:09 ----DC---- C:\Documents and Settings\winner1\Application Data\BigFishv1005
2008-09-15 15:07:57 ----DC---- C:\Documents and Settings\winner1\Application Data\QSGames
2008-09-15 15:07:57 ----DC---- C:\Documents and Settings\All Users\Application Data\QSGames
2008-09-14 15:10:06 ----DC---- C:\DNData
2008-09-14 13:01:53 ----DC---- C:\Documents and Settings\winner1\Application Data\Oberon Games
2008-09-14 13:01:53 ----DC---- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-14 09:48:05 ----DC---- C:\Documents and Settings\winner1\Application Data\flightgear.org
2008-09-14 09:27:45 ----DC---- C:\Documents and Settings\winner1\Application Data\LEGO Company
2008-09-13 23:27:04 ----DC---- C:\Documents and Settings\winner1\Application Data\Chicken Chase
2008-09-13 13:31:55 ----DC---- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2008-09-13 10:46:52 ----DC---- C:\Documents and Settings\winner1\Application Data\Pi Eye Games
2008-09-12 19:07:19 ----DC---- C:\Documents and Settings\winner1\Application Data\PlayFirst
2008-09-12 18:25:01 ----AC---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-12 18:25:01 ----AC---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-09-12 13:28:49 ----DC---- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-09-10 09:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 09:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 22:17:57 ----DC---- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-09-07 09:01:43 ----D---- C:\XPSETUP
2008-09-06 10:05:00 ----DC---- C:\Documents and Settings\winner1\Application Data\Skunk Studios
2008-09-06 08:18:50 ----DC---- C:\Documents and Settings\winner1\Application Data\uTorrent
2008-09-05 19:00:33 ----DC---- C:\Documents and Settings\All Users\Application Data\blg
2008-09-03 13:22:26 ----DC---- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-09-03 13:22:14 ----AC---- C:\WINDOWS\system32\OpenAL32.dll
2008-09-03 12:07:45 ----DC---- C:\Program Files\Trend Micro
2008-09-02 14:32:24 ----DC---- C:\Documents and Settings\All Users\Application Data\Slapdash Games
2008-08-31 12:24:40 ----DC---- C:\Documents and Settings\All Users\Application Data\PearlDiv_full
2008-08-29 09:03:47 ----DC---- C:\Documents and Settings\winner1\Application Data\TMInc
2008-08-28 15:54:49 ----DC---- C:\Documents and Settings\All Users\Application Data\Christmasville
2008-08-27 19:54:31 ----DC---- C:\Documents and Settings\All Users\Application Data\iWin
2008-08-27 12:27:30 ----DC---- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-08-26 09:23:53 ----DC---- C:\Documents and Settings\winner1\Application Data\IWin_Janes_Realty
2008-08-25 19:29:01 ----HDC---- C:\WINDOWS\ie7
2008-08-22 02:05:00 ----C---- C:\WINDOWS\system32\PrivacIE.dll
2008-08-15 11:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 11:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 11:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 11:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 11:08:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 11:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 11:06:33 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-08 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-08 11:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2008-08-08 11:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB944338$
2008-08-07 12:36:48 ----DC---- C:\Documents and Settings\All Users\Application Data\comodo

======List of files/folders modified in the last 3 months======

2008-11-06 00:15:18 ----DC---- C:\WINDOWS\Prefetch
2008-11-06 00:12:26 ----DC---- C:\Program Files\Mozilla Firefox
2008-11-05 22:03:08 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-05 21:54:31 ----RDC---- C:\Program Files
2008-11-05 16:06:22 ----DC---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-11-05 14:50:38 ----DC---- C:\Program Files\iWin.com
2008-11-05 12:20:22 ----DC---- C:\WINDOWS\system32\drivers
2008-11-05 12:10:42 ----ADC---- C:\WINDOWS
2008-11-04 14:53:56 ----SHD---- C:\WINDOWS\CSC
2008-11-04 08:07:05 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-03 12:40:31 ----DC---- C:\Documents and Settings\winner1\Application Data\FrostWire
2008-11-03 10:53:32 ----DC---- C:\Documents and Settings\winner1\Application Data\U3
2008-11-02 15:55:10 ----DC---- C:\WINDOWS\system32\CatRoot2
2008-11-02 14:20:39 ----SHDC---- C:\WINDOWS\Installer
2008-11-02 14:20:39 ----SDC---- C:\Documents and Settings\winner1\Application Data\Microsoft
2008-11-02 14:20:32 ----SHDC---- C:\Config.Msi
2008-11-02 14:20:30 ----DC---- C:\WINDOWS\system32
2008-11-02 08:35:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 07:24:16 ----DC---- C:\WINDOWS\system32\DirectX
2008-10-31 07:24:15 ----HDC---- C:\WINDOWS\inf
2008-10-30 20:33:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-10-29 13:58:35 ----DC---- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-10-28 13:28:13 ----DC---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-10-27 12:16:34 ----SHDC---- C:\RECYCLER
2008-10-27 12:16:34 ----DC---- C:\WINDOWS\system32\appmgmt
2008-10-27 12:16:33 ----DC---- C:\Documents and Settings
2008-10-27 10:44:31 ----SHD---- C:\System Volume Information
2008-10-27 10:44:31 ----DC---- C:\WINDOWS\system32\Restore
2008-10-26 21:57:56 ----ASHC---- C:\boot.ini
2008-10-26 21:57:56 ----AC---- C:\WINDOWS\WIN.INI
2008-10-26 21:57:56 ----AC---- C:\WINDOWS\SYSTEM.INI
2008-10-26 09:48:02 ----DC---- C:\WINDOWS\system32\config
2008-10-25 21:45:10 ----DC---- C:\WINDOWS\WinSxS
2008-10-25 21:45:10 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2008-10-25 20:20:06 ----DC---- C:\WINDOWS\pss
2008-10-25 10:49:05 ----DC---- C:\WINDOWS\system32\dllcache
2008-10-24 08:40:30 ----HDC---- C:\WINDOWS\$hf_mig$
2008-10-24 08:40:30 ----DC---- C:\WINDOWS\system32\CatRoot
2008-10-23 21:09:49 ----DC---- C:\Documents and Settings\winner1\Application Data\iWin
2008-10-21 18:29:13 ----DC---- C:\Documents and Settings\winner1\Application Data\Friday's games
2008-10-20 14:12:06 ----DC---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-10-19 10:02:02 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 10:00:02 ----DC---- C:\WINDOWS\Debug
2008-10-19 08:15:30 ----DC---- C:\Program Files\Spybot - Search & Destroy
2008-10-16 22:34:07 ----DC---- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-10-15 11:07:34 ----RSDC---- C:\WINDOWS\assembly
2008-10-15 11:07:28 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-15 10:57:55 ----AC---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 11:47:07 ----DC---- C:\WINDOWS\system32\NtmsData
2008-10-12 16:58:43 ----SDC---- C:\WINDOWS\Tasks
2008-10-12 15:24:58 ----DC---- C:\WINDOWS\Minidump
2008-10-12 12:52:42 ----DC---- C:\Program Files\Common Files
2008-10-10 22:58:34 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-10-10 12:28:56 ----DC---- C:\WINDOWS\system32\wbem
2008-10-10 12:28:56 ----DC---- C:\WINDOWS\Registration
2008-10-09 11:19:09 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-10-09 09:44:41 ----DC---- C:\Program Files\FrostWire
2008-10-08 10:16:15 ----DC---- C:\Program Files\Windows Media Player
2008-10-08 10:09:40 ----DC---- C:\Program Files\Java
2008-10-07 18:22:52 ----DC---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 13:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-05 23:37:29 ----DC---- C:\WINDOWS\system32\en-US
2008-10-05 23:37:28 ----DC---- C:\WINDOWS\Media
2008-10-05 23:37:28 ----DC---- C:\WINDOWS\Help
2008-10-05 23:37:28 ----DC---- C:\Program Files\Internet Explorer
2008-09-22 13:54:20 ----DC---- C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-13 23:57:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2008-09-06 13:59:28 ----DC---- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-09-05 20:20:24 ----DC---- C:\WINDOWS\system32\Adobe
2008-09-05 13:23:29 ----DC---- C:\WINDOWS\system32\CatRoot_bak
2008-09-04 19:12:32 ----DC---- C:\Documents and Settings\winner1\Application Data\Adobe
2008-08-29 23:10:27 ----SHDC---- C:\Documents and Settings\winner1\Application Data\.#
2008-08-27 13:41:05 ----DC---- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
2008-08-26 11:04:02 ----DC---- C:\WINDOWS\ie7updates
2008-08-25 19:30:25 ----DC---- C:\WINDOWS\WBEM
2008-08-22 02:15:56 ----AC---- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 02:14:40 ----AC---- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 02:10:34 ----AC---- C:\WINDOWS\system32\ieframe.dll
2008-08-22 02:09:32 ----AC---- C:\WINDOWS\system32\mshtml.dll
2008-08-22 02:08:22 ----AC---- C:\WINDOWS\system32\WinFXDocObj.exe
2008-08-22 02:08:22 ----AC---- C:\WINDOWS\system32\urlmon.dll
2008-08-22 02:08:08 ----AC---- C:\WINDOWS\system32\webcheck.dll
2008-08-22 02:08:06 ----AC---- C:\WINDOWS\system32\wininet.dll
2008-08-22 02:08:00 ----AC---- C:\WINDOWS\system32\licmgr10.dll
2008-08-22 02:07:58 ----AC---- C:\WINDOWS\system32\url.dll
2008-08-22 02:07:50 ----AC---- C:\WINDOWS\system32\occache.dll
2008-08-22 02:07:50 ----AC---- C:\WINDOWS\system32\msrating.dll
2008-08-22 02:07:08 ----AC---- C:\WINDOWS\system32\corpol.dll
2008-08-22 02:06:58 ----AC---- C:\WINDOWS\system32\jsproxy.dll
2008-08-22 02:06:44 ----AC---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-22 02:06:40 ----AC---- C:\WINDOWS\system32\ieaksie.dll
2008-08-22 02:06:36 ----AC---- C:\WINDOWS\system32\vbscript.dll
2008-08-22 02:06:36 ----AC---- C:\WINDOWS\system32\ieakeng.dll
2008-08-22 02:06:30 ----AC---- C:\WINDOWS\system32\jscript.dll
2008-08-22 02:06:30 ----AC---- C:\WINDOWS\system32\admparse.dll
2008-08-22 02:06:24 ----AC---- C:\WINDOWS\system32\ieudinit.exe
2008-08-22 02:06:24 ----AC---- C:\WINDOWS\system32\iesetup.dll
2008-08-22 02:06:24 ----AC---- C:\WINDOWS\system32\ieakui.dll
2008-08-22 02:06:24 ----AC---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-22 02:06:20 ----AC---- C:\WINDOWS\system32\iernonce.dll
2008-08-22 02:06:16 ----AC---- C:\WINDOWS\system32\inseng.dll
2008-08-22 02:06:16 ----AC---- C:\WINDOWS\system32\advpack.dll
2008-08-22 02:06:02 ----AC---- C:\WINDOWS\system32\iertutil.dll
2008-08-22 02:05:48 ----AC---- C:\WINDOWS\system32\msfeeds.dll
2008-08-22 02:05:34 ----AC---- C:\WINDOWS\system32\mstime.dll
2008-08-22 02:05:24 ----AC---- C:\WINDOWS\system32\iepeers.dll
2008-08-22 02:05:22 ----AC---- C:\WINDOWS\system32\msfeedssync.exe
2008-08-22 02:05:22 ----AC---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-22 02:05:20 ----AC---- C:\WINDOWS\system32\icardie.dll
2008-08-22 02:05:16 ----AC---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-22 02:05:14 ----AC---- C:\WINDOWS\system32\pngfilt.dll
2008-08-22 02:05:14 ----AC---- C:\WINDOWS\system32\imgutil.dll
2008-08-22 02:05:10 ----AC---- C:\WINDOWS\system32\dxtrans.dll
2008-08-22 02:05:08 ----AC---- C:\WINDOWS\system32\mshtmled.dll
2008-08-22 02:05:00 ----AC---- C:\WINDOWS\system32\mshtmler.dll
2008-08-22 02:04:54 ----AC---- C:\WINDOWS\system32\mshta.exe
2008-08-22 01:58:12 ----AC---- C:\WINDOWS\system32\ieui.dll
2008-08-22 01:57:56 ----AC---- C:\WINDOWS\system32\msls31.dll
2008-08-22 01:42:22 ----AC---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-21 16:16:08 ----DC---- C:\Program Files\Common Files\Adobe
2008-08-21 16:16:07 ----DC---- C:\Program Files\Adobe
2008-08-14 04:00:45 ----AC---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 03:22:13 ----AC---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-10 10:14:06 ----DC---- C:\WINDOWS\system32\ReinstallBackups
2008-08-07 10:47:36 ----AC---- C:\WINDOWS\system32\audiosrv.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-25 26824]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimFP8;iAimFP8; C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2004-08-03 11935]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-07 137200]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe []
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------





info.txt-
info.txt logfile of random's system information tool 1.04 2008-11-06 00:16:37

======Uninstall list======

-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -l0x9 Brunin03.dll -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Family Feud Hollywood (remove only)-->"C:\Program Files\iWin.com\Family Feud Hollywood\Uninstall.exe"
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\Setup.exe" -inteluninstall
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JEOPARDY! 2-->"C:\Program Files\JEOPARDY! 2\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NoteTab Light 5 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe"
PaperPort-->MsiExec.exe /I{71C97545-E547-4A8B-B0C8-61FF853270AC}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Retro Records-->"C:\Program Files\Retro Records\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

=====HijackThis Backups=====

O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/famil.../familyfeud.cab
O4 - HKLM\..\Policies\Explorer\Run: [H4Jog0TOiw] C:\Documents and Settings\All Users\Application Data\uzutkjkr\olgvgvih.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall Pro

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#6 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 November 2008 - 02:28 AM

[*]Please download http://OTListIt by OldTimer.

  • Save it to your desktop.
  • Double click on the OTListIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
[/list]






I tried running this program again, and it worked!!! here's what I got-


OTListIt.txt-

OTListIt logfile created on: 11/6/2008 1:14:48 AM - Run 2
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\winner1\Desktop\bleeping computer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 272.48 Mb Available Physical Memory | 53.40% Memory free
1.22 Gb Paging File | 1.00 Gb Available in Paging File | 82.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.98 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-C6E079E452
Current User Name: winner1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2008/10/25 21:45:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2008/10/25 21:45:13 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/10/25 21:45:13 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2008/11/04 13:42:09 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\winner1\Desktop\bleeping computer\OTListIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/10/25 21:45:12 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/05/07 12:32:00 | 00,137,200 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSCSPTISRV [On_Demand | Stopped])
[2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PACSPTISVR [On_Demand | Stopped])
File not found -- -- (SPTISRV [On_Demand | Stopped])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2001/08/17 12:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Running])
[2003/06/19 14:30:18 | 00,752,764 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
[2005/07/11 10:10:11 | 00,019,200 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2008/10/25 21:45:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/10/25 21:45:26 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running])
[2008/07/21 06:11:58 | 00,024,392 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/04/12 02:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2004/08/03 21:29:38 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x [On_Demand | Running])
[2004/08/03 21:29:38 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/03 21:29:38 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/03 21:29:38 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/03 21:29:48 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/03 21:29:50 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/03 21:29:40 | 00,011,807 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5 [On_Demand | Stopped])
[2004/08/03 21:29:40 | 00,011,295 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6 [On_Demand | Stopped])
[2004/08/03 21:29:42 | 00,011,871 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7 [On_Demand | Stopped])
[2004/08/03 21:29:42 | 00,011,935 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wADV11nt.sys -- (iAimFP8 [On_Demand | Stopped])
[2004/08/03 21:29:42 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/03 21:29:44 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/03 21:29:44 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/03 21:29:46 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
[2004/08/03 21:29:46 | 00,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5 [On_Demand | Stopped])
[2004/08/03 21:29:46 | 00,022,271 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6 [On_Demand | Stopped])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2007/03/29 15:00:16 | 00,017,024 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/07/28 13:56:04 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2008/08/19 22:34:20 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/08/19 22:34:22 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/08/19 22:34:20 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/07/25 14:40:30 | 00,438,200 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
[2007/12/17 16:57:18 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
HKU\S-1-5-21-515967899-2049760794-682003330-1003\S-1-5-21-515967899-2049760794-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


O1 HOSTS File: (266048 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9216 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\..\Toolbar: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - Reg Error: Key does not exist or could not be opened. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [iWinArcadeIECleanup] C:\DOCUME~1\winner1\LOCALS~1\Temp\iWinArcadeAutocleanup.bat ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0


O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: www.taxactonline.com (https in Trusted sites)
O15 - HKCU\..Trusted Sites: 53 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\..Trusted Sites: www.taxactonline.com (https in Trusted sites)
O15 - HKU\S-1-5-21-515967899-2049760794-682003330-1003\..Trusted Sites: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1162871506110 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1195189837062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://www.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - linkscanner - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - wlmailhtml - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls" = avgrsstx.dll
>[2008/10/25 21:45:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
dimsntfy: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/10/23 18:58:31 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 90 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/11/06 00:24:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Desktop\bleeping computer
[2008/11/06 00:15:29 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/05 21:54:31 | 00,000,000 | ---D | C] -- C:\Program Files\Retro Records
[2008/11/05 21:53:50 | 00,000,000 | ---D | C] -- C:\Program Files\JEOPARDY! 2
[2008/11/05 17:03:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redrum
[2008/11/05 16:31:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\Megaplex Madness
[2008/11/05 16:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Operation Mania
[2008/11/05 16:10:56 | 00,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2008/11/05 16:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2008/11/05 16:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
[2008/11/05 12:10:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/11/02 14:07:13 | 29,727,838 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\pp_ref_en.doc
[2008/11/02 12:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\FlameSoft
[2008/11/02 12:19:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/11/02 08:43:56 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2008/10/31 13:28:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Legendo
[2008/10/31 10:51:44 | 03,870,208 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\carson.ppt
[2008/10/31 07:24:14 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2008/10/31 07:24:05 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/10/30 20:33:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Flood Light Games
[2008/10/28 13:30:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\Sandlot Games
[2008/10/28 13:16:05 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/28 10:06:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Auslogics
[2008/10/28 10:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2008/10/27 16:10:46 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/26 18:50:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\eGames
[2008/10/26 15:20:09 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2008/10/26 15:18:37 | 01,602,877 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\ProcessExplorer.zip
[2008/10/26 09:48:20 | 49,279,561 | ---- | C] () -- C:\WINDOWS\Verify.reg
[2008/10/26 09:39:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registry Drill
[2008/10/25 21:47:17 | 00,103,638 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/25 21:45:42 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/10/25 21:45:41 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/10/25 21:45:33 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/10/25 21:45:26 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/10/25 21:45:19 | 29,664,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/25 21:45:19 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/10/25 21:45:19 | 00,307,238 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/25 21:45:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2008/10/25 21:45:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2008/10/25 21:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2008/10/25 20:50:34 | 00,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
[2008/10/25 10:30:52 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2008/10/25 10:12:39 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2008/10/24 08:37:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Gogii Games
[2008/10/22 17:59:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\PetShowCraze
[2008/10/20 23:21:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\NoteTab Light
[2008/10/20 23:21:43 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\winner1\Desktop\NoteTab Light.lnk
[2008/10/20 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\NoteTab Light
[2008/10/20 20:37:06 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\HBD.pub
[2008/10/20 14:25:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\My Games
[2008/10/19 14:25:03 | 00,000,000 | ---D | C] -- C:\temp
[2008/10/19 07:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/10/19 07:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/10/19 07:33:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\SUPERAntiSpyware.com
[2008/10/18 16:04:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Ohana Games
[2008/10/18 11:54:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\Floodgate
[2008/10/17 18:42:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\ViquaSoft
[2008/10/15 11:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/15 11:39:05 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/15 11:38:49 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/10/15 11:36:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/13 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\AlterLab
[2008/10/12 19:32:44 | 00,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2008/10/12 19:32:35 | 00,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2008/10/12 19:32:27 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2008/10/12 19:32:19 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2008/10/12 19:32:10 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xrxflnch.exe
[2008/10/12 19:31:39 | 00,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2008/10/12 19:31:21 | 00,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2008/10/12 19:31:16 | 00,019,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2008/10/12 19:31:14 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2008/10/12 19:30:52 | 00,008,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiacpi.sys
[2008/10/12 19:30:47 | 00,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2008/10/12 19:30:38 | 00,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2008/10/12 19:29:35 | 00,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2008/10/12 19:29:10 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiamsmud.dll
[2008/10/12 19:29:02 | 00,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wiafbdrv.dll
[2008/10/12 19:28:35 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wceusbsh.sys
[2008/10/12 19:28:27 | 00,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2008/10/12 19:28:09 | 00,013,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wacompen.sys
[2008/10/12 19:27:57 | 00,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2008/10/12 19:27:50 | 00,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2008/10/12 19:27:41 | 00,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2008/10/12 19:27:14 | 00,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2008/10/12 19:27:05 | 00,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2008/10/12 19:26:00 | 00,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2008/10/12 19:25:52 | 00,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2008/10/12 19:25:50 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2008/10/12 19:25:40 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaagp.sys
[2008/10/12 19:25:40 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viaide.sys
[2008/10/12 19:25:37 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2008/10/12 19:25:28 | 00,687,999 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrwdxjs.sys
[2008/10/12 19:25:20 | 00,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2008/10/12 19:25:12 | 00,113,762 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usrpda.sys
[2008/10/12 19:25:04 | 00,007,556 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usroslba.sys
[2008/10/12 19:24:56 | 00,224,802 | ---- | C] (U.S. Robotics Corporation) -- C:\WINDOWS\System32\dllcache\usr1807a.sys
[2008/10/12 19:24:48 | 00,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2008/10/12 19:24:40 | 00,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2008/10/12 19:24:32 | 00,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2008/10/12 19:24:27 | 00,078,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2008/10/12 19:24:26 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2008/10/12 19:24:25 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2008/10/12 19:24:22 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2008/10/12 19:24:20 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2008/10/12 19:24:19 | 00,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2008/10/12 19:23:50 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxud32.dll
[2008/10/12 19:23:42 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu40.dll
[2008/10/12 19:23:34 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu22.dll
[2008/10/12 19:23:27 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxu12.dll
[2008/10/12 19:23:19 | 00,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2008/10/12 19:23:11 | 00,022,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxpcls.sys
[2008/10/12 19:23:03 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxp60.dll
[2008/10/12 19:22:55 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\umaxcam.dll
[2008/10/12 19:22:48 | 00,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2008/10/12 19:22:40 | 00,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2008/10/12 19:22:19 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uagp35.sys
[2008/10/12 19:21:50 | 00,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2008/10/12 19:21:42 | 00,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2008/10/12 19:21:34 | 00,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2008/10/12 19:21:27 | 00,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2008/10/12 19:21:19 | 00,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2008/10/12 19:21:11 | 00,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2008/10/12 19:20:36 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\toside.sys
[2008/10/12 19:20:02 | 00,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2008/10/12 19:19:38 | 00,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2008/10/12 19:19:30 | 00,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2008/10/12 19:19:28 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2008/10/12 19:18:58 | 00,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2008/10/12 19:18:51 | 00,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2008/10/12 19:17:57 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tandqic.sys
[2008/10/12 19:17:50 | 00,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2008/10/12 19:17:43 | 00,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2008/10/12 19:16:59 | 00,094,293 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sxports.dll
[2008/10/12 19:16:52 | 00,103,936 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\sx.sys
[2008/10/12 19:16:45 | 00,003,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swusbflt.sys
[2008/10/12 19:16:38 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[2008/10/12 19:16:31 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpdflt2.dll
[2008/10/12 19:16:23 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_wheel.dll
[2008/10/12 19:16:16 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sw_effct.dll
[2008/10/12 19:13:18 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2008/10/12 19:13:11 | 00,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2008/10/12 19:13:04 | 00,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2008/10/12 19:12:57 | 00,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2008/10/12 19:12:49 | 00,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2008/10/12 19:12:30 | 00,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2008/10/12 19:12:19 | 00,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusd.dll
[2008/10/12 19:11:41 | 00,024,660 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxupchk.dll
[2008/10/12 19:11:29 | 00,061,824 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\speed.sys
[2008/10/12 19:11:22 | 00,106,584 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spdports.dll
[2008/10/12 19:11:14 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2008/10/12 19:10:37 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonymc.sys
[2008/10/12 19:10:36 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sonyait.sys
[2008/10/12 19:10:08 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snyaitmc.sys
[2008/10/12 19:09:27 | 00,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2008/10/12 19:09:04 | 00,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2008/10/12 19:08:22 | 00,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2008/10/12 19:08:15 | 00,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2008/10/12 19:08:08 | 00,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2008/10/12 19:08:01 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbhc.sys
[2008/10/12 19:07:59 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbclass.sys
[2008/10/12 19:07:58 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbbatt.sys
[2008/10/12 19:07:58 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smbali.sys
[2008/10/12 19:07:30 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb3w.dll
[2008/10/12 19:07:23 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb0w.dll
[2008/10/12 19:07:15 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma0w.dll
[2008/10/12 19:07:04 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm91w.dll
[2008/10/12 19:05:54 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2008/10/12 19:05:50 | 00,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2008/10/12 19:05:43 | 00,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2008/10/12 19:05:36 | 00,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2008/10/12 19:05:21 | 00,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2008/10/12 19:04:00 | 00,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2008/10/12 19:03:53 | 00,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2008/10/12 19:03:46 | 00,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2008/10/12 19:03:39 | 00,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2008/10/12 19:03:23 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2008/10/12 19:03:16 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sermouse.sys
[2008/10/12 19:03:00 | 00,006,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seaddsmc.sys
[2008/10/12 19:02:54 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiscan.sys
[2008/10/12 19:02:46 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scsiprnt.sys
[2008/10/12 19:02:16 | 00,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2008/10/12 19:02:09 | 00,016,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scmstcs.sys
[2008/10/12 19:02:01 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2008/10/12 19:01:55 | 00,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2008/10/12 19:01:53 | 00,043,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sbp2port.sys
[2008/10/12 19:01:23 | 00,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2008/10/12 19:01:16 | 00,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2008/10/12 19:01:10 | 00,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2008/10/12 19:01:03 | 00,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2008/10/12 19:00:56 | 00,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2008/10/12 19:00:50 | 00,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2008/10/12 19:00:43 | 00,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2008/10/12 19:00:36 | 00,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2008/10/12 19:00:29 | 00,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2008/10/12 19:00:22 | 00,065,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.sys
[2008/10/12 19:00:08 | 00,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2008/10/12 19:00:01 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2008/10/12 18:59:41 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2008/10/12 18:59:34 | 00,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2008/10/12 18:59:27 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2008/10/12 18:59:20 | 00,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2008/10/12 18:59:05 | 00,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2008/10/12 18:58:47 | 00,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2008/10/12 18:58:46 | 00,030,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rndismpx.sys
[2008/10/12 18:58:39 | 00,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2008/10/12 18:58:36 | 00,059,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rfcomm.sys
[2008/10/12 18:58:29 | 00,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2008/10/12 18:58:04 | 00,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2008/10/12 18:57:51 | 00,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2008/10/12 18:57:44 | 00,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2008/10/12 18:57:37 | 00,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qvusd.dll
[2008/10/12 18:57:30 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qv2kux.sys
[2008/10/12 18:57:07 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2008/10/12 18:56:54 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2008/10/12 18:56:45 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qic157.sys
[2008/10/12 18:56:33 | 00,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2008/10/12 18:56:27 | 00,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2008/10/12 18:56:20 | 00,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2008/10/12 18:56:18 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusd.dll
[2008/10/12 18:56:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ptpusb.dll
[2008/10/12 18:56:10 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2008/10/12 18:56:04 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\psisload.dll
[2008/10/12 18:56:02 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2008/10/12 18:55:55 | 00,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2008/10/12 18:55:47 | 00,017,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa3.sys
[2008/10/12 18:55:41 | 00,017,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ppa.sys
[2008/10/12 18:55:34 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\powerfil.sys
[2008/10/12 18:55:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pnrmc.sys
[2008/10/12 18:55:21 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx
[2008/10/12 18:55:06 | 00,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phvfwext.dll
[2008/10/12 18:54:55 | 00,019,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philtune.sys
[2008/10/12 18:54:48 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phildec.sys
[2008/10/12 18:54:42 | 00,173,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam2.sys
[2008/10/12 18:54:35 | 00,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.sys
[2008/10/12 18:54:29 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\philcam1.dll
[2008/10/12 18:54:21 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phdsext.ax
[2008/10/12 18:54:17 | 00,259,328 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3dd.dll
[2008/10/12 18:54:15 | 00,211,712 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2dll.dll
[2008/10/12 18:54:15 | 00,028,032 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm3.sys
[2008/10/12 18:54:14 | 00,027,904 | ---- | C] (Microsoft Corp., 3Dlabs Inc. Ltd.) -- C:\WINDOWS\System32\dllcache\perm2.sys
[2008/10/12 18:54:06 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2008/10/12 18:54:00 | 00,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2008/10/12 18:53:58 | 00,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2008/10/12 18:53:52 | 00,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2008/10/12 18:53:45 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntpci5.sys
[2008/10/12 18:53:39 | 00,029,769 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5m.sys
[2008/10/12 18:53:32 | 00,030,282 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\dllcache\pcntn5hl.sys
[2008/10/12 18:53:25 | 00,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2008/10/12 18:53:18 | 00,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2008/10/12 18:53:18 | 00,003,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pciide.sys
[2008/10/12 18:53:11 | 00,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2008/10/12 18:51:35 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2rc.dll
[2008/10/12 18:51:28 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovui2.dll
[2008/10/12 18:51:21 | 00,025,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovsound2.sys
[2008/10/12 18:51:15 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcoms.exe
[2008/10/12 18:51:08 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcomc.dll
[2008/10/12 18:51:02 | 00,351,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodek2.sys
[2008/10/12 18:50:55 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcodec2.dll
[2008/10/12 18:50:49 | 00,031,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovce.sys
[2008/10/12 18:50:42 | 00,028,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcd.sys
[2008/10/12 18:50:36 | 00,048,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovcam2.sys
[2008/10/12 18:50:29 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ovca.sys
[2008/10/12 18:50:23 | 00,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2008/10/12 18:50:17 | 00,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2008/10/12 18:50:10 | 00,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2008/10/12 18:50:02 | 00,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2008/10/12 18:49:55 | 00,061,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2008/10/12 18:49:12 | 00,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2008/10/12 18:49:03 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntapm.sys
[2008/10/12 18:48:56 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsmmc.sys
[2008/10/12 18:48:42 | 00,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2008/10/12 18:48:36 | 00,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2008/10/12 18:48:27 | 00,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2008/10/12 18:48:16 | 00,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2008/10/12 18:48:03 | 00,065,278 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\netflx3.sys
[2008/10/12 18:47:56 | 00,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2008/10/12 18:47:50 | 00,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2008/10/12 18:47:43 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ne2000.sys
[2008/10/12 18:47:42 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2008/10/12 18:47:39 | 00,085,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2008/10/12 18:47:33 | 00,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2008/10/12 18:47:26 | 00,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2008/10/12 18:47:20 | 00,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2008/10/12 18:47:14 | 00,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2008/10/12 18:47:08 | 00,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2008/10/12 18:47:02 | 00,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2008/10/12 18:46:55 | 00,128,000 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n100325.sys
[2008/10/12 18:46:49 | 00,052,255 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\n1000nt5.sys
[2008/10/12 18:46:43 | 00,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2008/10/12 18:46:37 | 00,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2008/10/12 18:46:30 | 00,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2008/10/12 18:46:24 | 00,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2008/10/12 18:46:18 | 00,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2008/10/12 18:46:07 | 00,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2008/10/12 18:45:36 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2008/10/12 18:45:34 | 00,049,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstape.sys
[2008/10/12 18:45:26 | 00,012,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msriffwv.sys
[2008/10/12 18:45:12 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmpu401.sys
[2008/10/12 18:45:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msircomm.sys
[2008/10/12 18:44:43 | 00,035,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgame.sys
[2008/10/12 18:44:35 | 00,006,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfsio.sys
[2008/10/12 18:44:33 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2008/10/12 18:44:32 | 00,051,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2008/10/12 18:44:15 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2008/10/12 18:44:04 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2008/10/12 18:43:55 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2008/10/12 18:43:45 | 00,006,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\miniqic.sys
[2008/10/12 18:39:57 | 00,047,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memgrp.dll
[2008/10/12 18:39:51 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\memcard.sys
[2008/10/12 18:39:38 | 00,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2008/10/12 18:39:26 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mammoth.sys
[2008/10/12 18:39:04 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3092dc.dll
[2008/10/12 18:38:57 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\m3091dc.dll
[2008/10/12 18:38:43 | 00,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2008/10/12 18:38:37 | 00,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2008/10/12 18:38:36 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ltotape.sys
[2008/10/12 18:38:34 | 00,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2008/10/12 18:38:29 | 00,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2008/10/12 18:38:28 | 00,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2008/10/12 18:38:22 | 00,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2008/10/12 18:38:09 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\loop.sys
[2008/10/12 18:37:41 | 00,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2008/10/12 18:37:35 | 00,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2008/10/12 18:37:29 | 00,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2008/10/12 18:37:18 | 00,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2008/10/12 18:37:07 | 00,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2008/10/12 18:37:01 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2008/10/12 18:37:01 | 00,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2008/10/12 18:36:59 | 00,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2008/10/12 18:36:58 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2008/10/12 18:36:50 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kousd.dll
[2008/10/12 18:35:22 | 00,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsusd.dll
[2008/10/12 18:35:17 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kdsui.dll
[2008/10/12 18:34:44 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2008/10/12 18:34:38 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2008/10/12 18:34:00 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2008/10/12 18:33:54 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2008/10/12 18:33:49 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2008/10/12 18:33:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2008/10/12 18:33:19 | 00,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2008/10/12 18:33:17 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2008/10/12 18:33:12 | 00,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2008/10/12 18:33:11 | 00,152,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2008/10/12 18:33:10 | 00,087,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2008/10/12 18:33:08 | 00,040,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2008/10/12 18:33:05 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2008/10/12 18:32:53 | 00,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2008/10/12 18:32:47 | 00,090,200 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8ports.dll
[2008/10/12 18:32:42 | 00,038,784 | ---- | C] (Perle Systems Ltd. ) -- C:\WINDOWS\System32\dllcache\io8.sys
[2008/10/12 18:32:36 | 00,013,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inport.sys
[2008/10/12 18:32:30 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2008/10/12 18:31:20 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2008/10/12 18:30:10 | 00,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2008/10/12 18:30:02 | 00,100,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5usb.sys
[2008/10/12 18:29:57 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5ext.dll
[2008/10/12 18:29:51 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam5com.dll
[2008/10/12 18:29:46 | 00,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4usb.sys
[2008/10/12 18:29:41 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4ext.dll
[2008/10/12 18:29:35 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam4com.dll
[2008/10/12 18:29:30 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3ext.dll
[2008/10/12 18:29:25 | 00,141,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icam3.sys
[2008/10/12 18:29:19 | 00,038,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ibmvcap.sys
[2008/10/12 18:28:42 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2008/10/12 18:28:40 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2008/10/12 18:26:38 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hr1w.dll
[2008/10/12 18:24:58 | 00,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2008/10/12 18:24:56 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidir.sys
[2008/10/12 18:24:51 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2008/10/12 18:24:50 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbth.sys
[2008/10/12 18:24:45 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2008/10/12 18:24:12 | 00,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2008/10/12 18:24:07 | 00,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2008/10/12 18:24:02 | 00,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2008/10/12 18:23:56 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2008/10/12 18:23:55 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gameenum.sys
[2008/10/12 18:23:53 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gagp30kx.sys
[2008/10/12 18:23:30 | 00,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2008/10/12 18:23:02 | 00,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fuusd.dll
[2008/10/12 18:22:57 | 00,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2008/10/12 18:22:53 | 00,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2008/10/12 18:22:36 | 00,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2008/10/12 18:22:16 | 00,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2008/10/12 18:22:12 | 00,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2008/10/12 18:13:40 | 00,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2008/10/12 18:13:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fnfilter.dll
[2008/10/12 18:12:24 | 00,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2008/10/12 18:12:03 | 00,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2008/10/12 18:11:59 | 00,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2008/10/12 18:11:48 | 00,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exabyte2.sys
[2008/10/12 18:11:28 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunib.dll
[2008/10/12 18:11:24 | 00,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuni.dll
[2008/10/12 18:11:05 | 00,034,816 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimg.dll
[2008/10/12 18:10:57 | 00,043,008 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucm.dll
[2008/10/12 18:10:28 | 00,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2008/10/12 18:10:00 | 00,114,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epstw2k.sys
[2008/10/12 18:09:52 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\epcfw2k.sys
[2008/10/12 18:09:49 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2008/10/12 18:09:31 | 00,007,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\elmsmc.sys
[2008/10/12 18:08:30 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2008/10/12 18:08:27 | 00,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2008/10/12 18:08:22 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2008/10/12 18:08:17 | 00,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2008/10/12 18:08:15 | 00,023,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2008/10/12 18:08:12 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4scan.sys
[2008/10/12 18:08:09 | 00,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2008/10/12 18:08:08 | 00,207,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2008/10/12 18:07:58 | 00,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2008/10/12 18:07:57 | 00,008,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlttape.sys
[2008/10/12 18:07:54 | 00,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2008/10/12 18:07:51 | 00,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2008/10/12 18:07:49 | 00,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2008/10/12 18:07:46 | 00,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2008/10/12 18:07:44 | 00,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2008/10/12 18:07:41 | 00,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2008/10/12 18:07:39 | 00,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2008/10/12 18:07:36 | 00,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2008/10/12 18:07:34 | 00,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2008/10/12 18:07:27 | 00,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2008/10/12 18:06:42 | 00,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2008/10/12 18:06:39 | 00,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2008/10/12 18:06:31 | 00,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2008/10/12 18:06:29 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddsmc.sys
[2008/10/12 18:06:25 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc260usd.dll
[2008/10/12 18:06:23 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc240usd.dll
[2008/10/12 18:06:18 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210usd.dll
[2008/10/12 18:06:15 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dc210_32.dll
[2008/10/12 18:06:06 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2008/10/12 18:05:56 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzports.dll
[2008/10/12 18:05:54 | 00,049,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzport.sys
[2008/10/12 18:05:51 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyzcoins.dll
[2008/10/12 18:05:49 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyports.dll
[2008/10/12 18:05:47 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyyport.sys
[2008/10/12 18:05:44 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyycoins.dll
[2008/10/12 18:05:42 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclom-y.sys
[2008/10/12 18:05:39 | 00,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2008/10/12 18:05:39 | 00,017,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cyclad-z.sys
[2008/10/12 18:05:36 | 00,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2008/10/12 18:05:34 | 00,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2008/10/12 18:05:32 | 00,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2008/10/12 18:05:29 | 00,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2008/10/12 18:05:27 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2008/10/12 18:05:25 | 00,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2008/10/12 18:05:21 | 00,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2008/10/12 18:05:10 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csamsp.dll
[2008/10/12 18:05:05 | 00,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2008/10/12 18:05:01 | 00,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2008/10/12 18:04:59 | 00,021,533 | ---- | C] (Compaq Computer Corporation) -- C:\WINDOWS\System32\dllcache\cpqndis5.sys
[2008/10/12 18:04:57 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2008/10/12 18:04:07 | 00,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2008/10/12 18:04:00 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnusd.dll
[2008/10/12 18:03:54 | 00,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2008/10/12 18:03:53 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmbatt.sys
[2008/10/12 18:03:47 | 00,248,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546xm.sys
[2008/10/12 18:03:46 | 00,170,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl546x.dll
[2008/10/12 18:03:44 | 00,111,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cl5465.dll
[2008/10/12 18:03:42 | 00,045,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.sys
[2008/10/12 18:03:40 | 00,091,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cirrus.dll
[2008/10/12 18:03:33 | 00,272,640 | ---- | C] (RAVISENT Technologies Inc.) -- C:\WINDOWS\System32\dllcache\cinemclc.sys
[2008/10/12 18:03:30 | 00,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2008/10/12 18:03:17 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2008/10/12 18:03:06 | 00,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2008/10/12 18:03:05 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2008/10/12 18:03:03 | 00,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2008/10/12 18:03:02 | 00,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2008/10/12 18:03:00 | 00,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2008/10/12 18:02:54 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2008/10/12 18:02:53 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2008/10/12 18:02:52 | 00,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2008/10/12 18:02:50 | 00,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2008/10/12 18:02:49 | 00,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2008/10/12 18:02:47 | 00,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2008/10/12 18:02:41 | 00,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2008/10/12 18:02:38 | 00,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2008/10/12 18:02:32 | 00,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.dll
[2008/10/12 18:02:30 | 00,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext30.ax
[2008/10/12 18:02:29 | 00,236,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.dll
[2008/10/12 18:02:27 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camext20.ax
[2008/10/12 18:02:25 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.dll
[2008/10/12 18:02:24 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camexo20.ax
[2008/10/12 18:02:22 | 00,171,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv30.sys
[2008/10/12 18:02:20 | 00,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdrv21.sys
[2008/10/12 18:02:19 | 00,314,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\camdro21.sys
[2008/10/12 18:00:28 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2008/10/12 18:00:27 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthusb.sys
[2008/10/12 18:00:25 | 00,038,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthmodem.sys
[2008/10/12 18:00:24 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthenum.sys
[2008/10/12 18:00:22 | 00,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2008/10/12 18:00:21 | 00,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2008/10/12 18:00:19 | 00,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2008/10/12 18:00:18 | 00,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2008/10/12 18:00:16 | 00,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2008/10/12 18:00:15 | 00,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2008/10/12 18:00:13 | 00,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2008/10/12 18:00:11 | 00,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2008/10/12 18:00:02 | 00,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2008/10/12 18:00:01 | 00,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2008/10/12 17:59:59 | 00,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2008/10/12 17:59:58 | 00,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2008/10/12 17:59:57 | 00,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2008/10/12 17:59:55 | 00,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2008/10/12 17:59:54 | 00,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2008/10/12 17:59:52 | 00,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2008/10/12 17:59:50 | 00,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2008/10/12 17:59:49 | 00,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2008/10/12 17:59:48 | 00,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2008/10/12 17:59:40 | 00,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2008/10/12 17:59:29 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2008/10/12 17:59:29 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2008/10/12 17:59:27 | 00,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2008/10/12 17:59:22 | 00,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2008/10/12 17:59:20 | 00,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2008/10/12 17:59:19 | 00,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2008/10/12 17:59:16 | 00,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2008/10/12 17:59:15 | 00,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2008/10/12 17:59:14 | 00,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2008/10/12 17:59:12 | 00,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2008/10/12 17:59:11 | 00,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2008/10/12 17:59:09 | 00,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2008/10/12 17:59:08 | 00,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2008/10/12 17:59:06 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2008/10/12 17:58:53 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2008/10/12 17:58:51 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2008/10/12 17:58:47 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2008/10/12 17:58:42 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2008/10/12 17:58:40 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2008/10/12 17:58:39 | 00,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2008/10/12 17:58:37 | 00,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2008/10/12 17:58:36 | 00,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2008/10/12 17:58:32 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2008/10/12 17:58:15 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2008/10/12 17:58:10 | 00,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2008/10/12 17:57:51 | 00,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2008/10/12 17:57:50 | 00,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2008/10/12 17:57:42 | 00,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2008/10/12 17:57:32 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2008/10/12 17:57:08 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2008/10/12 17:57:05 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2008/10/12 17:57:02 | 00,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2008/10/12 17:57:01 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\alim1541.sys
[2008/10/12 17:56:56 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2008/10/12 17:56:55 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2008/10/12 17:56:54 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2008/10/12 17:55:48 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agpcpq.sys
[2008/10/12 17:55:46 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2008/10/12 17:55:41 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2008/10/12 17:55:34 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2008/10/12 17:55:32 | 00,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2008/10/12 17:55:30 | 00,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2008/10/12 17:55:21 | 00,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2008/10/12 17:55:20 | 00,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2008/10/12 17:55:19 | 00,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2008/10/12 17:55:18 | 00,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2008/10/12 17:55:17 | 00,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2008/10/12 17:55:15 | 00,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2008/10/12 17:55:12 | 00,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2008/10/12 17:55:09 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2008/10/12 17:55:08 | 00,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2008/10/12 17:55:04 | 00,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2008/10/12 17:55:01 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2008/10/12 17:55:00 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2008/10/12 17:54:59 | 00,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2008/10/12 17:54:58 | 00,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2008/10/12 17:54:57 | 00,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2008/10/12 17:54:56 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2008/10/12 17:54:54 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2008/10/12 17:45:29 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2008/10/12 15:20:53 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2008/10/12 15:09:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Desktop\computer cleanup
[2008/10/12 14:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Malwarebytes
[2008/10/12 14:54:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/12 14:54:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/12 14:54:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/12 14:54:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/12 13:05:52 | 00,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2008/10/12 12:52:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/10/12 09:17:03 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/11 20:19:15 | 00,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2008/10/11 19:55:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\com.zipeg
[2008/10/11 19:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\com.zipeg
[2008/10/11 08:05:11 | 00,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2008/10/11 08:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2008/10/11 08:02:37 | 00,000,000 | ---D | C] -- C:\Program Files\SlySoft
[2008/10/10 12:00:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/10/09 11:19:21 | 00,245,408 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2008/10/08 21:07:37 | 00,036,352 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\GROCERY LISTS 10.pub
[2008/10/08 14:04:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\MysteryStudio
[2008/10/08 10:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\RadarSync
[2008/10/07 21:54:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Jackpot Matchup
[2008/10/07 21:48:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Gaijin Ent
[2008/10/07 18:19:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\LinkedLetters
[2008/10/06 14:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\PendulumQuest
[2008/10/05 22:53:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2008/10/05 20:47:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\EleFun Games
[2008/10/03 20:50:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Beanbag Studios
[2008/10/03 15:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\panoramik
[2008/09/30 15:14:00 | 00,141,792 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\ashsav.jpeg
[2008/09/27 17:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Saved Games
[2008/09/26 20:50:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Pogo Games
[2008/09/26 11:32:09 | 00,056,320 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\Hi Ashley.doc
[2008/09/24 14:40:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\ITTNord
[2008/09/21 19:04:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\funkitron
[2008/09/18 18:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\BigFishv1005
[2008/09/18 10:08:26 | 00,129,536 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\kirbysell.pub
[2008/09/17 21:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\FamilyRestaurant
[2008/09/15 15:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\QSGames
[2008/09/15 15:07:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QSGames
[2008/09/14 15:10:06 | 00,000,000 | ---D | C] -- C:\DNData
[2008/09/14 13:01:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Oberon Games
[2008/09/14 13:01:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/09/14 09:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\flightgear.org
[2008/09/14 09:27:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\LEGO Company
[2008/09/13 23:27:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Chicken Chase
[2008/09/13 21:14:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\WorldWinner.com
[2008/09/13 20:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\RoadToRiches
[2008/09/13 20:43:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\FusoTruckGame2
[2008/09/13 13:31:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
[2008/09/13 10:47:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Local Settings\Application Data\Grubby Games
[2008/09/13 10:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Pi Eye Games
[2008/09/12 23:40:31 | 00,000,332 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2008/09/12 19:07:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\PlayFirst
[2008/09/12 18:25:01 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2008/09/12 18:25:01 | 00,018,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_2.dll
[2008/09/12 13:28:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
[2008/09/08 22:17:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
[2008/09/07 10:01:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\programs
[2008/09/07 09:17:15 | 00,002,048 | ---- | C] () -- C:\w2ksect.bin
[2008/09/07 09:01:43 | 00,000,000 | ---D | C] -- C:\XPSETUP
[2008/09/06 10:05:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\Skunk Studios
[2008/09/06 08:18:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\uTorrent
[2008/09/05 19:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blg
[2008/09/03 13:22:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/09/03 13:22:14 | 00,110,592 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2008/09/03 12:07:45 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/02 14:32:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Slapdash Games
[2008/09/02 13:42:09 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/08/31 12:24:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PearlDiv_full
[2008/08/29 09:03:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\TMInc
[2008/08/28 15:54:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Christmasville
[2008/08/27 19:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/08/27 12:27:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
[2008/08/26 09:23:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\Application Data\IWin_Janes_Realty
[2008/08/25 19:29:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/08/22 02:05:00 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PrivacIE.dll
[2008/08/21 16:30:23 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\winner1\Desktop\Adobe Photoshop 7.0.lnk
[2008/08/21 09:49:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\winner1\My Documents\FrostWire
[2008/08/21 09:35:59 | 00,000,860 | ---- | C] () -- C:\Documents and Settings\winner1\Desktop\FrostWire 4.17.0.lnk
[2008/08/08 06:55:31 | 00,691,686 | ---- | C] () -- C:\Documents and Settings\winner1\My Documents\StarterSetup.zip


========== Files - Modified Within 90 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2008/11/05 16:10:56 | 00,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play My Games.lnk
[2008/11/05 08:22:39 | 29,664,040 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/11/04 14:55:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/04 14:54:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/04 14:53:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/04 08:07:05 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/04 01:58:44 | 00,103,638 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/11/03 08:10:20 | 00,000,332 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2008/11/02 14:09:14 | 29,727,838 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\pp_ref_en.doc
[2008/11/02 08:35:12 | 00,468,864 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/02 08:35:12 | 00,400,464 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/02 08:35:12 | 00,060,624 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/31 10:52:28 | 03,870,208 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\carson.ppt
[2008/10/28 13:16:05 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/10/27 16:10:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/10/26 22:00:20 | 05,339,370 | -H-- | M] () -- C:\Documents and Settings\winner1\Local Settings\Application Data\IconCache.db
[2008/10/26 21:57:56 | 00,000,658 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/10/26 21:57:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2008/10/26 21:57:56 | 00,000,210 | -HS- | M] () -- C:\boot.ini
[2008/10/26 15:12:58 | 01,602,877 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\ProcessExplorer.zip
[2008/10/26 09:48:36 | 49,279,561 | ---- | M] () -- C:\WINDOWS\Verify.reg
[2008/10/25 21:45:42 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.0.lnk
[2008/10/25 21:45:41 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2008/10/25 21:45:33 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2008/10/25 21:45:26 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2008/10/25 21:45:19 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2008/10/25 21:45:19 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/20 23:21:43 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\winner1\Desktop\NoteTab Light.lnk
[2008/10/20 20:37:06 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\HBD.pub
[2008/10/20 11:31:36 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\winner1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/15 11:43:12 | 00,240,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/15 11:41:06 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/15 10:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 10:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/13 09:25:26 | 00,266,048 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/12 13:05:52 | 00,026,000 | ---- | M] () -- C:\WINDOWS\System32\E3TL.DLL
[2008/10/12 09:17:03 | 00,000,091 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2008/10/11 20:19:15 | 00,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2008/10/11 20:01:53 | 00,000,125 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/10/11 08:05:11 | 00,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CloneDVD2.lnk
[2008/10/08 21:07:37 | 00,036,352 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\GROCERY LISTS 10.pub
[2008/10/07 13:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/05 23:37:40 | 00,000,078 | -HS- | M] () -- C:\Documents and Settings\winner1\My Documents\desktop.ini
[2008/09/30 15:14:01 | 00,141,792 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\ashsav.jpeg
[2008/09/26 11:32:09 | 00,056,320 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\Hi Ashley.doc
[2008/09/18 10:08:26 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\kirbysell.pub
[2008/09/15 05:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2008/09/15 05:57:41 | 01,846,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2008/09/14 20:22:57 | 00,362,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metal_ss.dll
[2008/09/14 20:22:57 | 00,362,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\home_ss.dll
[2008/09/14 20:22:57 | 00,361,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\blue_ss.dll
[2008/09/07 09:15:36 | 00,002,048 | ---- | M] () -- C:\w2ksect.bin
[2008/08/28 04:04:17 | 00,333,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/08/28 04:04:17 | 00,333,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/08/22 02:15:56 | 01,216,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2008/08/22 02:15:56 | 01,216,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/08/22 02:14:40 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2008/08/22 02:10:34 | 11,985,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/08/22 02:10:34 | 11,985,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/08/22 02:09:32 | 05,699,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/08/22 02:09:32 | 05,699,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/08/22 02:08:42 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2008/08/22 02:08:34 | 01,415,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2008/08/22 02:08:34 | 01,415,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2008/08/22 02:08:22 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/08/22 02:08:22 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2008/08/22 02:08:22 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2008/08/22 02:08:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2008/08/22 02:08:08 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2008/08/22 02:08:06 | 00,878,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/08/22 02:08:06 | 00,878,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/08/22 02:08:00 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2008/08/22 02:08:00 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2008/08/22 02:07:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/08/22 02:07:58 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2008/08/22 02:07:50 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/08/22 02:07:50 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2008/08/22 02:07:50 | 00,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2008/08/22 02:07:50 | 00,116,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2008/08/22 02:07:20 | 00,755,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2008/08/22 02:07:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2008/08/22 02:07:08 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2008/08/22 02:06:58 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2008/08/22 02:06:58 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2008/08/22 02:06:44 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2008/08/22 02:06:44 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2008/08/22 02:06:40 | 00,228,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2008/08/22 02:06:40 | 00,228,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2008/08/22 02:06:36 | 00,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2008/08/22 02:06:36 | 00,434,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2008/08/22 02:06:36 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2008/08/22 02:06:36 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2008/08/22 02:06:30 | 00,552,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2008/08/22 02:06:30 | 00,552,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2008/08/22 02:06:30 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2008/08/22 02:06:30 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2008/08/22 02:06:24 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2008/08/22 02:06:24 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2008/08/22 02:06:24 | 00,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2008/08/22 02:06:24 | 00,162,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2008/08/22 02:06:24 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2008/08/22 02:06:24 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2008/08/22 02:06:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2008/08/22 02:06:20 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2008/08/22 02:06:20 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2008/08/22 02:06:16 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2008/08/22 02:06:16 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2008/08/22 02:06:16 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2008/08/22 02:06:16 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2008/08/22 02:06:02 | 01,778,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2008/08/22 02:06:02 | 01,778,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/08/22 02:05:48 | 00,580,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2008/08/22 02:05:48 | 00,580,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/08/22 02:05:34 | 00,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2008/08/22 02:05:34 | 00,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2008/08/22 02:05:24 | 00,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2008/08/22 02:05:24 | 00,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2008/08/22 02:05:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2008/08/22 02:05:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/08/22 02:05:22 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2008/08/22 02:05:20 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2008/08/22 02:05:20 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/08/22 02:05:16 | 00,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/08/22 02:05:16 | 00,346,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2008/08/22 02:05:14 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2008/08/22 02:05:14 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2008/08/22 02:05:14 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2008/08/22 02:05:14 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2008/08/22 02:05:10 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/08/22 02:05:10 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2008/08/22 02:05:08 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/08/22 02:05:08 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2008/08/22 02:05:00 | 00,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PrivacIE.dll
[2008/08/22 02:05:00 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2008/08/22 02:05:00 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2008/08/22 02:04:58 | 01,659,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2008/08/22 02:04:58 | 01,659,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2008/08/22 02:04:54 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2008/08/22 02:04:54 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2008/08/22 02:04:50 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2008/08/22 02:04:50 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2008/08/22 02:00:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2008/08/22 01:58:12 | 00,181,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2008/08/22 01:57:56 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2008/08/22 01:57:56 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2008/08/22 01:49:56 | 00,056,413 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2008/08/22 01:42:22 | 00,443,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2008/08/22 01:42:22 | 00,443,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/08/21 16:30:23 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\winner1\Desktop\Adobe Photoshop 7.0.lnk
[2008/08/21 16:28:52 | 00,000,986 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
[2008/08/21 09:35:59 | 00,000,860 | ---- | M] () -- C:\Documents and Settings\winner1\Desktop\FrostWire 4.17.0.lnk
[2008/08/14 04:00:45 | 02,180,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2008/08/14 04:00:45 | 02,180,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2008/08/14 03:58:27 | 02,136,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2008/08/14 03:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\afd.sys
[2008/08/14 03:51:43 | 00,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2008/08/14 03:22:14 | 02,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2008/08/14 03:22:13 | 02,057,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2008/08/14 03:22:13 | 02,057,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2008/08/08 06:55:33 | 00,691,686 | ---- | M] () -- C:\Documents and Settings\winner1\My Documents\StarterSetup.zip

< End of report >



Extras.txt-

OTListIt Extras logfile created on: 11/6/2008 1:14:48 AM - Run 2
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\winner1\Desktop\bleeping computer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 272.48 Mb Available Physical Memory | 53.40% Memory free
1.22 Gb Paging File | 1.00 Gb Available in Paging File | 82.50% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.98 Gb Free Space | 40.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-C6E079E452
Current User Name: winner1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Disabled:MediaServer
[2006/10/18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008/07/09 23:51:06 | 00,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2008/10/25 21:45:13 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.0
"BFGC" = Big Fish Games Client
"BFG-JEOPARDY! 2" = JEOPARDY! 2
"BFG-Retro Records" = Retro Records
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"Family Feud Hollywood" = Family Feud Hollywood (remove only)
"FrostWire" = FrostWire 4.17.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8 Beta 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PROSet" = Intel® PRO Network Adapters and Drivers
"VLC media player" = VideoLAN VLC media player 0.8.6i
"wa2wmp" = Windows Media Player Skin Importer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2008 4:30:10 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:30:21 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:30:28 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:31:26 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:31:33 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:35:35 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module tapi32.dll, version 5.1.2600.2180, fault address 0x0000f400.

Error - 11/4/2008 4:40:55 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 8:23:52 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 4:49:51 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 11:54:57 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/27/2007 5:52:36 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/27/2007 5:52:39 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/29/2007 5:46:00 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:35:07 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 12:28:18 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 1:07:57 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:23:24 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 2:29:06 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 3:00:59 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 12:44:43 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 06 November 2008 - 01:34 PM

Good job running OTListIt. :thumbsup:

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions


The Hijackthis log did not show any infection right from the beginning. But there might be some remnants of earlier infection. We are going to do a few check to make sure the system is clean from malware or its damage.
  • We are going to repair a security related registry item.
    Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    Windows Registry Editor Version 5.00
    
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
    "Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • I see you have unistalled Sony application and tried to remove the leftover service entries with Hijackthis. To remove those leftovers:

    Go to start > Run copy/paste: The following lines one by one in the run box and click OK after each line.

    sc delete MSCSPTISRV
    sc delete PACSPTISVR
    sc delete SPTISRV

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Click on this link--> virustotal

    Click the browse button and navigate to the file below in bold, then click Send File. You will only be able to have one file scanned at a time.

    C:\WINDOWS\system32\svchost.exe
    C:\C:\WINDOWS\system32tapi32.dll

    If the file is analyzed before click Reanalyse File Now button.

    Please copy and paste the results of the scan in your next post.

  • Go to Start > Run and type in Notepad
    Copy/paste the following text inside the code box into a new notepad document. Make sure that under Format menu Word Wrap is unchecked.

    reg query "HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc" /v ImagePath > look.txt
    start look.txt
    del look.bat
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save
    • Close the Notepad.
    • Locate and double-click look.bat on the desktop.
    • Notepad will open with some txt in it. Copy and paste the contents in your next reply.
  • Please run RSIT, set the list of Files/Folders created to 2 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).


#8 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 November 2008 - 03:19 PM

Alright, I'm off to work, but here is all the info you requested. Thank you for your help.






SDFix: Version 1.240
Run by winner1 on Thu 11/06/2008 at 01:42 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :

C:\WINDOWS
:829408808CF18428 24
Total size: 24 bytes.
WINDOWS: deleted 24 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-06 13:51:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"="C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe:*:Disabled:MediaServer"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\drivers\\svchost.exe"="C:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Sun 30 Dec 2007 48 ..SH. --- "C:\WINDOWS\S5A89EDA9.tmp"
Wed 30 Apr 2008 1,217,864 ...H. --- "C:\Program Files\JEOPARDY! 2\Jeopardy! 2.exe"
Thu 13 Mar 2008 2,164,040 ...H. --- "C:\Program Files\Retro Records\RetroRecords.exe"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 31 Oct 2008 2,041,168 A..H. --- "C:\System Volume Information\_restore{B884FE7C-324C-4B16-BA5B-53066BA4271F}\RP13\A0007048.exe"
Sun 10 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 5 Jun 2008 12 A..H. --- "C:\Documents and Settings\All Users\Application Data\iWin Games\drm\Service_75023909520346476.dll"
Sun 27 Apr 2008 10 A..H. --- "C:\Documents and Settings\All Users\Application Data\iWin Games\drm\Service_1734727414107676527.dll"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\winner1\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

-------------------------------------------------------------------------------------------------------------------------------------------

File svchost.exe received on 11.06.2008 21:06:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/35 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.11.5.3 2008.11.06 -
AntiVir 7.9.0.26 2008.11.06 -
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.06 -
AVG 8.0.0.161 2008.11.06 -
BitDefender 7.2 2008.11.06 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.06 -
DrWeb 4.44.0.09170 2008.11.06 -
eSafe 7.0.17.0 2008.11.06 -
eTrust-Vet 31.6.6195 2008.11.06 -
Ewido 4.0 2008.11.06 -
F-Prot 4.4.4.56 2008.11.06 -
Fortinet 3.117.0.0 2008.11.06 -
GData 19 2008.11.06 -
Ikarus T3.1.1.45.0 2008.11.06 -
K7AntiVirus 7.10.518 2008.11.06 -
Kaspersky 7.0.0.125 2008.11.06 -
McAfee 5425 2008.11.05 -
Microsoft 1.4005 2008.11.06 -
NOD32 3592 2008.11.06 -
Norman 5.80.02 2008.11.06 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.06 -
Prevx1 V2 2008.11.06 -
Rising 21.02.32.00 2008.11.06 -
SecureWeb-Gateway 6.7.6 2008.11.06 -
Sophos 4.35.0 2008.11.06 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.06 -
TheHacker 6.3.1.1.142 2008.11.06 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.06 -
Additional information
File size: 14336 bytes
MD5...: 8f078ae4ed187aaabc0a305146de6716
SHA1..: da0ff4006859a7580aba81f486f692dead2014fe
SHA256: 16593943861d03d508f37f60e41240dee14221e76f625835487f73d5010ac18a
SHA512: 2f82c39b6c151d52cba42357e867910732a930a6055f6a1506d20c1044e88e6f
2cc2027a291c2ab98e21c2b35c2a957c3f5034bf975527001d927c5504776105
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1002509
timedatestamp.....: 0x41107ed6 (Wed Aug 04 06:14:46 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c00 0x2c00 6.29 6fc4d075dfb37185ffae8eacb467b822
.data 0x4000 0x1f0 0x200 1.61 553c0ebbbc67abab785f2065a062b522
.rsrc 0x5000 0x418 0x600 2.54 2997285df9158db5a62ffb42a2fd0d07

( 4 imports )
> ADVAPI32.dll: RegQueryValueExW, SetSecurityDescriptorDacl, SetEntriesInAclW, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, GetTokenInformation, OpenProcessToken, OpenThreadToken, SetServiceStatus, RegisterServiceCtrlHandlerW, RegCloseKey, RegOpenKeyExW, StartServiceCtrlDispatcherW
> KERNEL32.dll: HeapFree, GetLastError, WideCharToMultiByte, lstrlenW, LocalFree, GetCurrentProcess, GetCurrentThread, GetProcAddress, LoadLibraryExW, LeaveCriticalSection, HeapAlloc, EnterCriticalSection, LCMapStringW, FreeLibrary, lstrcpyW, ExpandEnvironmentStringsW, lstrcmpiW, ExitProcess, GetCommandLineW, InitializeCriticalSection, GetProcessHeap, SetErrorMode, SetUnhandledExceptionFilter, RegisterWaitForSingleObject, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, LocalAlloc, lstrcmpW, DelayLoadFailureHook
> ntdll.dll: NtQuerySecurityObject, RtlFreeHeap, NtOpenKey, wcscat, wcscpy, RtlAllocateHeap, RtlCompareUnicodeString, RtlInitUnicodeString, RtlInitializeSid, RtlLengthRequiredSid, RtlSubAuthoritySid, NtClose, RtlSubAuthorityCountSid, RtlGetDaclSecurityDescriptor, RtlQueryInformationAcl, RtlGetAce, RtlImageNtHeader, wcslen, RtlUnhandledExceptionFilter, RtlCopySid
> RPCRT4.dll: RpcServerUnregisterIfEx, RpcMgmtWaitServerListen, RpcMgmtSetServerStackSize, RpcServerUnregisterIf, RpcServerListen, RpcServerUseProtseqEpW, RpcServerRegisterIf, I_RpcMapWin32Status, RpcMgmtStopServerListening

( 0 exports )

-------------------------------------------------------------------------------------------------------------------------------------------


File tapi32.dll received on 11.06.2008 21:04:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/36 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.11.5.3 2008.11.06 -
AntiVir 7.9.0.26 2008.11.06 -
Authentium 5.1.0.4 2008.11.06 -
Avast 4.8.1248.0 2008.11.06 -
AVG 8.0.0.161 2008.11.06 -
BitDefender 7.2 2008.11.06 -
CAT-QuickHeal 9.50 2008.11.04 -
ClamAV 0.94.1 2008.11.06 -
DrWeb 4.44.0.09170 2008.11.06 -
eSafe 7.0.17.0 2008.11.06 -
eTrust-Vet 31.6.6195 2008.11.06 -
Ewido 4.0 2008.11.06 -
F-Prot 4.4.4.56 2008.11.06 -
F-Secure 8.0.14332.0 2008.11.06 -
Fortinet 3.117.0.0 2008.11.06 -
GData 19 2008.11.06 -
Ikarus T3.1.1.45.0 2008.11.06 -
K7AntiVirus 7.10.518 2008.11.06 -
Kaspersky 7.0.0.125 2008.11.06 -
McAfee 5425 2008.11.05 -
Microsoft 1.4005 2008.11.06 -
NOD32 3592 2008.11.06 -
Norman 5.80.02 2008.11.06 -
Panda 9.0.0.4 2008.11.05 -
PCTools 4.4.2.0 2008.11.06 -
Prevx1 V2 2008.11.06 -
Rising 21.02.32.00 2008.11.06 -
SecureWeb-Gateway 6.7.6 2008.11.06 -
Sophos 4.35.0 2008.11.06 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.06 -
TheHacker 6.3.1.1.142 2008.11.06 -
TrendMicro 8.700.0.1004 2008.11.06 -
VBA32 3.12.8.9 2008.11.05 -
ViRobot 2008.11.6.1455 2008.11.06 -
VirusBuster 4.5.11.0 2008.11.06 -
Additional information
File size: 181760 bytes
MD5...: 6307a1b82f6ca87d7e0cdf49e6e7bc00
SHA1..: e243496ce7886ded9c6b2fb207975253169f6dce
SHA256: 09355e39bb39959e93e0122fc78cf730f392ce670de3d7399a1abfb124b36481
SHA512: 3cf71586d2ab31ba80575ba5fa8dba96878b2f3d2bceb7464c10b874e0a845b3
64274bb1c88a3ec684bb632a0ff2ab61f9a3fedc876394f23e9031fb4439c2eb
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x76eb13a0
timedatestamp.....: 0x411096b6 (Wed Aug 04 07:56:38 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x294ef 0x29600 6.64 b1b77566aa4fab6836ecc7bd34336455
.data 0x2b000 0xbd4 0x600 3.02 81da091164815fd99037e366c89f3973
.rsrc 0x2c000 0x7a0 0x800 4.22 2e0138ac9621661ef4556467ea94ceb7
.reloc 0x2d000 0x1ce0 0x1e00 6.68 4c773d38511b290df4f0be336f3d6a37

( 9 imports )
> msvcrt.dll: wcslen, _wcsicmp, free, wcscpy, iswctype, _terminate@@YAXXZ, __1type_info@@UAE@XZ, _adjust_fdiv, _initterm, _except_handler3, _wtol, wcscspn, wcscat, iswdigit, wcscmp, __CxxFrameHandler, wcschr, _wtoi, __2@YAPAXI@Z, __3@YAXPAX@Z, malloc, _vsnprintf, wcsrchr
> ADVAPI32.dll: RegOpenKeyExW, RegQueryValueExA, OpenThreadToken, OpenProcessToken, GetTokenInformation, AllocateAndInitializeSid, RegDeleteValueW, RegSaveKeyW, LookupPrivilegeValueW, AdjustTokenPrivileges, RegEnumValueW, CryptAcquireContextW, CryptDecrypt, CryptEncrypt, CryptDestroyKey, CryptCreateHash, CryptHashData, CryptDeriveKey, CryptDestroyHash, IsValidSid, GetSidIdentifierAuthority, GetSidSubAuthorityCount, GetSidSubAuthority, CryptReleaseContext, RegCloseKey, RegQueryValueExW, EqualSid, RegQueryInfoKeyW, CloseServiceHandle, StartServiceW, GetUserNameW, QueryServiceStatus, OpenServiceW, OpenSCManagerW, RegCreateKeyExW, RegSetValueExW, RegDeleteKeyW, RegEnumKeyExW, FreeSid, RegOpenKeyExA
> GDI32.dll: SelectObject, CreateFontIndirectW, GetObjectW, GetCurrentObject, DeleteObject
> KERNEL32.dll: HeapAlloc, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, DeleteFileW, GetVersion, HeapFree, GetLastError, GetProcAddress, LoadLibraryW, TlsGetValue, TlsSetValue, IsBadCodePtr, GetModuleHandleW, IsBadWritePtr, WideCharToMultiByte, GetACP, LeaveCriticalSection, EnterCriticalSection, WaitForSingleObject, ResetEvent, LocalAlloc, LocalFree, CloseHandle, ReleaseMutex, GetCurrentThreadId, MultiByteToWideChar, IsBadStringPtrA, IsBadStringPtrW, DeleteCriticalSection, TlsFree, FreeLibrary, SetEvent, InitializeCriticalSection, CreateMutexW, TlsAlloc, GetProcessHeap, GetTickCount, Sleep, GetComputerNameW, GetCurrentProcessId, IsBadReadPtr, lstrlenW, lstrlenA, FreeLibraryAndExitThread, CreateThread, CreateEventW, lstrcmpiW, GetModuleFileNameW, OutputDebugStringA, lstrcatA, GetLocalTime, SetLastError, GlobalFree, GlobalUnlock, GlobalHandle, lstrcpyW, GlobalLock, GlobalAlloc, lstrcpynW, GetCurrentProcess, GetCurrentThread, GlobalReAlloc, FindNextFileW, FindFirstFileW, lstrcatW, GetSystemDirectoryW, FormatMessageW, MulDiv, GetProfileIntW, GlobalSize, lstrcpyA, lstrcmpW, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetWindowsDirectoryW
> RPCRT4.dll: RpcStringFreeW, NdrClientCall2, I_RpcExceptionFilter, RpcBindingFree, RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingSetAuthInfoW
> SHLWAPI.dll: -, -, StrChrW, StrToIntW, -, StrCmpIW, StrCmpW, StrCpyNW, StrCmpNW
> USER32.dll: PostMessageW, DestroyWindow, DefWindowProcW, RegisterClassW, LoadStringW, GetUserObjectInformationW, GetThreadDesktop, GetSystemMetrics, IsWindow, wsprintfA, wsprintfW, SendMessageW, EnableWindow, GetDlgItem, SendDlgItemMessageW, EndDialog, GetClientRect, CheckRadioButton, SetWindowTextW, SetFocus, GetFocus, GetWindowTextW, SetWindowLongW, GetWindowLongW, DialogBoxParamW, GetParent, MessageBeep, SetForegroundWindow, EnumWindows, MessageBoxW, IsWindowEnabled, ShowWindow, GetKeyState, SetWindowPos, CreateWindowExW, KillTimer, SetTimer, GetWindowRect, CloseClipboard, CallWindowProcW, SetClipboardData, GetClipboardData, OpenClipboard, EnumChildWindows, SetDlgItemInt, GetDlgItemInt, WinHelpW, GetActiveWindow
> rtutils.dll: TraceDeregisterW, TraceRegisterExW, TraceVprintfExA
> WINMM.dll: waveInMessage, waveOutMessage, midiInMessage, midiOutMessage

( 278 exports )
GetTapi16CallbackMsg, LAddrParamsInited, LOpenDialAsst, LocWizardDlgProc, MMCAddProvider, MMCConfigProvider, MMCGetAvailableProviders, MMCGetDeviceFlags, MMCGetLineInfo, MMCGetLineStatus, MMCGetPhoneInfo, MMCGetPhoneStatus, MMCGetProviderList, MMCGetServerConfig, MMCInitialize, MMCRemoveProvider, MMCSetLineInfo, MMCSetPhoneInfo, MMCSetServerConfig, MMCShutdown, NonAsyncEventThread, TAPIWndProc, TUISPIDLLCallback, internalConfig, internalCreateDefLocation, internalNewLocationW, internalPerformance, internalRemoveLocation, internalRenameLocationW, lineAccept, lineAddProvider, lineAddProviderA, lineAddProviderW, lineAddToConference, lineAgentSpecific, lineAnswer, lineBlindTransfer, lineBlindTransferA, lineBlindTransferW, lineClose, lineCompleteCall, lineCompleteTransfer, lineConfigDialog, lineConfigDialogA, lineConfigDialogEdit, lineConfigDialogEditA, lineConfigDialogEditW, lineConfigDialogW, lineConfigProvider, lineCreateAgentA, lineCreateAgentSessionA, lineCreateAgentSessionW, lineCreateAgentW, lineDeallocateCall, lineDevSpecific, lineDevSpecificFeature, lineDial, lineDialA, lineDialW, lineDrop, lineForward, lineForwardA, lineForwardW, lineGatherDigits, lineGatherDigitsA, lineGatherDigitsW, lineGenerateDigits, lineGenerateDigitsA, lineGenerateDigitsW, lineGenerateTone, lineGetAddressCaps, lineGetAddressCapsA, lineGetAddressCapsW, lineGetAddressID, lineGetAddressIDA, lineGetAddressIDW, lineGetAddressStatus, lineGetAddressStatusA, lineGetAddressStatusW, lineGetAgentActivityListA, lineGetAgentActivityListW, lineGetAgentCapsA, lineGetAgentCapsW, lineGetAgentGroupListA, lineGetAgentGroupListW, lineGetAgentInfo, lineGetAgentSessionInfo, lineGetAgentSessionList, lineGetAgentStatusA, lineGetAgentStatusW, lineGetAppPriority, lineGetAppPriorityA, lineGetAppPriorityW, lineGetCallInfo, lineGetCallInfoA, lineGetCallInfoW, lineGetCallStatus, lineGetConfRelatedCalls, lineGetCountry, lineGetCountryA, lineGetCountryW, lineGetDevCaps, lineGetDevCapsA, lineGetDevCapsW, lineGetDevConfig, lineGetDevConfigA, lineGetDevConfigW, lineGetGroupListA, lineGetGroupListW, lineGetID, lineGetIDA, lineGetIDW, lineGetIcon, lineGetIconA, lineGetIconW, lineGetLineDevStatus, lineGetLineDevStatusA, lineGetLineDevStatusW, lineGetMessage, lineGetNewCalls, lineGetNumRings, lineGetProviderList, lineGetProviderListA, lineGetProviderListW, lineGetProxyStatus, lineGetQueueInfo, lineGetQueueListA, lineGetQueueListW, lineGetRequest, lineGetRequestA, lineGetRequestW, lineGetStatusMessages, lineGetTranslateCaps, lineGetTranslateCapsA, lineGetTranslateCapsW, lineHandoff, lineHandoffA, lineHandoffW, lineHold, lineInitialize, lineInitializeExA, lineInitializeExW, lineMakeCall, lineMakeCallA, lineMakeCallW, lineMonitorDigits, lineMonitorMedia, lineMonitorTones, lineNegotiateAPIVersion, lineNegotiateExtVersion, lineOpen, lineOpenA, lineOpenW, linePark, lineParkA, lineParkW, linePickup, linePickupA, linePickupW, linePrepareAddToConference, linePrepareAddToConferenceA, linePrepareAddToConferenceW, lineProxyMessage, lineProxyResponse, lineRedirect, lineRedirectA, lineRedirectW, lineRegisterRequestRecipient, lineReleaseUserUserInfo, lineRemoveFromConference, lineRemoveProvider, lineSecureCall, lineSendUserUserInfo, lineSetAgentActivity, lineSetAgentGroup, lineSetAgentMeasurementPeriod, lineSetAgentSessionState, lineSetAgentState, lineSetAgentStateEx, lineSetAppPriority, lineSetAppPriorityA, lineSetAppPriorityW, lineSetAppSpecific, lineSetCallData, lineSetCallParams, lineSetCallPrivilege, lineSetCallQualityOfService, lineSetCallTreatment, lineSetCurrentLocation, lineSetDevConfig, lineSetDevConfigA, lineSetDevConfigW, lineSetLineDevStatus, lineSetMediaControl, lineSetMediaMode, lineSetNumRings, lineSetQueueMeasurementPeriod, lineSetStatusMessages, lineSetTerminal, lineSetTollList, lineSetTollListA, lineSetTollListW, lineSetupConference, lineSetupConferenceA, lineSetupConferenceW, lineSetupTransfer, lineSetupTransferA, lineSetupTransferW, lineShutdown, lineSwapHold, lineTranslateAddress, lineTranslateAddressA, lineTranslateAddressW, lineTranslateDialog, lineTranslateDialogA, lineTranslateDialogW, lineUncompleteCall, lineUnhold, lineUnpark, lineUnparkA, lineUnparkW, phoneClose, phoneConfigDialog, phoneConfigDialogA, phoneConfigDialogW, phoneDevSpecific, phoneGetButtonInfo, phoneGetButtonInfoA, phoneGetButtonInfoW, phoneGetData, phoneGetDevCaps, phoneGetDevCapsA, phoneGetDevCapsW, phoneGetDisplay, phoneGetGain, phoneGetHookSwitch, phoneGetID, phoneGetIDA, phoneGetIDW, phoneGetIcon, phoneGetIconA, phoneGetIconW, phoneGetLamp, phoneGetMessage, phoneGetRing, phoneGetStatus, phoneGetStatusA, phoneGetStatusMessages, phoneGetStatusW, phoneGetVolume, phoneInitialize, phoneInitializeExA, phoneInitializeExW, phoneNegotiateAPIVersion, phoneNegotiateExtVersion, phoneOpen, phoneSetButtonInfo, phoneSetButtonInfoA, phoneSetButtonInfoW, phoneSetData, phoneSetDisplay, phoneSetGain, phoneSetHookSwitch, phoneSetLamp, phoneSetRing, phoneSetStatusMessages, phoneSetVolume, phoneShutdown, tapiGetLocationInfo, tapiGetLocationInfoA, tapiGetLocationInfoW, tapiRequestDrop, tapiRequestMakeCall, tapiRequestMakeCallA, tapiRequestMakeCallW, tapiRequestMediaCall, tapiRequestMediaCallA, tapiRequestMediaCallW


----------------------------------------------------------------------------------------------------------------------------------------------



! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs


---------------------------------------------------------------------------------------------------------------------------------------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by winner1 at 2008-11-06 14:14:49
Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (40%) free of 38 GB
Total RAM: 510 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:33 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\winner1\Desktop\bleeping computer\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\winner1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162871506110
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195189837062
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 4295 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-25 455960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2005-03-17 57393]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2002-07-17 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2002-07-17 90112]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-25 1234712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2
"AntiVirScheduler"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk.disabled - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOW

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Disabled:MediaServer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2008-11-06 13:36:55 ----DC---- C:\WINDOWS\ERUNT
2008-11-06 13:33:24 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-11-06 13:30:40 ----DC---- C:\SDFix
2008-11-06 00:15:29 ----DC---- C:\rsit
2008-11-05 21:54:31 ----DC---- C:\Program Files\Retro Records
2008-11-05 21:53:50 ----DC---- C:\Program Files\JEOPARDY! 2
2008-11-05 17:03:49 ----DC---- C:\Documents and Settings\All Users\Application Data\Redrum
2008-11-05 16:18:21 ----DC---- C:\Program Files\Operation Mania
2008-11-05 16:10:55 ----DC---- C:\Program Files\bfgclient
2008-11-05 16:09:47 ----DC---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-11-05 12:10:42 ----DC---- C:\WINDOWS\Temp
2008-11-02 12:20:28 ----DC---- C:\Program Files\FlameSoft
2008-11-02 12:19:00 ----DC---- C:\WINDOWS\Downloaded Installations
2008-11-02 08:43:56 ----HDC---- C:\$AVG8.VAULT$
2008-10-31 13:28:52 ----DC---- C:\Documents and Settings\All Users\Application Data\Legendo
2008-10-31 07:24:14 ----AC---- C:\WINDOWS\system32\xinput1_2.dll
2008-10-31 07:24:05 ----AC---- C:\WINDOWS\system32\d3dx9_30.dll
2008-10-30 20:33:42 ----DC---- C:\Documents and Settings\winner1\Application Data\Flood Light Games
2008-10-28 10:06:23 ----DC---- C:\Documents and Settings\winner1\Application Data\Auslogics
2008-10-28 10:06:02 ----DC---- C:\Program Files\Auslogics
2008-10-26 18:50:23 ----DC---- C:\Documents and Settings\winner1\Application Data\eGames
2008-10-26 15:20:09 ----DC---- C:\Program Files\7-Zip
2008-10-26 09:39:41 ----DC---- C:\WINDOWS\Registry Drill
2008-10-25 21:45:41 ----AC---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-25 21:45:12 ----DC---- C:\Program Files\AVG
2008-10-25 21:45:12 ----DC---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-24 08:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-24 08:37:55 ----DC---- C:\Documents and Settings\winner1\Application Data\Gogii Games
2008-10-22 17:59:39 ----DC---- C:\Documents and Settings\winner1\Application Data\PetShowCraze
2008-10-20 23:21:51 ----DC---- C:\Documents and Settings\winner1\Application Data\NoteTab Light
2008-10-20 23:21:36 ----DC---- C:\Program Files\NoteTab Light
2008-10-19 14:25:03 ----D---- C:\temp
2008-10-19 13:51:53 ----AC---- C:\WINDOWS\SchedLgU.Txt
2008-10-19 07:33:18 ----DC---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-19 07:33:03 ----DC---- C:\Program Files\SUPERAntiSpyware
2008-10-19 07:33:03 ----DC---- C:\Documents and Settings\winner1\Application Data\SUPERAntiSpyware.com
2008-10-18 16:04:44 ----DC---- C:\Documents and Settings\winner1\Application Data\Ohana Games
2008-10-17 18:42:11 ----DC---- C:\Documents and Settings\winner1\Application Data\ViquaSoft
2008-10-15 11:39:19 ----DC---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-15 11:38:49 ----AC---- C:\WINDOWS\system32\SpOrder.dll
2008-10-15 11:36:54 ----DC---- C:\WINDOWS\Internet Logs
2008-10-15 11:08:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:08:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-13 16:07:11 ----DC---- C:\Documents and Settings\winner1\Application Data\AlterLab
2008-10-12 15:20:53 ----DC---- C:\Program Files\CCleaner
2008-10-12 14:54:41 ----DC---- C:\Documents and Settings\winner1\Application Data\Malwarebytes
2008-10-12 14:54:34 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-12 14:54:33 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 13:05:52 ----AC---- C:\WINDOWS\system32\E3TL.DLL
2008-10-12 12:52:42 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 09:17:03 ----AC---- C:\WINDOWS\wininit.ini
2008-10-11 19:55:44 ----DC---- C:\Documents and Settings\winner1\Application Data\com.zipeg
2008-10-11 08:04:49 ----DC---- C:\Program Files\Elaborate Bytes
2008-10-11 08:02:37 ----DC---- C:\Program Files\SlySoft
2008-10-10 12:00:58 ----DC---- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-10-09 11:19:21 ----RC---- C:\WINDOWS\system32\unicows.dll
2008-10-08 14:04:51 ----DC---- C:\Documents and Settings\winner1\Application Data\MysteryStudio
2008-10-07 21:48:09 ----DC---- C:\Documents and Settings\winner1\Application Data\Gaijin Ent
2008-10-07 18:19:57 ----DC---- C:\Documents and Settings\winner1\Application Data\LinkedLetters
2008-10-06 21:33:15 ----DC---- C:\Documents and Settings\winner1\Application Data\BeachPartyCraze
2008-10-06 14:20:26 ----DC---- C:\Documents and Settings\winner1\Application Data\PendulumQuest
2008-10-05 22:53:07 ----HDC---- C:\WINDOWS\ie8
2008-10-05 20:47:57 ----DC---- C:\Documents and Settings\winner1\Application Data\EleFun Games
2008-10-03 20:50:45 ----DC---- C:\Documents and Settings\winner1\Application Data\Beanbag Studios
2008-10-03 15:46:18 ----DC---- C:\Documents and Settings\winner1\Application Data\panoramik
2008-09-26 20:50:37 ----DC---- C:\Documents and Settings\winner1\Application Data\Pogo Games
2008-09-24 14:40:34 ----DC---- C:\Documents and Settings\winner1\Application Data\ITTNord
2008-09-21 19:04:42 ----DC---- C:\Documents and Settings\winner1\Application Data\funkitron
2008-09-18 18:45:09 ----DC---- C:\Documents and Settings\winner1\Application Data\BigFishv1005
2008-09-15 15:07:57 ----DC---- C:\Documents and Settings\winner1\Application Data\QSGames
2008-09-15 15:07:57 ----DC---- C:\Documents and Settings\All Users\Application Data\QSGames
2008-09-14 15:10:06 ----DC---- C:\DNData
2008-09-14 13:01:53 ----DC---- C:\Documents and Settings\winner1\Application Data\Oberon Games
2008-09-14 13:01:53 ----DC---- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-09-14 09:48:05 ----DC---- C:\Documents and Settings\winner1\Application Data\flightgear.org
2008-09-14 09:27:45 ----DC---- C:\Documents and Settings\winner1\Application Data\LEGO Company
2008-09-13 23:27:04 ----DC---- C:\Documents and Settings\winner1\Application Data\Chicken Chase
2008-09-13 13:31:55 ----DC---- C:\Documents and Settings\All Users\Application Data\Grey Alien Games
2008-09-13 10:46:52 ----DC---- C:\Documents and Settings\winner1\Application Data\Pi Eye Games
2008-09-12 19:07:19 ----DC---- C:\Documents and Settings\winner1\Application Data\PlayFirst
2008-09-12 18:25:01 ----AC---- C:\WINDOWS\system32\xactengine2_9.dll
2008-09-12 18:25:01 ----AC---- C:\WINDOWS\system32\x3daudio1_2.dll
2008-09-12 13:28:49 ----DC---- C:\Documents and Settings\All Users\Application Data\MysteryChronicles
2008-09-10 09:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 09:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-08 22:17:57 ----DC---- C:\Documents and Settings\All Users\Application Data\Fashion Solitaire 1.2
2008-09-07 09:01:43 ----D---- C:\XPSETUP

======List of files/folders modified in the last 2 months======

2008-11-06 14:14:55 ----DC---- C:\WINDOWS\Prefetch
2008-11-06 14:00:21 ----DC---- C:\Program Files\Mozilla Firefox
2008-11-06 13:36:55 ----ADC---- C:\WINDOWS
2008-11-06 11:20:35 ----RDC---- C:\Program Files
2008-11-06 10:44:54 ----DC---- C:\WINDOWS\system32\CatRoot2
2008-11-05 22:03:08 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-05 16:06:22 ----DC---- C:\Documents and Settings\All Users\Application Data\iWin Games
2008-11-05 14:50:38 ----DC---- C:\Program Files\iWin.com
2008-11-05 12:20:22 ----DC---- C:\WINDOWS\system32\drivers
2008-11-04 14:53:56 ----SHD---- C:\WINDOWS\CSC
2008-11-04 08:07:05 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-11-03 12:40:31 ----DC---- C:\Documents and Settings\winner1\Application Data\FrostWire
2008-11-03 10:53:32 ----DC---- C:\Documents and Settings\winner1\Application Data\U3
2008-11-02 14:20:39 ----SHDC---- C:\WINDOWS\Installer
2008-11-02 14:20:39 ----SDC---- C:\Documents and Settings\winner1\Application Data\Microsoft
2008-11-02 14:20:32 ----SHDC---- C:\Config.Msi
2008-11-02 14:20:30 ----DC---- C:\WINDOWS\system32
2008-11-02 08:35:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-31 07:24:16 ----DC---- C:\WINDOWS\system32\DirectX
2008-10-31 07:24:15 ----HDC---- C:\WINDOWS\inf
2008-10-30 20:33:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-10-29 13:58:35 ----DC---- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-10-28 13:28:13 ----DC---- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-10-27 12:16:34 ----SHDC---- C:\RECYCLER
2008-10-27 12:16:34 ----DC---- C:\WINDOWS\system32\appmgmt
2008-10-27 12:16:33 ----DC---- C:\Documents and Settings
2008-10-27 10:44:31 ----SHD---- C:\System Volume Information
2008-10-27 10:44:31 ----DC---- C:\WINDOWS\system32\Restore
2008-10-26 21:57:56 ----ASHC---- C:\boot.ini
2008-10-26 21:57:56 ----AC---- C:\WINDOWS\WIN.INI
2008-10-26 21:57:56 ----AC---- C:\WINDOWS\SYSTEM.INI
2008-10-26 09:48:02 ----DC---- C:\WINDOWS\system32\config
2008-10-25 21:45:10 ----DC---- C:\WINDOWS\WinSxS
2008-10-25 21:45:10 ----DC---- C:\Program Files\Common Files\Microsoft Shared
2008-10-25 20:20:06 ----DC---- C:\WINDOWS\pss
2008-10-25 10:49:05 ----DC---- C:\WINDOWS\system32\dllcache
2008-10-24 08:40:30 ----HDC---- C:\WINDOWS\$hf_mig$
2008-10-24 08:40:30 ----DC---- C:\WINDOWS\system32\CatRoot
2008-10-23 21:09:49 ----DC---- C:\Documents and Settings\winner1\Application Data\iWin
2008-10-23 21:09:49 ----DC---- C:\Documents and Settings\All Users\Application Data\iWin
2008-10-21 18:29:13 ----DC---- C:\Documents and Settings\winner1\Application Data\Friday's games
2008-10-20 14:12:06 ----DC---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-10-19 10:02:02 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 10:00:02 ----DC---- C:\WINDOWS\Debug
2008-10-19 08:15:30 ----DC---- C:\Program Files\Spybot - Search & Destroy
2008-10-16 22:34:07 ----DC---- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-10-15 11:07:34 ----RSDC---- C:\WINDOWS\assembly
2008-10-15 11:07:28 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-15 10:57:55 ----AC---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 11:47:07 ----DC---- C:\WINDOWS\system32\NtmsData
2008-10-12 16:58:43 ----SDC---- C:\WINDOWS\Tasks
2008-10-12 15:24:58 ----DC---- C:\WINDOWS\Minidump
2008-10-12 12:52:42 ----DC---- C:\Program Files\Common Files
2008-10-10 22:58:34 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-10-10 12:28:56 ----DC---- C:\WINDOWS\system32\wbem
2008-10-10 12:28:56 ----DC---- C:\WINDOWS\Registration
2008-10-09 11:19:09 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-10-09 09:44:41 ----DC---- C:\Program Files\FrostWire
2008-10-08 10:16:15 ----DC---- C:\Program Files\Windows Media Player
2008-10-08 10:09:40 ----DC---- C:\Program Files\Java
2008-10-07 18:22:52 ----DC---- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-10-07 13:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-05 23:37:29 ----DC---- C:\WINDOWS\system32\en-US
2008-10-05 23:37:28 ----DC---- C:\WINDOWS\Media
2008-10-05 23:37:28 ----DC---- C:\WINDOWS\Help
2008-10-05 23:37:28 ----DC---- C:\Program Files\Internet Explorer
2008-09-22 13:54:20 ----DC---- C:\Documents and Settings\All Users\Application Data\Gogii
2008-09-13 23:57:59 ----DC---- C:\Documents and Settings\All Users\Application Data\Escape From Paradise

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-25 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-25 26824]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2005-07-11 19200]
R3 catchme;catchme; \??\C:\DOCUME~1\winner1\LOCALS~1\Temp\catchme.sys []
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2004-08-03 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2004-08-03 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2004-08-03 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2004-08-03 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2004-08-03 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2004-08-03 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2004-08-03 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2004-08-03 11871]
S3 iAimFP8;iAimFP8; C:\WINDOWS\system32\DRIVERS\wADV11nt.sys [2004-08-03 11935]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2004-08-03 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2004-08-03 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2004-08-03 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2004-08-03 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2004-08-03 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2004-08-03 22271]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-07-25 438200]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-07 137200]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 06 November 2008 - 05:59 PM

Take your time. No rush. And your are welcome.
  • Please make sure that you can view all system and hidden files. Instructions on how to do this can be found here:
    How to see hidden files in Windows

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the file(s) and folder(s) in bold (if present):

    C:\Documents and Settings\All Users\Application Data\comodo <---- this folder
    C:\Documents and Settings\All Users\Application Data\uzutkjkr <---- this folder

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6C,69,00,00
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\system32\drivers\svchost.exe"=-
    • Save the file to the desktop as regfix2.reg
    • Make sure the Save as type field says All files.
    • Locate regfix2.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix2.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Go to start > run, copy/paste the following in the runbox and click OK:

    Regsvr32 tapi32.dll
    Regsvr32 urlmon.dll

    Note: You should get notified that the registration of the file is successful.

  • Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
    Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 10...allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Click on the link to download Windows Offline Installation and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
  • Reboot your computer and see if the hangup occurs. If yes polease run the OTListIt and post just the extra.txt

  • Go to Start > Run and type in Notepad
    Make sure that under Format menu Word Wrap is unchecked. Copy/paste the following text inside the code box into a new notepad document.

    regedit /e look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa"
     notepad look.txt
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: look2.bat
    • Save as type: All file types (*.*)
    • Click save
    • Close the Notepad.
    • Locate and double-click look.2bat on the desktop.
    • Notepad will open with some txt in it. Copy and paste the contents in your next reply.
  • Please tell me how is your computer running.


#10 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 07 November 2008 - 11:08 AM

Alright, everything didn't go so smooth this time.


Go to start > run, copy/paste the following in the runbox and click OK:

Regsvr32 tapi32.dll
Regsvr32 urlmon.dll


When I did this step, urlmon.dll worked fine, got expected response, but tapi32.dll did not. I got an error saying "tapi32.dll was loaded, but the DllRegister Server entry point was not found. This file cannot be registered.


Then, I deleted Java, and installed new version. Restarted, and installed new version, and then it hung. Got tired, and went to bed. When I woke up this morning, I tried restarting, and I got to this site, minimized firefox to continue on this journey, and I hung for about 15 minutes. while it was hung, I ran the look2.bat file.


So, here are logs you requested---

OTListIt Extras logfile created on: 11/7/2008 9:30:46 AM - Run 5
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\winner1\Desktop\bleeping computer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 178.85 Mb Available Physical Memory | 35.05% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.25% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 14.89 Gb Free Space | 39.97% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-C6E079E452
Current User Name: winner1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Disabled:MediaServer
[2006/10/18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008/07/09 23:51:06 | 00,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
File not found -- C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
[2008/10/25 21:45:13 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.0
"BFGC" = Big Fish Games Client
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"Family Feud Hollywood" = Family Feud Hollywood (remove only)
"FrostWire" = FrostWire 4.17.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8 Beta 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PROSet" = Intel® PRO Network Adapters and Drivers
"VLC media player" = VideoLAN VLC media player 0.8.6i
"wa2wmp" = Windows Media Player Skin Importer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2008 4:31:33 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 4:35:35 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module tapi32.dll, version 5.1.2600.2180, fault address 0x0000f400.

Error - 11/4/2008 4:40:55 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 8:23:52 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 4:49:51 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 11:54:57 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:48:48 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:49:01 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:50:41 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 10:27:49 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/27/2007 5:52:36 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/27/2007 5:52:39 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/29/2007 5:46:00 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:35:07 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 12:28:18 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 1:07:57 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:23:24 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 2:29:06 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 3:00:59 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 12:44:43 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >


---------------------------------------------------------------------------------------------------------------------------------------------


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,00,65,00,72,00,62,00,65,00,72,00,6f,00,73,00,00,\
00,6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,73,00,63,00,68,00,61,00,6e,00,\
6e,00,65,00,6c,00,00,00,77,00,64,00,69,00,67,00,65,00,73,00,74,00,00,00,00,\
00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000002b8
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,4e,00,\
54,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,20,00,50,00,72,00,6f,00,76,\
00,69,00,64,00,65,00,72,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6d,00,61,00,72,00,74,00,61,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:2c,57,c4,0a,cd,43,bc,a7,ec,cf,38,fd,01,aa,08,c8,33,36,35,64,32,\
39,63,38,00,fd,07,00,bc,40,00,00,34,fa,07,00,56,82,7c,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,e8,e6,dd,c8,c6,b9,5d,2c,b8,72,e4,36

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:e7,94,e2,7a,93,59,a0,65,f4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:be,6b,ed,44,04,8b

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:12,e6,f6,5c,0d,30,ba,74,28,8f,01,a7,f0,23,b4,9b

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:a8,43,f0,d7,53,f6,c8,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,54,cf,23,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,db,62,27,c4,9d,c8,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,08,94,28,c4,9d,c8,01
"Type"=dword:00000031


---------------------------------------------------------------------------------------------------------------------------------------------


And just to make things more interesting, I minimized Firefox again to copy/paste look.txt, and firefox hung again. But usually, if something hangs, I can open things, but then as soon as I try to open something within the folder I just opened, it too stops responding. This time, I was able to do other things, with no problem, and ONLY firefox hung.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 07 November 2008 - 06:51 PM

The security item is repaired.

The urlmon.dll was one of the reasons of one of previous hangups, tapi32.dll is another. If it is related to Firefox hangap I'm not sure as the log doesn't identify the faulting module for Firefox. Installing Java was also also problem. It seems there might be more damaged system files or something is still there. Have you recently run an updated AVG?

Lets repair this dll as it should be repaired anyway.
  • The file tapi.32 is corrupted.
    • First download tapi32.dll form http://www.dlldump.com
    • Go to start > run, copy/paste the following in the runbox and click OK:

      Regsvr32 /u tapi32.dll

      Note: You should get a notification the the files was unregisterd succesfully.
    • Then remove C:\Windows\system32\tapi32.dll. and place the downloaded file in sytem32 folder. If you could not unregister or remove the dll in normale mode use F8 key to get to safe mode to replace the file with the good copy.
    • Go to start > run, copy/paste the following in the runbox and click OK:

      Regsvr32 tapi32.dll

      Note: You should get notified that the registration of the file is successful.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Run both Firefox and Internet Explorer to see how they react and tell me about it.

  • Run OTListIt and post the extra text too.


#12 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 November 2008 - 04:50 PM

Lets repair this dll as it should be repaired anyway.

1. The file tapi.32 is corrupted.
* First download tapi32.dll form http://www.dlldump.com
* Go to start > run, copy/paste the following in the runbox and click OK:

Regsvr32 /u tapi32.dll


Alright, I wasn't sure if I should run combofix or not without fixing this .dll. I got the same message, but it was the unregister server entry point that could not be found. I tried this in safe mode also. couldn't just delete it either. so, that's where Im at.

#13 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 November 2008 - 06:17 PM

Ok, Internet explorer, and firefox still hung after running combofix. here are the logs of combofix, and extras.txt.



OTListIt Extras logfile created on: 11/8/2008 4:30:33 PM - Run 6
OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\winner1\Desktop\bleeping computer
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.30 Mb Total Physical Memory | 135.88 Mb Available Physical Memory | 26.63% Memory free
1.22 Gb Paging File | 0.92 Gb Available in Paging File | 75.91% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 20.43 Gb Free Space | 54.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-C6E079E452
Current User Name: winner1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
File not found -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/10/10 06:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/10/18 20:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player
[2008/07/09 23:51:06 | 00,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
[2008/10/25 21:45:13 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® 810/810E/815/815E/815EM Chipset Graphics Driver Software
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"AVG8Uninstall" = AVG Free 8.0
"BFGC" = Big Fish Games Client
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"Family Feud Hollywood" = Family Feud Hollywood (remove only)
"FrostWire" = FrostWire 4.17.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8 Beta 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteTab Light 5_is1" = NoteTab Light 5 (Remove only)
"PROSet" = Intel® PRO Network Adapters and Drivers
"VLC media player" = VideoLAN VLC media player 0.8.6i
"wa2wmp" = Windows Media Player Skin Importer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/4/2008 4:35:35 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module tapi32.dll, version 5.1.2600.2180, fault address 0x0000f400.

Error - 11/4/2008 4:40:55 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2008 8:23:52 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 4:49:51 PM | Computer Name = HOME-C6E079E452 | Source = Application Error | ID = 1000
Description = Faulting application familyfeud3.ifn, version 0.0.0.0, faulting module
urlmon.dll, version 8.0.6001.18241, fault address 0x0000751c.

Error - 11/5/2008 11:54:57 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:48:48 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:49:01 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 2:50:41 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2008 10:27:49 AM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/8/2008 5:10:01 PM | Computer Name = HOME-C6E079E452 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3188, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/27/2007 5:52:36 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/27/2007 5:52:39 PM | Computer Name = HOME-C6E079E452 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom3, has a bad block.

Error - 12/29/2007 5:46:00 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:35:07 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 12:28:18 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 1:07:57 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/29/2007 11:23:24 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 2:29:06 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 3:00:59 AM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 12/30/2007 12:44:43 PM | Computer Name = HOME-C6E079E452 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt


< End of report >



----------------------------------------------------------------------------------------------------------------------------------------




ComboFix 08-11-07.01 - winner1 2008-11-08 16:16:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.232 [GMT -6:00]
Running from: c:\documents and settings\winner1\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\winner1\Application Data\.#
c:\windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-07 00:39 . 2008-11-07 00:38 410,976 --a--c--- c:\windows\system32\deploytk.dll
2008-11-07 00:39 . 2008-11-07 00:38 73,728 --a--c--- c:\windows\system32\javacpl.cpl
2008-11-07 00:38 . 2008-11-07 00:38 <DIR> d----c--- c:\program files\Java
2008-11-06 19:39 . 2008-11-06 19:39 <DIR> d----c--- c:\documents and settings\winner1\Application Data\ColorTrail
2008-11-06 13:36 . 2008-11-06 13:37 <DIR> d----c--- c:\windows\ERUNT
2008-11-06 13:30 . 2008-11-06 13:58 <DIR> d----c--- C:\SDFix
2008-11-06 00:15 . 2008-11-06 14:15 <DIR> d----c--- C:\rsit
2008-11-05 17:03 . 2008-11-05 17:03 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Redrum
2008-11-05 16:10 . 2008-11-05 16:10 <DIR> d----c--- c:\program files\bfgclient
2008-11-05 16:09 . 2008-11-07 20:36 <DIR> d----c--- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-02 12:19 . 2008-11-02 12:19 <DIR> d----c--- c:\windows\Downloaded Installations
2008-11-02 08:43 . 2008-11-02 08:43 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-10-31 13:28 . 2008-10-31 13:28 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Legendo
2008-10-31 07:24 . 2006-07-28 08:30 62,744 --a--c--- c:\windows\system32\xinput1_2.dll
2008-10-30 20:33 . 2008-10-30 20:33 <DIR> d----c--- c:\documents and settings\winner1\Saved Games
2008-10-30 20:33 . 2008-10-30 20:33 <DIR> d----c--- c:\documents and settings\winner1\Application Data\Flood Light Games
2008-10-28 13:16 . 2008-10-28 13:16 444 --a--c--- c:\windows\system32\d3d8caps.dat
2008-10-28 10:06 . 2008-10-28 10:06 <DIR> d----c--- c:\program files\Auslogics
2008-10-28 10:06 . 2008-10-28 10:06 <DIR> d----c--- c:\documents and settings\winner1\Application Data\Auslogics
2008-10-27 16:10 . 2008-10-27 16:10 664 --a--c--- c:\windows\system32\d3d9caps.dat
2008-10-26 18:50 . 2008-10-26 18:50 <DIR> d----c--- c:\documents and settings\winner1\Application Data\eGames
2008-10-26 15:20 . 2008-10-26 15:20 <DIR> d----c--- c:\program files\7-Zip
2008-10-26 09:48 . 2008-10-26 09:48 49,279,561 --a--c--- c:\windows\Verify.reg
2008-10-26 09:39 . 2008-10-26 09:39 <DIR> d----c--- c:\windows\Registry Drill
2008-10-25 21:45 . 2008-11-08 15:45 <DIR> d----c--- c:\windows\system32\drivers\Avg
2008-10-25 21:45 . 2008-10-25 21:45 <DIR> d----c--- c:\program files\AVG
2008-10-25 21:45 . 2008-10-25 21:45 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2008-10-25 21:45 . 2008-10-25 21:45 97,928 --a--c--- c:\windows\system32\drivers\avgldx86.sys
2008-10-25 21:45 . 2008-10-25 21:45 10,520 --a--c--- c:\windows\system32\avgrsstx.dll
2008-10-25 10:49 . 2004-08-04 06:00 45,056 --a--c--- c:\windows\system32\dllcache\OLD756.tmp
2008-10-25 10:30 . 2004-08-04 06:00 57,856 --a--c--- c:\windows\system32\dllcache\esuimgd.dll
2008-10-25 10:12 . 2004-08-04 06:00 31,744 --a--c--- c:\windows\system32\dllcache\esucmd.dll
2008-10-24 08:37 . 2008-10-24 08:37 <DIR> d----c--- c:\documents and settings\winner1\Application Data\Gogii Games
2008-10-22 17:59 . 2008-10-22 17:59 <DIR> d----c--- c:\documents and settings\winner1\Application Data\PetShowCraze
2008-10-20 23:21 . 2008-10-20 23:21 <DIR> d----c--- c:\program files\NoteTab Light
2008-10-20 23:21 . 2008-10-20 23:24 <DIR> d----c--- c:\documents and settings\winner1\Application Data\NoteTab Light
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankProtocol
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankPacManager
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankMedium
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankHandler
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankFormat
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankDevice
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\FrankContents
2008-10-19 16:47 . 2008-10-19 16:47 <DIR> d-------- c:\temp\Frank
2008-10-19 14:25 . 2008-10-19 16:47 <DIR> d-------- C:\temp
2008-10-19 10:22 . 2008-10-19 10:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-10-19 08:32 . 2008-10-19 08:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-10-19 07:33 . 2008-10-19 07:33 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2008-10-19 07:33 . 2008-10-19 07:33 <DIR> d----c--- c:\documents and settings\winner1\Application Data\SUPERAntiSpyware.com
2008-10-19 07:33 . 2008-10-19 07:33 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-18 16:04 . 2008-10-18 16:04 <DIR> d----c--- c:\documents and settings\winner1\Application Data\Ohana Games
2008-10-17 18:42 . 2008-10-17 18:42 <DIR> d----c--- c:\documents and settings\winner1\Application Data\ViquaSoft
2008-10-15 11:39 . 2008-10-15 11:39 <DIR> d----c--- c:\documents and settings\All Users\Application Data\MailFrontier
2008-10-15 11:39 . 2008-10-15 11:41 4,212 ---h-c--- c:\windows\system32\zllictbl.dat
2008-10-15 11:38 . 2004-04-27 03:40 11,264 --a--c--- c:\windows\system32\SpOrder.dll
2008-10-15 11:36 . 2008-10-25 11:15 <DIR> d----c--- c:\windows\Internet Logs
2008-10-13 16:07 . 2008-10-13 16:07 <DIR> d----c--- c:\documents and settings\winner1\Application Data\AlterLab
2008-10-12 19:32 . 2004-08-03 23:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-10-12 19:32 . 2001-08-17 21:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2008-10-12 19:32 . 2001-08-17 21:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2008-10-12 19:32 . 2001-08-17 21:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-10-12 19:32 . 2001-08-17 21:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2008-10-12 19:31 . 2001-08-17 21:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2008-10-12 19:31 . 2004-08-03 22:10 19,328 --a--c--- c:\windows\system32\dllcache\wstcodec.sys
2008-10-12 19:31 . 2001-08-17 11:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2008-10-12 19:31 . 2004-08-03 23:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-10-12 19:30 . 2004-08-03 21:31 154,624 --a--c--- c:\windows\system32\dllcache\wlluc48.sys
2008-10-12 19:30 . 2001-08-17 11:12 34,890 --a--c--- c:\windows\system32\dllcache\wlandrv2.sys
2008-10-12 19:30 . 2004-08-03 22:07 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-10-12 19:29 . 2001-08-17 12:28 771,581 --a--c--- c:\windows\system32\dllcache\winacisa.sys
2008-10-12 19:29 . 2001-08-17 21:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-10-12 19:29 . 2001-08-17 21:36 53,760 --a--c--- c:\windows\system32\dllcache\wiamsmud.dll
2008-10-12 19:28 . 2001-08-17 12:28 701,386 --a--c--- c:\windows\system32\dllcache\wdhaalba.sys
2008-10-12 19:28 . 2001-08-17 11:10 35,871 --a--c--- c:\windows\system32\dllcache\wbfirdma.sys
2008-10-12 19:28 . 2004-08-03 22:08 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-10-12 19:28 . 2004-08-03 22:04 13,568 --a--c--- c:\windows\system32\dllcache\wacompen.sys
2008-10-12 19:27 . 2001-08-17 12:28 397,502 --a--c--- c:\windows\system32\dllcache\vpctcom.sys
2008-10-12 19:27 . 2001-08-17 12:28 64,605 --a--c--- c:\windows\system32\dllcache\vvoice.sys
2008-10-12 19:27 . 2001-08-17 11:13 19,528 --a--c--- c:\windows\system32\dllcache\w840nd.sys
2008-10-12 19:27 . 2001-08-17 11:13 19,016 --a--c--- c:\windows\system32\dllcache\w926nd.sys
2008-10-12 19:27 . 2001-08-17 11:13 16,925 --a--c--- c:\windows\system32\dllcache\w940nd.sys
2008-10-12 19:26 . 2001-08-17 12:28 604,253 --a--c--- c:\windows\system32\dllcache\vmodem.sys
2008-10-12 19:25 . 2001-08-17 12:28 765,884 --a--c--- c:\windows\system32\dllcache\usrti.sys
2008-10-12 19:25 . 2001-08-17 12:28 687,999 --a--c--- c:\windows\system32\dllcache\usrwdxjs.sys
2008-10-12 19:25 . 2001-08-17 11:14 249,402 --a--c--- c:\windows\system32\dllcache\vinwm.sys
2008-10-12 19:25 . 2001-08-17 12:28 113,762 --a--c--- c:\windows\system32\dllcache\usrpda.sys
2008-10-12 19:25 . 2004-08-03 23:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
2008-10-12 19:25 . 2004-08-03 22:07 42,240 --a--c--- c:\windows\system32\dllcache\viaagp.sys
2008-10-12 19:25 . 2004-08-03 23:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
2008-10-12 19:25 . 2001-08-17 12:49 24,576 --a--c--- c:\windows\system32\dllcache\viairda.sys
2008-10-12 19:25 . 2001-08-17 12:28 7,556 --a--c--- c:\windows\system32\dllcache\usroslba.sys
2008-10-12 19:25 . 2004-08-03 21:59 5,376 --a--c--- c:\windows\system32\dllcache\viaide.sys
2008-10-12 19:24 . 2001-08-17 12:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-10-12 19:24 . 2001-08-17 12:28 794,399 --a--c--- c:\windows\system32\dllcache\usr1806v.sys
2008-10-12 19:24 . 2001-08-17 12:28 793,598 --a--c--- c:\windows\system32\dllcache\usr1806.sys
2008-10-12 19:24 . 2001-08-17 12:28 224,802 --a--c--- c:\windows\system32\dllcache\usr1807a.sys
2008-10-12 19:24 . 2004-08-03 22:10 78,464 --a--c--- c:\windows\system32\dllcache\usbvideo.sys
2008-10-12 19:24 . 2004-08-03 22:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-10-12 19:24 . 2004-08-03 21:31 32,384 --a--c--- c:\windows\system32\dllcache\usb101et.sys
2008-10-12 19:24 . 2004-08-03 22:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-10-12 19:24 . 2004-08-03 21:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-10-12 19:24 . 2004-08-03 22:04 12,672 --a--c--- c:\windows\system32\dllcache\usb8023x.sys
2008-10-12 19:23 . 2001-08-17 21:36 94,720 --a--c--- c:\windows\system32\dllcache\umaxud32.dll
2008-10-12 19:23 . 2001-08-17 21:36 69,632 --a--c--- c:\windows\system32\dllcache\umaxu12.dll
2008-10-12 19:23 . 2001-08-17 21:36 50,688 --a--c--- c:\windows\system32\dllcache\umaxscan.dll
2008-10-12 19:23 . 2001-08-17 21:36 50,176 --a--c--- c:\windows\system32\dllcache\umaxp60.dll
2008-10-12 19:23 . 2001-08-17 21:36 28,160 --a--c--- c:\windows\system32\dllcache\umaxu40.dll
2008-10-12 19:23 . 2001-08-17 21:36 26,624 --a--c--- c:\windows\system32\dllcache\umaxu22.dll
2008-10-12 19:23 . 2001-08-17 12:58 22,912 --a--c--- c:\windows\system32\dllcache\umaxpcls.sys
2008-10-12 19:22 . 2001-08-17 21:36 216,064 --a--c--- c:\windows\system32\dllcache\um34scan.dll
2008-10-12 19:22 . 2001-08-17 21:36 211,968 --a--c--- c:\windows\system32\dllcache\um54scan.dll
2008-10-12 19:22 . 2001-08-17 21:36 47,616 --a--c--- c:\windows\system32\dllcache\umaxcam.dll
2008-10-12 19:22 . 2004-08-03 22:07 44,672 --a--c--- c:\windows\system32\dllcache\uagp35.sys
2008-10-12 19:22 . 2001-08-17 12:52 36,736 --a--c--- c:\windows\system32\dllcache\ultra.sys
2008-10-12 19:22 . 2001-08-17 12:48 11,520 --a--c--- c:\windows\system32\dllcache\twotrack.sys
2008-10-12 19:21 . 2001-08-17 21:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2008-10-12 19:21 . 2001-08-17 13:56 440,576 --a--c--- c:\windows\system32\dllcache\tridkb.dll
2008-10-12 19:21 . 2001-08-17 13:56 315,520 --a--c--- c:\windows\system32\dllcache\trid3d.dll
2008-10-12 19:21 . 2001-08-17 11:51 222,336 --a--c--- c:\windows\system32\dllcache\trid3dm.sys
2008-10-12 19:21 . 2001-08-17 11:51 166,784 --a--c--- c:\windows\system32\dllcache\tridxpm.sys
2008-10-12 19:21 . 2001-08-17 11:51 159,232 --a--c--- c:\windows\system32\dllcache\tridkbm.sys
2008-10-12 19:21 . 2001-08-17 11:12 34,375 --a--c--- c:\windows\system32\dllcache\tpro4.sys
2008-10-12 19:20 . 2001-08-17 13:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys
2008-10-12 19:20 . 2001-08-17 13:02 230,912 --a--c--- c:\windows\system32\dllcache\tosdvd03.sys
2008-10-12 19:20 . 2001-08-17 11:14 123,995 --a--c--- c:\windows\system32\dllcache\tjisdn.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 03:35 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-07 08:00 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-06 20:48 --------- dc----w c:\documents and settings\winner1\Application Data\PlayFirst
2008-11-06 20:48 --------- dc----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-11-05 22:34 --------- dc----w c:\documents and settings\winner1\Application Data\Pogo Games
2008-11-05 22:06 --------- dc----w c:\documents and settings\All Users\Application Data\iWin Games
2008-11-03 18:40 --------- dc----w c:\documents and settings\winner1\Application Data\FrostWire
2008-11-03 16:53 --------- dc----w c:\documents and settings\winner1\Application Data\U3
2008-10-31 02:33 --------- dc----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-10-29 19:58 --------- dc----w c:\documents and settings\All Users\Application Data\Fugazo
2008-10-28 19:28 --------- dc----w c:\documents and settings\All Users\Application Data\Sandlot Games
2008-10-24 03:09 --------- dc----w c:\documents and settings\winner1\Application Data\iWin
2008-10-24 03:09 --------- dc----w c:\documents and settings\All Users\Application Data\iWin
2008-10-22 00:29 --------- dc----w c:\documents and settings\winner1\Application Data\Friday's games
2008-10-19 14:15 --------- dc----w c:\program files\Spybot - Search & Destroy
2008-10-17 04:34 --------- dc----w c:\documents and settings\All Users\Application Data\Astar Games
2008-10-09 17:19 --------- dc-h--w c:\program files\InstallShield Installation Information
2008-10-09 15:44 --------- dc----w c:\program files\FrostWire
2008-10-08 03:51 --------- dc----w c:\documents and settings\winner1\Application Data\Oberon Games
2008-10-08 03:51 --------- dc----w c:\documents and settings\All Users\Application Data\Oberon Games
2008-10-08 03:48 --------- dc----w c:\documents and settings\winner1\Application Data\Gaijin Ent
2008-10-08 00:22 --------- dc----w c:\documents and settings\All Users\Application Data\MumboJumbo
2008-10-08 00:20 --------- dc----w c:\documents and settings\winner1\Application Data\LinkedLetters
2008-10-07 03:33 --------- dc----w c:\documents and settings\winner1\Application Data\BeachPartyCraze
2008-10-06 20:20 --------- dc----w c:\documents and settings\winner1\Application Data\PendulumQuest
2008-10-06 02:47 --------- dc----w c:\documents and settings\winner1\Application Data\EleFun Games
2008-10-04 02:50 --------- dc----w c:\documents and settings\winner1\Application Data\Beanbag Studios
2008-10-03 21:46 --------- dc----w c:\documents and settings\winner1\Application Data\panoramik
2008-09-24 20:40 --------- dc----w c:\documents and settings\winner1\Application Data\ITTNord
2008-09-22 19:54 --------- dc----w c:\documents and settings\All Users\Application Data\Gogii
2008-09-22 01:04 --------- dc----w c:\documents and settings\winner1\Application Data\funkitron
2008-09-19 00:45 --------- dc----w c:\documents and settings\winner1\Application Data\BigFishv1005
2008-09-15 21:07 --------- dc----w c:\documents and settings\winner1\Application Data\QSGames
2008-09-15 21:07 --------- dc----w c:\documents and settings\All Users\Application Data\QSGames
2008-09-15 11:57 1,846,016 -c--a-w c:\windows\system32\win32k.sys
2008-09-14 16:04 --------- dc----w c:\documents and settings\winner1\Application Data\flightgear.org
2008-09-14 15:27 --------- dc----w c:\documents and settings\winner1\Application Data\LEGO Company
2008-09-14 05:57 --------- dc----w c:\documents and settings\All Users\Application Data\Escape From Paradise
2008-09-14 05:27 --------- dc----w c:\documents and settings\winner1\Application Data\Chicken Chase
2008-09-13 19:31 --------- dc----w c:\documents and settings\All Users\Application Data\Grey Alien Games
2008-09-13 16:46 --------- dc----w c:\documents and settings\winner1\Application Data\Pi Eye Games
2008-09-12 19:28 --------- dc----w c:\documents and settings\All Users\Application Data\MysteryChronicles
2008-09-09 04:18 --------- dc----w c:\documents and settings\All Users\Application Data\Fashion Solitaire 1.2
2008-09-07 15:15 2,048 -c--a-w C:\w2ksect.bin
2008-09-02 19:42 0 -c--a-w c:\program files\temp01
2008-08-22 08:08 878,592 -c--a-w c:\windows\system32\wininet.dll
2008-08-22 08:08 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2008-08-22 08:07 18,944 -c--a-w c:\windows\system32\corpol.dll
2008-08-22 08:06 72,704 -c--a-w c:\windows\system32\admparse.dll
2008-08-22 08:06 71,680 -c--a-w c:\windows\system32\iesetup.dll
2008-08-22 08:06 434,176 -c--a-w c:\windows\system32\vbscript.dll
2008-08-22 08:05 48,640 -c----w c:\windows\system32\PrivacIE.dll
2008-08-22 08:05 48,128 -c--a-w c:\windows\system32\mshtmler.dll
2008-08-22 08:05 35,840 -c--a-w c:\windows\system32\imgutil.dll
2008-08-22 08:04 45,568 -c--a-w c:\windows\system32\mshta.exe
2008-08-22 07:57 156,160 -c--a-w c:\windows\system32\msls31.dll
2008-08-14 10:00 2,180,352 -c--a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 -c--a-w c:\windows\system32\ntkrnlpa.exe
2008-01-30 03:47 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-12-16 09:26 2,400,784 -c--a-w c:\program files\WLinstaller.exe
2008-08-04 17:02 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080420080805\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-07-17 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-17 90112]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-25 1234712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-07 136600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk.disabled [2008-08-21 986]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-25 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-25 231704]
R2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-07 152984]
S3 iAimFP8;iAimFP8;c:\windows\system32\DRIVERS\wADV11nt.sys [2004-08-03 11935]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-07-07 08:42]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\winner1\Application Data\Mozilla\Firefox\Profiles\4yxlkirw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 16:20:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-08 16:24:00
ComboFix-quarantined-files.txt 2008-11-08 22:23:18

Pre-Run: 21,913,165,824 bytes free
Post-Run: 21,903,728,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

287 --- E O F --- 2008-10-24 14:41:47

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,671 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:20 PM

Posted 09 November 2008 - 05:43 AM

I took a closer look at tapi32.dll and it seems there is no need to replace it. The error basically means the file is not a dll file. Since we know this file is a legit dll file I thought it maight be corrupted losing its dll character. I tried to register my own tapi32.dll on my own computer and I got the same notification. I have reformatted my computer on Friday and there is no question of any kind of infection.

Your problem doesn't seem to be malware related at the moment. But we ask a second opinion from DrWeb to make sure.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

    Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Custom Scan", then Select drives (a red dot will show which drives have been chosen).
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


#15 bk94caddy

bk94caddy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 09 November 2008 - 10:29 AM

I scanned computer last night, first with avg, and then in safe mode with superantispyware, mbam, and spybot, and I figured I'd include logs for you to check out. I wasn't sure about some of the stuff it wanted to delete, so I did back up registry before I removed anything.

Here are logs----

"Scan ""Scan whole computer"" was finished."
"Infections found:";"0"
"Infected objects removed or healed:";"0"
"Not removed or healed:";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"6"
"Information count:";"0"
"Scan started:";"Saturday, November 08, 2008, 8:22:04 PM"
"Scan finished:";"Saturday, November 08, 2008, 11:57:01 PM (3 hour(s) 34 minute(s) 57 second(s))"
"Total object scanned:";"898958"
"User who launched the scan:";"winner1"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\winner1\Cookies\winner1@ad.yieldmanager[2].txt";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\winner1\Cookies\winner1@ad.yieldmanager[2].txt:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\winner1\Cookies\winner1@ad.yieldmanager[2].txt:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\winner1\Cookies\winner1@tribalfusion[1].txt";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\winner1\Cookies\winner1@tribalfusion[1].txt:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"HKLM\SOFTWARE\Classes\IEHlprObj.IEHlprObj";"Found Adware.CoolWebSearch";"Potentially dangerous object"


---------------------------------------------------------------------------------------------------------------------------------------------



--- Report generated: 2008-11-09 08:31 ---

Hint of the Day: Click the bar at the right of this to see more information! ()


Banker: [SBI $EBFB4022] Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Banker: [SBI $7F6039C1] Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}

Right Media: Tracking cookie (Internet Explorer: winner1) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-08-07 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-11-05 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-10-28 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-04 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-04 Includes\Malware.sbi (*)
2008-11-04 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-11-04 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-10-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-11-04 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-11-04 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--------------------------------------------------------------------------------------------------------------------------------------------



Malwarebytes' Anti-Malware 1.30
Database version: 1375
Windows 5.1.2600 Service Pack 2

11/9/2008 8:49:55 AM
mbam-log-2008-11-09 (08-49-55).txt

Scan type: Full Scan (C:\|)
Objects scanned: 108524
Time elapsed: 2 hour(s), 40 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{495874fe-4a82-4ad1-9476-0b957e0b95eb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Quarantined and deleted successfully.



-------------------------------------------------------------------------------------------------------------------------------------------


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/09/2008 at 04:31 AM

Application Version : 4.21.1004

Core Rules Database Version : 3628
Trace Rules Database Version: 1612

Scan type : Complete Scan
Total Scan Time : 03:38:08

Memory items scanned : 183
Memory threats detected : 0
Registry items scanned : 5969
Registry threats detected : 11
File items scanned : 65069
File threats detected : 5

Adware.IWinGames
HKLM\Software\Classes\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\InprocServer32#ThreadingModel
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\ProgID
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\Programmable
HKCR\CLSID\{8CA5ED52-F3FB-4414-A105-2E3491156990}\VersionIndependentProgID
HKCR\IEHlprObj.IEHlprObj.1
HKCR\IEHlprObj.IEHlprObj
C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}
C:\PROGRAM FILES\IWIN GAMES\IWINGAMESHOOKIE.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B884FE7C-324C-4B16-BA5B-53066BA4271F}\RP12\A0007031.DLL

Adware.Tracking Cookie
C:\Documents and Settings\winner1\Cookies\winner1@ad.yieldmanager[2].txt
C:\Documents and Settings\winner1\Cookies\winner1@tribalfusion[1].txt


--------------------------------------------------------------------------------------------------------------------------------------------


That's all, I will do what you said with that Dr.web, but it probably won't be until about 12:00(noon) my time today.



Once again, thank you very much.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users