Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware aftermath


  • This topic is locked This topic is locked
12 replies to this topic

#1 OC48

OC48

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 25 August 2009 - 02:55 PM

Last night I was browsing the internet and a site that I was visiting had problems loading, then Windows Defender detected two files (trojans I believe). The system became non responsive so I rebooted. The initial symptoms were that Windows Defender stopped working. I received an error that said to try starting the service, which I did to no avail. Also, any programs I tried running would not work. Malwarebytes, Microsoft Malicious Removal Tool, and Spybot. They would all start scanning then stop and just disappear after a few minutes.

Today I was able to isolate a file and delete it. It was braviax.exe. Once that was deleted I could run all the malware programs. Each removed different files.

My PC now appears to be free of malware but it is still having problems. I can't delete a few malware scanners I placed temporarily on my desktop. I get the following error when I attempt to do so: "Cannot delete access is denied make sure the disk is not full or write protected." Windows update is also not working. When I try to update, I get the following: "0x80070438." When I try running the Malicious Software removal Tool (start > run > mrt.exe) I get this error: "Windows cannot access the specified device path or file. you may not have appropriate permissions." This is an administrator account and permissions have never been an issue until now. I have tried doing a system repair from the Windows XP disk but that had no effect.

I would appreciate any help I could get with this. I do not wish to reformat so I would like to try any other options.

Attached Files

  • Attached File  info.txt   12.84KB   13 downloads
  • Attached File  log.txt   34.35KB   13 downloads


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:03:54 AM

Posted 08 September 2009 - 08:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
PW

#3 OC48

OC48
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 08 September 2009 - 10:32 AM

Everything is the same as in my first post, but there are a few more problems. I constantly get the following error: msfeedssync.exe - Application error. The instruction at "0x7e4195C8" referenced memory at "0x00000048." The memory could not be read. Also, Internet Explorer stopped working. Whenever I type in an address it just opens a new window that never works and will eventually be "not responding" and needs to be killed in task manager. I have attached the new DDS logs.

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 10 September 2009 - 07:33 PM

Hi OC48,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

There's a few items that we should remove first.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\documents and settings\%userprofile%\local settings\temp\cpuz_x32.sys
    :Services
    cpuz128
    cpuz129
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.


Next let's check for rootkits

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Finally post an OTL scan log

We need to create an OTL Report
  • Please download OTL By OldTimer
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:[list]
    OTListIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 OC48

OC48
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 11 September 2009 - 02:35 PM

m0le,

Thanks for helping me with this. I followed your instructions. I first backed up my registry using ERUNT.

Next, I ran the OTM script. Here is the log:


========== FILES ==========
File/Folder c:\documents and settings\%userprofile%\local settings\temp\cpuz_x32.sys not found.
========== SERVICES/DRIVERS ==========

Service\Driver cpuz128 deleted successfully.

Service\Driver cpuz129 deleted successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 09112009_135812



I then ran the RootRepeal. Here is the log:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 14:01
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEDBD0000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CB2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xF7D37000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xED8DB000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xF7C74000 Size: 5248 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\PIF\PIF
Status: Locked to the Windows API!

Path: C:\WINDOWS\Config\Config
Status: Locked to the Windows API!

Path: C:\WINDOWS\Connection Wizard\Connection Wizard
Status: Locked to the Windows API!

Path: C:\WINDOWS\addins\addins
Status: Locked to the Windows API!

Path: C:\WINDOWS\SxsCaPendDel\SxsCaPendDel
Status: Locked to the Windows API!

Path: C:\WINDOWS\msdownld.tmp\msdownld.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB920213\KB920213
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB922760\KB922760
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB932168\KB932168
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB933729\KB933729
Status: Locked to the Windows API!

Path: C:\WINDOWS\$hf_mig$\KB943460\KB943460
Status: Locked to the Windows API!

Path: C:\WINDOWS\Registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp98\imejp98
Status: Locked to the Windows API!

Path: C:\WINDOWS\security\logs\logs
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1025\1025
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1028\1028
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1031\1031
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1037\1037
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1041\1041
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1042\1042
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\1054\1054
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\2052\2052
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3076\3076
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\3com_dmi\3com_dmi
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\export\export
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wins\wins
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\xircom\xircom
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\dhcp\dhcp
Status: Locked to the Windows API!

Path: C:\WINDOWS\msapps\msinfo\msinfo
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\classes\classes
Status: Locked to the Windows API!

Path: C:\WINDOWS\java\trustlib\trustlib
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\chsime\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\CHTIME\Applets\Applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imejp\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imjp8_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\applets\applets
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts
Status: Locked to the Windows API!

Path: C:\WINDOWS\ime\shared\res\res
Status: Locked to the Windows API!

Path: C:\WINDOWS\Sun\Java\Deployment\Deployment
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\appmgmt\S-1-5-21-789336058-448539723-839522115-1003\S-1-5-21-789336058-448539723-839522115-1003
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\sample\sample
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\disdn\disdn
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\PRINTERS\PRINTERS
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\mui\dispspec\dispspec
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\snmp\snmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Status: Locked to the Windows API!

Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP110.tmp\ZAP110.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP208.tmp\ZAP208.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB.tmp\ZAPB.tmp
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\spool\drivers\WIN40\WIN40
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Recent\Recent
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\bad\bad
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\wbem\mof\good\good
Status: Locked to the Windows API!

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs
Status: Locked to the Windows API!

==EOF==



Finally, I ran the OTL scan. Here are the two logs:


OTL logfile created on: 9/11/2009 2:09:23 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Gnarkill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 572.92 Mb Available Physical Memory | 55.98% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 58.75 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 1.37 Gb Free Space | 0.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 114.49 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: GNARKILL
Current User Name: Gnarkill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/06/20 22:39:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2009/08/25 12:05:39 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/17 19:44:09 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2007/08/03 16:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/10/17 19:43:58 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/05/17 15:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/08/25 12:05:44 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/25 12:05:44 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2005/04/01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2007/02/25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2002/10/30 04:40:34 | 00,028,672 | R--- | M] () -- C:\WINDOWS\htpatch.exe
PRC - [2004/08/25 13:33:54 | 00,442,368 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2007/08/03 16:09:34 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/10/17 19:43:58 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2007/04/10 15:46:48 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2008/03/14 18:50:59 | 00,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2002/11/19 08:01:20 | 00,046,592 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/08/25 12:05:40 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2006/08/01 16:35:36 | 00,067,112 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2007/12/21 05:34:26 | 01,649,600 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
PRC - [2008/12/02 23:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2007/03/14 11:30:52 | 02,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/02/27 20:21:10 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/01/23 23:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/03/23 10:40:36 | 00,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
PRC - [2008/12/10 23:32:46 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/09/11 14:08:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gnarkill\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/06/20 22:39:25 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2007/07/11 17:25:20 | 00,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/05/03 11:43:46 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/05/03 12:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/25 12:05:39 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/17 19:44:09 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2007/08/03 16:09:34 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/05/17 15:45:34 | 00,271,720 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/04/01 20:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running])
SRV - [2007/02/25 21:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2005/01/28 14:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/11/27 01:46:28 | 00,730,700 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2007/12/19 15:05:12 | 00,097,216 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2003/11/28 19:34:40 | 00,011,264 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\System32\Drivers\ASAPIW2K.sys -- (ASAPIW2K [On_Demand | Running])
DRV - [2004/08/03 22:29:28 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2004/08/03 22:29:32 | 00,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinrvxx.sys -- (atinrvxx [On_Demand | Running])
DRV - [2004/08/03 22:29:32 | 00,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atintuxx.sys -- (ATITUNEP [On_Demand | Running])
DRV - [2004/08/03 22:29:30 | 00,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinraxx.sys -- (ativraxx [On_Demand | Running])
DRV - [2004/08/03 22:29:32 | 00,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinxsxx.sys -- (ATIXSAudio [On_Demand | Running])
DRV - [2009/08/25 12:06:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/25 12:06:18 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/08/25 12:06:27 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2004/12/22 02:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2006/06/09 23:58:22 | 01,373,120 | ---- | M] (C-Media Inc) -- C:\WINDOWS\System32\drivers\cmuda.sys -- (cmuda [On_Demand | Stopped])
DRV - [2002/05/05 20:30:58 | 00,099,328 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008/04/13 13:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2002/10/21 05:22:42 | 00,016,395 | R--- | M] (ITE Tech, Inc.) -- C:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid [Boot | Running])
DRV - [2002/10/15 18:03:34 | 00,043,024 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\lgatbus.sys -- (lgatbus [On_Demand | Stopped])
DRV - [2002/10/15 18:05:38 | 00,077,104 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\lgatmdm.sys -- (lgatmdm [On_Demand | Stopped])
DRV - [2002/10/15 18:07:30 | 00,060,816 | R--- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\lgatserd.sys -- (lgatserd [On_Demand | Stopped])
DRV - [2008/02/28 15:31:50 | 00,012,856 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo [Auto | Running])
DRV - [2007/08/03 16:04:52 | 00,010,144 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr [On_Demand | Running])
DRV - [2008/10/17 19:43:59 | 00,083,288 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP [Disabled | Stopped])
DRV - [2008/10/17 19:44:00 | 00,047,640 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver [Auto | Running])
DRV - [2008/06/10 13:06:59 | 00,008,413 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM [Auto | Running])
DRV - [2001/08/17 09:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2004/08/03 22:29:30 | 00,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinmdxx.sys -- (MVDCODEC [On_Demand | Running])
DRV - [2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2004/08/03 22:29:30 | 00,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\atinpdxx.sys -- (PCDCODEC [On_Demand | Running])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2008/03/14 01:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:47:45 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/08/20 18:27:08 | 00,074,280 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112 [Boot | Running])
DRV - [2008/08/20 18:27:36 | 00,019,240 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter [Boot | Running])
DRV - [2008/08/20 18:27:26 | 00,015,400 | ---- | M] (Silicon Image, Inc) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil [Boot | Running])
DRV - [2002/10/30 22:58:42 | 00,030,848 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP [Boot | Running])
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2006/12/31 20:35:06 | 00,639,224 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Stopped])
DRV - [2006/12/10 17:55:19 | 00,076,560 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2006/10/10 19:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2007/02/22 19:56:24 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Stopped])
DRV - [2006/11/20 17:55:16 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Stopped])
DRV - [2005/08/01 16:45:00 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2007/03/01 16:53:12 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
DRV - [2005/01/06 13:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
DRV - [2007/01/22 10:43:26 | 00,053,376 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\tosrfsnd.sys -- (TosRfSnd [On_Demand | Stopped])
DRV - [2007/03/30 17:19:08 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\DRIVERS\tosrfusb.sys -- (tosrfusb [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/04/10 15:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VX3000.sys -- (VX3000 [On_Demand | Stopped])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.SYS -- (winusb [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-789336058-448539723-839522115-1003\S-1-5-21-789336058-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Live Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/08 10:08:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/13 15:58:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/08/25 12:05:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/04/07 19:43:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/04/07 19:43:34 | 00,000,000 | ---D | M]

[2009/09/08 10:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gnarkill\Application Data\mozilla\Firefox\Profiles\h6d42nqr.default\extensions
[2009/09/08 10:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gnarkill\Application Data\mozilla\Firefox\Profiles\h6d42nqr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/01 17:47:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gnarkill\Application Data\mozilla\Firefox\Profiles\h6d42nqr.default\extensions\moveplayer@movenetworks.com
[2009/09/08 10:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gnarkill\Application Data\mozilla\Firefox\Profiles\h6d42nqr.default\extensions\staged-xpis
[2007/09/05 08:17:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Gnarkill\Application Data\mozilla\Firefox\Profiles\h6d42nqr.default\extensions\videodowloader@videodownloader.net
[2008/08/17 14:50:42 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Application Data\Mozilla\FireFox\Profiles\h6d42nqr.default\searchplugins\live-search.xml
[2009/06/17 21:37:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/07 19:43:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/08/10 21:20:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/12 19:26:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/10 17:47:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/09 19:06:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/13 16:04:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/11 21:20:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/17 21:37:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/04/07 19:43:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/04/07 19:41:30 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/04/07 19:41:32 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/04/07 19:41:34 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/04/07 19:41:49 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/04/07 19:41:52 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/04/07 19:42:38 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/04/07 19:43:09 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/07 19:43:09 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/07 19:43:10 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/07 19:43:10 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/07 19:43:10 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-789336058-448539723-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\S-1-5-21-789336058-448539723-839522115-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [LifeCam] c:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-448539723-839522115-1003..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-789336058-448539723-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-789336058-448539723-839522115-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-789336058-448539723-839522115-1003..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\System32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Gnarkill\Start Menu\Programs\Startup\Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe (Pinnacle Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-789336058-448539723-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1163822111062 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1198201304953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://remote.teamlogicit.net/inc/kaxRemote.dll (kasRmtHlp Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/17 22:00:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2009/09/11 14:08:22 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gnarkill\Desktop\OTL.exe
[2009/09/11 14:00:38 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Gnarkill\Desktop\settings.dat
[2009/09/11 13:58:12 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/09/11 13:56:59 | 00,408,064 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gnarkill\Desktop\OTM.exe
[2009/09/11 13:55:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gnarkill\Desktop\Bleeping Computer
[2009/09/11 09:29:13 | 00,513,320 | ---- | C] () -- C:\Documents and Settings\Gnarkill\Desktop\erunt.zip
[2009/09/08 10:19:41 | 00,359,932 | ---- | C] () -- C:\Documents and Settings\Gnarkill\Desktop\dds.scr
[2009/08/28 15:31:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/28 15:07:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/08/28 14:53:05 | 01,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/08/28 14:53:05 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/08/25 15:37:08 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/08/25 15:36:13 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/08/25 15:36:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/08/25 15:36:13 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/08/25 15:36:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/08/25 15:36:12 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/08/25 15:36:12 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/08/25 15:36:11 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/08/25 15:36:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/08/25 15:36:11 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/08/25 15:36:10 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/08/25 15:36:09 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/08/25 15:36:08 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/08/25 15:35:41 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/08/25 15:35:38 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/08/25 15:35:34 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/08/25 15:35:31 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/08/25 15:35:20 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/08/25 15:34:50 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/08/25 15:33:47 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/08/25 12:25:21 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/25 12:09:32 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Gnarkill\My Documents\RSIT.exe
[2009/08/25 12:06:28 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/25 12:06:28 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/25 12:06:27 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/25 12:06:19 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/25 12:06:18 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/25 12:06:00 | 40,517,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/25 12:05:58 | 00,076,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/25 12:05:56 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/25 12:05:54 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/25 12:05:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/25 12:05:39 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/08/25 12:05:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/08/25 12:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gnarkill\Application Data\AVG8
[2009/08/25 11:36:24 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/08/25 11:36:07 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/08/25 11:36:07 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/08/25 11:36:06 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/08/25 11:36:06 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/08/25 11:36:05 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/08/25 11:36:05 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/08/25 11:36:04 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/08/25 11:36:04 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/08/25 11:36:01 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/08/25 11:35:58 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/08/25 11:35:57 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/08/25 11:35:57 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/08/25 11:35:57 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/08/25 11:35:57 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/08/25 11:35:56 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/08/25 11:35:47 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/08/25 11:35:47 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/08/25 11:35:45 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/08/25 11:35:43 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/08/25 11:35:43 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/08/25 11:35:43 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/08/25 11:35:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/08/25 11:35:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/08/25 11:35:41 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/08/25 11:35:41 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/08/25 11:35:40 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/08/25 11:35:37 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/08/25 11:35:35 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/08/25 11:35:31 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/08/25 11:35:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/08/25 11:35:30 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/08/25 11:35:28 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/08/25 11:35:27 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/08/25 11:35:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/08/25 11:35:27 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/08/25 11:35:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/08/25 11:35:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/08/25 11:35:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/08/25 11:35:26 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/08/25 11:35:26 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/08/25 11:35:26 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/08/25 11:35:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/08/25 11:35:26 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/08/25 11:35:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/08/25 11:35:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/08/25 11:35:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/08/25 11:35:26 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/08/25 11:35:26 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/08/25 11:35:23 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/08/25 11:35:17 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/08/25 11:35:16 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/08/25 11:35:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/25 11:35:13 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/25 11:35:10 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/08/25 11:35:09 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/08/25 11:35:08 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/08/25 11:35:05 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/08/25 11:35:05 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/08/25 11:35:05 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/08/25 11:35:02 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/08/25 11:35:01 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/08/25 11:35:01 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/08/25 11:35:01 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/08/25 11:35:01 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/08/25 11:35:00 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/08/25 11:35:00 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/08/25 11:35:00 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/08/25 11:35:00 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/08/25 11:35:00 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/08/25 11:34:59 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/08/25 11:34:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/08/25 11:34:57 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/08/25 11:34:57 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/08/25 11:34:57 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/08/25 11:34:57 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/08/25 11:34:57 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/08/25 11:34:51 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/08/25 11:34:48 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/08/25 11:34:43 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/08/25 11:34:33 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/08/25 11:34:33 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/08/25 11:34:19 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/08/25 11:34:19 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/08/25 11:34:18 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/08/25 11:34:17 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/08/25 11:34:16 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/08/25 11:34:14 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/08/25 11:34:13 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/08/25 11:34:13 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/08/25 11:34:13 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2009/08/25 11:34:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2009/08/25 11:34:12 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2009/08/25 11:34:12 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2009/08/25 11:34:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2009/08/25 11:34:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2009/08/25 11:34:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2009/08/25 11:34:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2009/08/25 11:34:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2009/08/25 11:34:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2009/08/25 11:34:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2009/08/25 11:34:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2009/08/25 11:34:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2009/08/25 11:34:09 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2009/08/25 11:34:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/08/25 11:34:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2009/08/25 11:34:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2009/08/25 11:34:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2009/08/25 11:34:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2009/08/25 11:34:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2009/08/25 11:34:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2009/08/25 11:34:07 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/08/25 11:34:07 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/08/25 11:34:06 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/08/25 11:34:03 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/08/25 11:34:02 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/08/25 11:34:02 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/08/25 11:34:01 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/08/25 11:34:01 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/08/25 11:34:01 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/08/25 11:34:01 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/08/25 11:34:01 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/08/25 11:34:01 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/08/25 11:34:01 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/25 11:34:01 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/08/25 11:34:00 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/08/25 11:34:00 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/08/25 11:34:00 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/08/25 11:34:00 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/08/25 11:34:00 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/08/25 11:34:00 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/08/25 11:34:00 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/08/25 11:33:59 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/08/25 11:33:59 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/08/25 11:33:59 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/08/25 11:33:59 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/08/25 11:33:59 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/08/25 11:33:59 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/08/25 11:33:58 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/08/25 11:33:58 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/08/25 11:33:58 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/08/25 11:33:58 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/08/25 11:33:58 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/08/25 11:33:57 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/08/25 11:33:57 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/08/25 11:33:51 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/08/25 11:33:47 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/08/25 11:33:44 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/08/25 11:33:39 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/08/25 11:33:39 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/08/25 11:33:36 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/08/25 11:33:35 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/08/25 11:33:34 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/08/25 11:33:34 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/08/25 11:33:33 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/08/25 11:33:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/08/25 11:33:31 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/08/25 11:33:30 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/08/25 11:33:29 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/08/25 11:33:29 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/08/25 11:33:29 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/08/25 11:33:28 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/08/25 11:33:19 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/08/25 11:33:17 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/08/25 11:33:16 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/08/25 11:33:16 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/08/25 11:33:16 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/08/25 11:33:16 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/08/25 11:33:09 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/08/25 11:33:09 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/08/25 11:33:09 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/08/25 11:33:08 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/25 11:33:08 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/08/25 11:33:08 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/08/25 11:33:07 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/08/25 11:33:07 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/08/25 11:33:07 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/08/25 11:33:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/08/25 11:33:06 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/08/25 11:33:06 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/08/25 11:33:05 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/08/25 11:33:03 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/25 11:33:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/08/25 11:33:02 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/08/25 11:33:02 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/08/25 11:33:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/08/25 11:33:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/08/25 11:33:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/08/25 11:33:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/08/25 11:33:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/08/25 11:33:00 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/08/25 11:33:00 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/08/25 11:33:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/08/25 11:33:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/08/25 11:33:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/08/25 11:32:59 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/08/25 11:32:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/08/25 11:32:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/08/25 11:32:56 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/08/25 11:32:56 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/08/25 11:32:56 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/08/25 11:32:56 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/08/25 11:32:56 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/08/25 11:32:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/08/25 11:32:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/08/25 11:32:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/08/25 11:32:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/08/25 11:32:55 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/08/25 11:32:55 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/08/25 11:32:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/08/25 11:32:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/08/25 11:32:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/08/25 11:32:53 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/08/25 11:32:53 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/08/25 11:32:53 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/08/25 11:32:53 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/08/25 11:32:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/08/25 11:32:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/08/25 11:32:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/08/25 11:32:52 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/08/25 11:32:52 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/08/25 11:32:51 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/08/25 11:32:50 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/08/25 11:32:43 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/08/25 11:32:43 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/08/25 11:32:42 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/08/25 11:32:33 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/08/25 11:32:32 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/08/25 11:32:32 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/08/25 11:32:19 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/08/25 11:32:09 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/08/25 11:32:09 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/08/25 11:32:08 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/08/25 11:32:07 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/08/25 11:32:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/08/25 11:32:07 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/08/25 11:32:01 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/08/25 11:30:06 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/25 11:11:22 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/08/25 11:11:22 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/08/25 11:11:22 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/08/25 11:11:22 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/08/25 11:11:08 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/25 11:11:08 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/25 11:11:08 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/25 11:11:08 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/25 11:11:08 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/25 11:11:08 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/25 10:37:44 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/25 10:34:36 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/25 10:33:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/08/25 10:01:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/25 10:01:18 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/25 10:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/25 09:53:39 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/08/25 09:53:39 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/08/25 09:53:39 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\schedsvc.dll
[2009/08/25 09:53:39 | 00,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\shsvcs.dll
[2009/08/25 09:53:39 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/08/25 09:53:39 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\regsvc.dll
[2009/08/25 09:53:39 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wscntfy.exe
[2009/08/25 09:53:38 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/08/25 09:53:38 | 00,574,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntfs.sys
[2009/08/25 09:53:38 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\qmgr.dll
[2009/08/25 09:53:38 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/08/25 09:53:38 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\es.dll
[2009/08/25 09:53:38 | 00,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tapisrv.dll
[2009/08/25 09:53:38 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mswsock.dll
[2009/08/25 09:53:38 | 00,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netman.dll
[2009/08/25 09:53:38 | 00,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\upnphost.dll
[2009/08/25 09:53:38 | 00,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\scecli.dll
[2009/08/25 09:53:38 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/08/25 09:53:38 | 00,129,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\xmlprov.dll
[2009/08/25 09:53:38 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\browser.dll
[2009/08/25 09:53:38 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ssdpsrv.dll
[2009/08/25 09:53:38 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\cryptsvc.dll
[2009/08/25 09:53:38 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/08/25 09:53:38 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mspmsnsv.dll
[2009/08/25 09:53:38 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\linkinfo.dll
[2009/08/25 09:53:38 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\asyncmac.sys
[2009/08/25 09:53:38 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/08/25 09:53:38 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/08/25 09:53:37 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mshtml.dll
[2009/08/25 09:53:37 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/08/25 09:53:37 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/08/25 09:53:37 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/08/25 09:53:37 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/08/25 09:53:37 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/08/25 09:53:37 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/08/25 09:53:37 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/08/25 09:53:37 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/08/25 09:53:37 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/08/25 09:53:37 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/08/25 09:53:37 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/08/25 09:53:37 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/08/25 09:53:37 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/08/25 09:53:37 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/08/25 09:53:37 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/08/25 09:53:37 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/08/25 09:53:37 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/08/25 09:53:37 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/08/25 09:53:37 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/08/25 09:53:37 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/08/25 09:53:37 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/08/25 09:53:37 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/08/25 09:53:37 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/08/25 09:53:37 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/08/25 09:53:37 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/08/25 09:53:36 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/08/25 09:53:36 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/08/25 09:53:36 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/08/25 09:53:36 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/08/25 09:53:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/25 09:32:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/25 09:32:38 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/25 09:32:38 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/25 09:32:38 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/25 09:32:38 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/25 09:32:38 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/25 09:32:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/25 09:32:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/25 09:31:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/25 08:09:14 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Gnarkill\Local Settings\Application Data\housecall.guid.cache
[2009/08/24 23:01:10 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/08/24 23:00:38 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/08/24 22:48:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/24 21:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/24 21:26:05 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/24 21:25:17 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Gnarkill\Desktop\RSIT.exe
[2009/08/24 21:17:28 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Gnarkill\Desktop\RootRepeal.exe
[2009/08/24 20:48:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/24 20:12:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2009/08/24 19:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Gnarkill\Application Data\Malwarebytes
[2009/08/24 19:41:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/12 19:20:21 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2008/04/16 18:06:58 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/04/16 17:48:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/01 23:00:04 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/02/09 21:49:54 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/09 21:49:54 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/09 21:49:54 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/09 21:49:53 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/12/31 21:47:19 | 00,001,274 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2007/10/20 16:41:13 | 00,399,872 | ---- | C] () -- C:\WINDOWS\c4dstand.dll
[2007/10/20 16:41:13 | 00,000,050 | ---- | C] () -- C:\WINDOWS\app.ini
[2007/10/20 16:40:41 | 00,003,362 | ---- | C] () -- C:\WINDOWS\LKMHDemo.ini
[2007/10/20 16:40:39 | 00,000,304 | ---- | C] () -- C:\WINDOWS\LKMH_Demo_Cfg.ini
[2007/09/12 10:19:56 | 00,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/04/22 19:15:29 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/04/22 19:01:47 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/08 07:50:14 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/08 07:47:54 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/11/17 22:54:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/17 22:32:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/17 22:17:50 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2006/11/17 22:16:43 | 00,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2006/11/17 22:16:42 | 00,003,072 | R--- | C] () -- C:\WINDOWS\winio.sys
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/02/05 14:46:00 | 00,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/08/04 07:00:00 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 07:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/02/19 02:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 17:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/09/11 14:10:51 | 00,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{04F293E5-BD47-4301-8D21-25CF37B8A05E}.job
[2009/09/11 14:08:26 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gnarkill\Desktop\OTL.exe
[2009/09/11 14:00:38 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Desktop\settings.dat
[2009/09/11 13:59:50 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Gnarkill\Desktop\RootRepeal.exe
[2009/09/11 13:57:03 | 00,408,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gnarkill\Desktop\OTM.exe
[2009/09/11 13:35:12 | 00,000,040 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/09/11 13:34:14 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/11 09:43:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/11 09:43:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/11 09:43:40 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/11 09:29:13 | 00,513,320 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Desktop\erunt.zip
[2009/09/11 09:26:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/08 10:19:42 | 00,359,932 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Desktop\dds.scr
[2009/09/01 18:34:24 | 40,517,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/01 18:33:19 | 00,076,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/01 18:31:54 | 00,292,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/01 18:31:53 | 00,034,352 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/01 18:31:50 | 00,334,042 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/01 18:24:23 | 00,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/28 15:32:50 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/27 14:52:56 | 00,108,032 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 12:09:44 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Gnarkill\My Documents\RSIT.exe
[2009/08/25 12:06:28 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/25 12:06:28 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk
[2009/08/25 12:06:27 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/08/25 12:06:20 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/25 12:06:18 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/25 12:05:58 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/25 12:05:56 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/25 11:37:38 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/25 11:30:10 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/25 11:30:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/25 11:30:06 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/25 11:30:00 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/25 11:28:07 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/25 11:19:07 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/25 11:11:28 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/25 09:47:20 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/25 08:09:37 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/25 08:09:14 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Local Settings\Application Data\housecall.guid.cache
[2009/08/24 23:01:03 | 00,091,265 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/08/24 21:25:17 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Gnarkill\Desktop\RSIT.exe
[2009/08/23 03:09:13 | 00,229,376 | ---- | M] () -- C:\WINDOWS\PEV.exe


========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >




OTL Extras logfile created on: 9/11/2009 2:09:23 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Gnarkill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 572.92 Mb Available Physical Memory | 55.98% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.65% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 58.75 Gb Free Space | 19.71% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 1.37 Gb Free Space | 0.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 114.49 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: GNARKILL
Current User Name: Gnarkill
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"52552:TCP" = 52552:TCP:*:Enabled:Azur
"56834:TCP" = 56834:TCP:*:Enabled:Azur2
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5900:TCP" = 5900:TCP:*:Enabled:VNC
"5190:TCP" = 5190:TCP:*:Enabled:Pidgin Transfers

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F9B0077-DC18-40AF-ABCF-86EC4E48ED38}" = InstantCopy
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A30583C-50E2-486D-9E95-335B994D327A}" = A+ 2006 Demo
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{31228E31-2BFF-11D2-8866-00805F0D9D40}" = QPST
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{8469D7C4-1A95-4CE2-BA8D-123C39FCFD9C}" = Network+ Premium
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91A3F1F6-C4AF-40AC-B118-5FF56D6CEB08}" = A+ 2006 601 and 602 Voucher bundle Total Tester
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.7.20090303
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AnyDVD" = AnyDVD
"AOL Instant Messenger" = AOL Instant Messenger
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.40
"AVG8Uninstall" = AVG Free 8.5
"AviSynth" = AviSynth 2.5
"Azureus" = Azureus
"CCleaner" = CCleaner (remove only)
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10
"eMule" = eMule
"Enable S3 for USB Device" = Enable S3 for USB Device
"Free Fire Screensaver" = Free Fire Screensaver
"getPlus®_ocx" = getPlus®_ocx
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"LimeWire" = LimeWire 4.12.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"pdfFactory" = pdfFactory
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Ethernet Adapter and Software
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XviD Media Codec" = XviD Media Codec 1.1.1
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-789336058-448539723-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2009 10:35:40 AM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 10:40:34 AM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 2:36:05 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 2:40:24 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 2:45:17 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 2:50:11 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 2:55:09 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 3:00:59 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 3:05:53 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

Error - 9/11/2009 3:10:48 PM | Computer Name = GNARKILL | Source = Application Error | ID = 1000
Description = Faulting application msfeedssync.exe, version 8.0.6001.18702, faulting
module user32.dll, version 5.1.2600.5512, fault address 0x000095c8.

[ System Events ]
Error - 9/8/2009 11:04:01 AM | Computer Name = GNARKILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 9/8/2009 11:09:09 AM | Computer Name = GNARKILL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB973815).

Error - 9/8/2009 11:09:09 AM | Computer Name = GNARKILL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB973507).

Error - 9/8/2009 11:09:09 AM | Computer Name = GNARKILL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB971557).

Error - 9/8/2009 11:09:09 AM | Computer Name = GNARKILL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB971657).

Error - 9/8/2009 11:10:19 AM | Computer Name = GNARKILL | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80246007: Security Update for Windows XP (KB960859).

Error - 9/11/2009 10:21:12 AM | Computer Name = GNARKILL | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 9/11/2009 10:21:17 AM | Computer Name = GNARKILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 9/11/2009 10:44:09 AM | Computer Name = GNARKILL | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 9/11/2009 10:44:20 AM | Computer Name = GNARKILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 11 September 2009 - 06:28 PM

Your PC looks clean OC48 but the events viewer shows you are having a problem with a faulting file so we will replace that.
  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below code box to the clipboard by highlighting it and then pressing Ctrl+C.
    :Files to moveC:\windows\system32\DllCache\msfeedssync.exe | C:\windows\system32\msfeedssync.exe
  • In the avenger window, click the Paste Script from Clipboard, Posted Image button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.

Then let's do a final scan to look for any stray files to remove

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 OC48

OC48
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 13 September 2009 - 11:59 AM

I ran the Avenger and I have now stopped getting the msfeedssync errors. I also ran the ESET online scan and it came back clean, with no results. There was no log to export.

Almost everything is back to normal. I still can't run the Malicious Removal Tool. Automatic updates installed the most current one but when I try running it I get the "Windows cannot access the specified device path or file. You may not have appropriate permissions." I also can't reinstall Windows Defender. As soon as it starts installing, I get the following error: "The installer has insufficient privileges to modify this file: C:\Program Files\Windows Defender\MsMpEng.exe. This is an administrator account.

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 13 September 2009 - 06:39 PM

I ran the Avenger and I have now stopped getting the msfeedssync errors. I also ran the ESET online scan and it came back clean, with no results. There was no log to export.


Good news :thumbup2:

Almost everything is back to normal. I still can't run the Malicious Removal Tool.
Automatic updates installed the most current one but when I try running it I get the "Windows cannot access the specified device path or file. You may not have appropriate permissions."
I also can't reinstall Windows Defender. As soon as it starts installing, I get the following error: "The installer has insufficient privileges to modify this file: C:\Program Files\Windows Defender\MsMpEng.exe. This is an administrator account.


Permissions may have been changed on these two files.

Restore Permissions for MsMpEng.exe and MRT.exe

Please download Inherit by sUBs
  • Drag and drop MsMpEng.exe onto Inherit
  • This shall restore permissions to the application
  • The application should now run normally

    Do the same with MRT.exe
Please indicate in your next post if this was successful.

**Do not run MsMpEng.exe or MRT.exe unless I have directed you to do so**
Posted Image
m0le is a proud member of UNITE

#9 OC48

OC48
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 14 September 2009 - 09:22 AM

m0le,

I dropped the two executables onto Inherit. Both were successful. I was able to open mrt.exe and install Windows Defender. Everything appears to be running properly now.

Thank you so much for all of your help. I really appreciate you getting me back up and running.

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 14 September 2009 - 01:01 PM

Nice one, OC48. Then we have reached the end of this thread.

Your PC is now clean

Good stuff! :thumbup2:

Let's do some housekeeping


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Delete ComboFix and Clean Up
Click Start > Run and type combo-fix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Here's some advice on how you can keep your PC clean

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it OC48, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#11 OC48

OC48
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:54 AM

Posted 15 September 2009 - 03:48 PM

m0le,

Everything has been removed as instructed. Thank you again for all of your help. Much appreciated!

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 15 September 2009 - 04:12 PM

You're welcome, OC48 :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:54 AM

Posted 19 September 2009 - 06:46 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users