Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus system pro infected


  • This topic is locked This topic is locked
12 replies to this topic

#1 Polecat69

Polecat69

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 23 October 2009 - 02:19 AM

Hi,

Late yesterday night I got infected by Antivirus System Pro, then I had Panda Antivirus cloud installed, that didn't help, I now run Nod32, any suggestions for a good antivirus program i highly appriciated. I searched google for an solution and found out that I should download and run Malwarebytes Anti-malware. It have cleaned out and don't report any errors with a fast scan.
I run combofix before I did the dds and rootrepeal scans and here is the log for combofix

ComboFix 09-10-21.02 - Administratör 2009-10-23 8:21.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2609 [GMT 2:00]
Körs från: c:\documents and settings\Administratör\Skrivbord\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-5661703236-5825598197-843106579-6379
c:\windows\system32\pagefileconfig.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_icf


(((((((((((((((((((((((( Filer Skapade från 2009-09-23 till 2009-10-23 ))))))))))))))))))))))))))))))
.

2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\program\ESET
2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-22 21:38 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 21:37 . 2009-10-22 21:43 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-22 21:37 . 2009-10-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 21:37 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 17:55 . 1998-11-13 11:13 307200 ----a-w- c:\windows\IsUn041d.exe
2009-10-20 10:57 . 2009-10-20 10:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-10-20 10:57 . 2009-10-20 10:57 -------- d-----w- c:\windows\system32\Lang
2009-10-20 10:51 . 2004-01-09 21:17 601100 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-20 10:51 . 2004-01-09 00:54 65536 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-20 10:51 . 2003-12-18 00:05 155648 ----a-w- c:\windows\system32\RTLCPAPI.dll
2009-10-20 10:51 . 2003-12-11 21:54 391424 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-10-20 10:51 . 2003-08-19 17:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2009-10-20 10:51 . 2004-01-09 00:53 5672960 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-10-20 10:51 . 2003-11-21 14:58 208896 ----a-w- c:\windows\alcupd.exe
2009-10-20 10:51 . 2003-11-21 14:56 139264 ----a-w- c:\windows\alcrmv.exe
2009-10-20 10:51 . 2003-07-31 19:08 744 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2009-10-20 10:25 . 2009-10-20 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-20 10:24 . 2009-10-20 10:25 -------- d-----w- c:\program\DAEMON Tools Toolbar
2009-10-20 10:24 . 2009-10-20 10:53 -------- d-----w- c:\program\DAEMON Tools Lite
2009-10-20 10:21 . 2009-10-20 10:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 10:19 . 2009-10-20 10:19 -------- d-----w- c:\program\VideoLAN
2009-10-20 09:35 . 2006-08-11 12:56 3072 ----a-w- c:\windows\CTXFIRES.DLL
2009-10-20 09:21 . 2009-10-21 17:58 -------- d-----w- c:\program\Delade filer\Adobe
2009-10-19 23:39 . 2009-10-21 20:13 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-19 23:39 . 2009-10-21 20:13 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-19 23:39 . 2009-10-19 23:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-19 23:39 . 2009-10-19 23:39 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 23:24 . 2009-10-19 23:24 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Xfire
2009-10-19 23:22 . 2009-10-19 23:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-10-19 23:20 . 2009-10-21 19:34 -------- d-----w- c:\program\Xfire
2009-10-19 23:12 . 2009-10-19 23:12 -------- d-----w- C:\spel
2009-10-19 23:10 . 2009-10-19 23:10 -------- d-sh--w- c:\windows\ftpcache
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-19 22:38 . 2009-10-19 22:38 -------- d-----w- c:\program\Net iD
2009-10-19 22:29 . 2009-10-19 22:29 -------- d-----w- c:\program\Siber Systems
2009-10-19 22:27 . 2009-10-19 22:27 27904 ----a-w- c:\windows\system32\drivers\viaagp1.sys
2009-10-19 22:26 . 2009-10-19 22:26 -------- d-----w- c:\program\JGsoft
2009-10-19 22:26 . 2004-08-03 13:28 61440 ----a-w- c:\windows\UnDeploy.exe
2009-10-19 22:23 . 2009-10-19 22:24 -------- d-----w- c:\program\FlashFXP
2009-10-19 22:11 . 2009-10-20 10:09 -------- d-----w- c:\program\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 21:29 . 2008-04-15 12:00 14336 ----a-w- c:\windows\system32\svchost.exe
2009-10-20 10:51 . 2009-10-19 21:42 -------- d--h--w- c:\program\InstallShield Installation Information
2009-10-20 10:51 . 2009-10-19 21:41 -------- d-----w- c:\program\Delade filer\InstallShield
2009-10-20 10:13 . 2009-10-19 21:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-20 10:13 . 2009-10-19 21:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-20 10:07 . 2009-10-19 21:43 -------- d-----w- c:\program\Creative
2009-10-19 22:10 . 2009-10-19 22:09 -------- d-----w- c:\program\Winamp
2009-10-19 21:44 . 2009-10-19 20:02 -------- d-----w- c:\program\NVIDIA Corporation
2009-10-19 21:27 . 2008-04-15 12:00 47784 ----a-w- c:\windows\system32\perfc01D.dat
2009-10-19 21:27 . 2008-04-15 12:00 315006 ----a-w- c:\windows\system32\perfh01D.dat
2009-10-19 21:21 . 2009-10-19 21:12 65 ----a-w- c:\windows\system32\BD7420.dat
2009-10-19 21:10 . 2009-10-19 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-10-19 20:58 . 2009-10-19 20:58 -------- d-----w- c:\program\Opera
2009-10-19 20:24 . 2009-10-19 20:24 -------- d-----w- c:\program\uTorrent
2009-10-19 20:03 . 2009-10-19 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-19 19:59 . 2009-10-19 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-19 19:59 . 2009-10-19 19:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-19 19:58 . 2009-10-19 19:58 -------- d-----w- c:\program\SystemRequirementsLab
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\program\Panda Security
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-10-19 19:44 . 2009-10-19 19:44 -------- d-----w- c:\program\microsoft frontpage
2009-10-19 19:39 . 2009-10-19 19:39 21700 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 00:01 . 2009-10-15 00:01 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-29 11:05 . 2009-09-29 11:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 11:02 . 2009-09-29 11:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 10:56 . 2009-09-29 10:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 14:12 . 2009-09-27 14:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2009-09-27 14:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2009-09-27 14:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2009-09-27 14:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-09-27 14:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-09-27 14:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2009-09-27 14:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2009-09-27 14:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:19 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-15 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-15 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 21:14 2024960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c3ee7ade01b5ca0e8047c4880bb4c17d\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c3ee7ade01b5ca0e8047c4880bb4c17d\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]
"Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-06-23 19456]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-21 110592]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Xfire\\Xfire.exe"=
"c:\\spel\\Call of Duty 2\\CoD2MP_s.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-09-29 96408]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
S1 b2db9f54;b2db9f54;c:\windows\system32\drivers\b2db9f54.sys --> c:\windows\system32\drivers\b2db9f54.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
.
.
------- Extra genomsökning -------
.
uStart Page = about:blank
IE: Anpassa RF menu - file://c:\program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fyll i formulär &] - file://c:\program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Spara &formulär &[ - file://c:\program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-nwiz - c:\program\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 08:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-583907252-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(760)
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\combofix\CF7485.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wscntfy.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Sluttid: 2009-10-23 8:34 - datorn startades om.
ComboFix-quarantined-files.txt 2009-10-23 06:34

Före genomsökningen: 109 158 268 928 byte ledigt
Efter genomsökningen: 109 101 752 320 byte ledigt

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B2601382C594CFB36B908A9EA2A0D29A

Here is my DDS.txt report file

DDS (Ver_09-10-13.01) - NTFSx86
Run by Administratör at 8:44:38,57 on 2009-10-23
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2565 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Net iD\iid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Outlook Express\msimn.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administratör\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program\siber systems\ai roboform\RoboForm.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\program\flashfxp\IEFlash.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program\siber systems\ai roboform\RoboForm.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Net iD] "c:\program\net id\iid.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
IE: Anpassa RF menu - file://c:\program\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fyll i formulär &] - file://c:\program\siber systems\ai roboform\RoboFormComFillForms.html
IE: Spara &formulär &[ - file://c:\program\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program\siber systems\ai roboform\RoboFormComSavePass.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43a0-0d85-11d4-9908-00400523e39a} c:\program\siber systems\ai roboform\roboformcomshowtoolbar.html - c:\program\siber systems\ai roboform\roboformcomshowtoolbar.html\inprocserver32 does not exist!
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S1 b2db9f54;b2db9f54;c:\windows\system32\drivers\b2db9f54.sys --> c:\windows\system32\drivers\b2db9f54.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]

=============== Created Last 30 ================

2009-10-23 08:20 <DIR> a-dshr-- C:\cmdcons
2009-10-23 08:18 236,544 a------- c:\windows\PEV.exe
2009-10-23 08:18 161,792 a------- c:\windows\SWREG.exe
2009-10-23 08:18 98,816 a------- c:\windows\sed.exe
2009-10-23 08:14 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-23 00:31 <DIR> --d----- c:\program\ESET
2009-10-22 23:43 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-22 23:38 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 23:37 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-22 23:37 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware
2009-10-22 23:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 23:34 <DIR> --dsh--- c:\documents and settings\administratör\IECompatCache
2009-10-21 19:55 307,200 a------- c:\windows\IsUn041d.exe
2009-10-20 12:57 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-10-20 12:57 125,690 a------- c:\windows\system32\LoopyMusic.wav
2009-10-20 12:57 60,416 a------- c:\windows\ALCFDRTM.VER
2009-10-20 12:57 60,416 a------- c:\windows\ALCFDRTM.EXE
2009-10-20 12:57 <DIR> --d----- c:\windows\system32\Lang
2009-10-20 12:51 601,100 a------- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-20 12:51 391,424 a------- c:\windows\system32\drivers\ALCXSENS.SYS
2009-10-20 12:51 155,648 a------- c:\windows\system32\RTLCPAPI.dll
2009-10-20 12:51 65,536 a------- c:\windows\system32\Audio3D.dll
2009-10-20 12:51 65,536 a------- c:\windows\SOUNDMAN.EXE
2009-10-20 12:51 14,204,416 a------- c:\windows\system32\ALSNDMGR.CPL
2009-10-20 12:51 5,672,960 a------- c:\windows\system32\RTLCPL.EXE
2009-10-20 12:51 208,896 a------- c:\windows\alcupd.exe
2009-10-20 12:51 141,016 a------- c:\windows\system32\ALSNDMGR.WAV
2009-10-20 12:51 139,264 a------- c:\windows\alcrmv.exe
2009-10-20 12:51 744 a------- c:\windows\system32\drivers\alcxinit.dat
2009-10-20 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-10-20 12:24 <DIR> --d----- c:\program\DAEMON Tools Toolbar
2009-10-20 12:24 <DIR> --d----- c:\program\DAEMON Tools Lite
2009-10-20 12:21 1,080 a------- c:\windows\system32\settingsbkup.sfm
2009-10-20 12:21 1,080 a------- c:\windows\system32\settings.sfm
2009-10-20 12:21 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-10-20 12:21 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-10-20 12:19 <DIR> --d----- c:\program\VideoLAN
2009-10-20 12:16 60 a------- c:\windows\sbwin.ini
2009-10-20 12:14 30,924 a------- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 12:14 11,564 a------- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 12:14 4,935,602 a------- c:\windows\{00000002-00000000-00000009-00001102-00000008-10211102}.BAK
2009-10-20 11:59 7,062 a------- c:\windows\system32\audiopid.vxd
2009-10-20 11:39 32,136 a------- c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 11:39 32,136 a------- c:\windows\system32\BMXState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 11:39 30,924 a------- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 11:36 4,935,602 a------- c:\windows\{00000002-00000000-00000009-00001102-00000008-10211102}.CDF
2009-10-20 11:35 3,072 a------- c:\windows\CTXFIRES.DLL
2009-10-20 01:39 138,352 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-20 01:39 191,304 a------- c:\windows\system32\PnkBstrB.exe
2009-10-20 01:39 191,304 a------- c:\windows\system32\PnkBstrB.xtr
2009-10-20 01:39 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-10-20 01:39 <DIR> --d----- c:\windows\system32\LogFiles
2009-10-20 01:20 <DIR> --d----- c:\docume~1\admini~1\applic~1\Xfire
2009-10-20 01:20 <DIR> --d----- c:\program\Xfire
2009-10-20 01:12 <DIR> --d----- C:\spel
2009-10-20 01:10 <DIR> --dsh--- c:\windows\ftpcache
2009-10-20 00:50 13,646 a------- c:\windows\system32\wpa.bak
2009-10-20 00:38 <DIR> --d----- c:\program\Net iD
2009-10-20 00:38 <DIR> --d----- c:\docume~1\admini~1\applic~1\iid
2009-10-20 00:29 <DIR> --d----- c:\program\Siber Systems
2009-10-20 00:27 27,904 a------- c:\windows\system32\drivers\viaagp1.sys
2009-10-20 00:26 61,440 a------- c:\windows\UnDeploy.exe
2009-10-20 00:26 <DIR> --d----- c:\program\JGsoft
2009-10-20 00:26 <DIR> --d----- c:\documents and settings\administratör\WINDOWS
2009-10-20 00:23 <DIR> --d----- c:\program\FlashFXP
2009-10-19 23:46 28 a------- c:\windows\ODBC.INI
2009-10-19 23:45 30 a------- c:\windows\CMISETUP.ini
2009-10-19 23:45 306,688 a------- c:\windows\IsUninst.exe
2009-10-19 23:43 7,552 ac------ c:\windows\system32\dllcache\mskssrv.sys
2009-10-19 23:43 <DIR> --d----- c:\program\Creative
2009-10-19 23:41 <DIR> --d----- c:\program\delade filer\InstallShield
2009-10-19 23:35 4,444 a------- c:\windows\system32\pid.PNF
2009-10-19 23:34 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-10-19 23:34 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-10-19 23:33 58,240 a------- c:\windows\system32\drivers\redbook.sys
2009-10-19 23:33 20,992 a------- c:\windows\system32\drivers\RTL8139.sys
2009-10-19 23:33 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-10-19 23:32 42,368 -------- c:\windows\system32\drivers\AGP440.SYS
2009-10-19 23:32 5,504 a------- c:\windows\system32\drivers\intelide.sys
2009-10-19 23:32 75,264 a------- c:\windows\system32\usbui.dll
2009-10-19 23:31 <DIR> --d----- c:\program\delade filer\SpeechEngines
2009-10-19 23:30 144,484 ac------ c:\windows\system32\dllcache\netfx.cat
2009-10-19 23:30 <DIR> --d-h--- c:\documents and settings\all users\Mallar
2009-10-19 23:30 <DIR> --d--r-- c:\documents and settings\all users\Start-meny
2009-10-19 23:30 <DIR> --d--r-- c:\documents and settings\all users\Dokument
2009-10-19 23:30 <DIR> --d----- c:\documents and settings\all users\Skrivbord
2009-10-19 23:30 <DIR> --d----- c:\documents and settings\all users\Favoriter
2009-10-19 23:29 261 a------- c:\windows\system32\$winnt$.inf
2009-10-19 23:28 <DIR> --dsh--- c:\documents and settings\administratör\PrivacIE
2009-10-19 23:23 <DIR> --dsh--- c:\documents and settings\administratör\IETldCache
2009-10-19 23:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Brother
2009-10-19 22:38 <DIR> --d----- c:\docume~1\admini~1\applic~1\Panda Security
2009-10-19 22:24 <DIR> --d----- c:\program\uTorrent
2009-10-19 22:23 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent
2009-10-19 22:08 <DIR> --dsh--- c:\documents and settings\administratör\UserData
2009-10-19 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-10-19 22:02 <DIR> --d----- c:\program\NVIDIA Corporation
2009-10-19 21:58 <DIR> --d----- c:\program\SystemRequirementsLab
2009-10-19 21:54 <DIR> --d----- c:\program\Panda Security
2009-10-19 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panda Security
2009-10-19 21:48 <DIR> --d-h--- c:\documents and settings\administratör\Skrivare
2009-10-19 21:48 <DIR> --d-h--- c:\documents and settings\administratör\Nätverket
2009-10-19 21:48 <DIR> --d-h--- c:\documents and settings\administratör\Mallar
2009-10-19 21:48 <DIR> --d-h--- c:\documents and settings\administratör\Lokala inställningar
2009-10-19 21:48 <DIR> --d--r-- c:\documents and settings\administratör\Start-meny
2009-10-19 21:48 <DIR> --d--r-- c:\documents and settings\administratör\Mina dokument
2009-10-19 21:48 <DIR> --d--r-- c:\documents and settings\administratör\Favoriter
2009-10-19 21:48 <DIR> --d----- c:\documents and settings\administratör\Skrivbord
2009-10-19 21:41 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-10-19 21:40 <DIR> --d----- c:\program\delade filer\MSSoap
2009-10-19 21:38 <DIR> --d----- c:\program\MSN Gaming Zone
2009-10-19 21:38 <DIR> --d----- c:\program\Windows NT

==================== Find3M ====================

2009-10-22 23:29 14,336 -------- c:\windows\system32\svchost.exe
2009-10-20 12:13 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-10-20 12:13 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-10-19 23:27 315,006 a------- c:\windows\system32\perfh01D.dat
2009-10-19 23:27 47,784 a------- c:\windows\system32\perfc01D.dat
2009-10-19 21:52 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-19 21:39 21,700 a------- c:\windows\system32\emptyregdb.dat
2009-10-15 02:01 41,872 a------- c:\windows\system32\xfcodec.dll
2009-09-29 13:05 96,408 a------- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 13:02 108,792 a------- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 12:56 116,008 a------- c:\windows\system32\drivers\eamon.sys
2009-09-27 18:19 3,674,112 a------- c:\windows\system32\nvwssr.dll
2009-09-27 16:12 10,756,096 a------- c:\windows\system32\nvoglnt.dll
2009-09-27 16:12 7,655,872 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 16:12 5,900,416 a------- c:\windows\system32\nv4_disp.dll
2009-09-27 16:12 2,194,024 a------- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 2,007,040 a------- c:\windows\system32\nvcuda.dll
2009-09-27 16:12 1,714,792 a------- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 1,604,482 a------- c:\windows\system32\nvdata.bin
2009-09-27 16:12 888,832 a------- c:\windows\system32\nvapi.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcodins.dll
2009-09-27 16:12 170,600 a------- c:\windows\system32\nvcod.dll
2009-09-25 07:37 81,920 -------- c:\windows\system32\ieencode.dll
2009-09-11 16:19 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 23:05 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 10:00 916,480 -------- c:\windows\system32\wininet.dll
2009-08-26 10:02 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-05 11:01 205,312 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 19:29 2,146,304 -------- c:\windows\system32\ntoskrnl.exe
2009-08-04 19:29 2,024,960 -------- c:\windows\system32\ntkrnlpa.exe
2009-07-29 06:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 06:37 81,920 a------- c:\windows\system32\fontsub.dll

============= FINISH: 8:44:54,70 ===============

Here is the rootrepeal.txt file

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/23 08:47
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xF774F000 Size: 31744 File Visible: No Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xF7677000 Size: 60416 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB46B1000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79D7000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP7370
Image Path: \Driver\PCI_PNP7370
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79AB000 Size: 6464 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB35AD000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spqw.sys
Image Path: spqw.sys
Address: 0xF74D5000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\administratör\lokala inställningar\temp\~df13ed.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\administratör\lokala inställningar\temp\~df158c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\administratör\lokala inställningar\temp\~df1b39.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\administratör\lokala inställningar\temp\~df34dd.tmp
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\documents and settings\administratör\lokala inställningar\temp\~dfbb2d.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x892b18a0

#: 041 Function Name: NtCreateKey
Status: Hooked by "spqw.sys" at address 0xf74d60e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spqw.sys" at address 0xf74f4ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spqw.sys" at address 0xf74f5032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spqw.sys" at address 0xf74d60c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x892b0cb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x892b10d0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spqw.sys" at address 0xf74f510a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spqw.sys" at address 0xf74f4f8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spqw.sys" at address 0xf74f519c

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x892b16d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x892b14f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x892b0ee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x892b1310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x89b7d350]
Process: System Address: 0x892af930 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a2051f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x892e0500 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_CREATE]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_CLOSE]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_POWER]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: avwsihklЅ䵃慖㐐粠Ђః瑎て, IRP_MJ_PNP]
Process: System Address: 0x89e7d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89e86500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CREATE]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_CLOSE]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_READ]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_WRITE]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_POWER]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: usbstor, IRP_MJ_PNP]
Process: System Address: 0x892e6500 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x8a1981f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x89f791f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a2071f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x893221f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89f411f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x892a61f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_CREATE]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_CLOSE]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_READ]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_CLEANUP]
Process: System Address: 0x88e571f8 Size: 121

Object: Hidden Code [Driver: CdRo, IRP_MJ_PNP]
Process: System Address: 0x88e571f8 Size: 121

==EOF==

Regards

Jonas

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 31 October 2009 - 12:39 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Polecat69

Polecat69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 October 2009 - 01:03 PM

I mentioned in the post above I were infected by Antivirus System Pro, it completely disabled the current antivirus program I had then, panda antivirus cloud. It disabled the ctrl+alt+delete function, and I got several warning messages about rundll32 not working.

I run Malwarebytes Anti-malware and it fixed some of the problem.

My question is if I got rid of the Antivirus System Pro completely, becouse the computer sometimes hang and working slow.
My latest scan is here


DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrat”r at 18:51:31,82 on 2009-10-31
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2594 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\Voddler\service\voddler.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Net iD\iid.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Voddler\service\VNetManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\NETGEAR\WN111v2\WN111V2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\MioNet\jvm\bin\MioNet.exe
C:\Program\Outlook Express\msimn.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administratör\Skrivbord\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program\siber systems\ai roboform\RoboForm.dll
BHO: Windows Live inloggningshjälpen: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program\delade filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\program\flashfxp\IEFlash.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program\siber systems\ai roboform\RoboForm.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program\daemon tools toolbar\DTToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Net iD] "c:\program\net id\iid.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [egui] "c:\program\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "c:\program\java\jre6\bin\jusched.exe"
mRun: [jswtrayutil] c:\program\netgear\wn111v2\jswtrayutil.exe
mRun: [MioNet] c:\program\mionet\MioNetLauncher.exe /p
mRun: [VoddlerNet Manager] c:\program\voddler\service\VNetManager.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobeg~1.lnk - c:\program\delade filer\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\netgea~1.lnk - c:\program\netgear\wn111v2\WN111V2.exe
IE: Anpassa RF menu - file://c:\program\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xportera till Microsoft Excel - c:\program\micros~2\office12\EXCEL.EXE/3000
IE: Fyll i formulär &] - file://c:\program\siber systems\ai roboform\RoboFormComFillForms.html
IE: Spara &formulär &[ - file://c:\program\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program\siber systems\ai roboform\RoboFormComSavePass.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43a0-0d85-11d4-9908-00400523e39a} c:\program\siber systems\ai roboform\roboformcomshowtoolbar.html - c:\program\siber systems\ai roboform\roboformcomshowtoolbar.html\inprocserver32 does not exist!
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256675124906
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15109/CTPID.cab

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-29 96408]
R2 ekrn;ESET Service;c:\program\eset\eset nod32 antivirus\ekrn.exe [2009-9-29 735960]
R2 VoddlerNet;VoddlerNet;c:\program\voddler\service\voddler.exe [2009-10-27 1190096]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-10-25 57408]
S1 b2db9f54;b2db9f54;c:\windows\system32\drivers\b2db9f54.sys --> c:\windows\system32\drivers\b2db9f54.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-6-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-6-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-6-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-6-23 566296]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S4 MioNet;MioNet;c:\program\mionet\mionetmanager.exe -s "c:\program\mionet\wrapper.conf" --> c:\program\mionet\mionetmanager.exe -s c:\program\mionet\wrapper.conf [?]

============== File Associations ===============

txtfile="c:\program\jgsoft\editpadpro6\EditPadPro.exe" "%1"

=============== Created Last 30 ================

2009-10-30 15:40:12 8 ----a-w- c:\windows\system32\nvModes.dat
2009-10-28 10:14:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Voddler
2009-10-28 10:13:59 0 d-----w- c:\program\Voddler
2009-10-27 22:03:57 0 d-----w- c:\documents and settings\administratör\Tracing
2009-10-27 22:01:07 0 d-----w- c:\program\Microsoft
2009-10-27 22:00:49 0 d-----w- c:\program\Windows Live SkyDrive
2009-10-27 21:58:35 0 d-----w- c:\program\delade filer\Windows Live
2009-10-27 19:54:32 0 d-----w- c:\program\delade filer\ODBC
2009-10-27 19:49:54 0 d-----w- c:\windows\SHELLNEW
2009-10-26 08:27:09 0 d-----w- c:\windows\pss
2009-10-26 08:26:21 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit Software
2009-10-25 10:52:30 0 d-----w- C:\Program Files
2009-10-25 10:51:46 0 d-----w- c:\docume~1\admini~1\applic~1\MioNet
2009-10-25 10:51:26 0 d-----w- c:\program\MioNet
2009-10-25 10:33:15 0 d--h--r- c:\docume~1\alluse~1\applic~1\Atheros
2009-10-25 10:26:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2009-10-25 10:26:21 0 d-----w- c:\program\NETGEAR
2009-10-25 10:26:11 0 d-----w- c:\docume~1\alluse~1\applic~1\NETGEAR
2009-10-25 10:25:34 0 d-----w- c:\windows\Downloaded Installations
2009-10-24 21:38:26 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-24 21:38:25 38 ----a-w- c:\windows\avisplitter.ini
2009-10-24 21:38:08 0 d-----w- c:\program\K-Lite Codec Pack
2009-10-24 21:33:58 0 d-----w- C:\DECCHECK
2009-10-24 21:30:29 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-23 09:24:39 0 d-----w- c:\program\Foxit Software
2009-10-23 09:24:39 0 d-----w- c:\docume~1\admini~1\applic~1\Foxit
2009-10-23 09:18:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-10-23 09:18:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-23 07:53:47 0 d-----w- c:\docume~1\admini~1\applic~1\JGsoft
2009-10-23 06:20:55 0 d-sha-r- C:\cmdcons
2009-10-23 06:18:09 98816 ----a-w- c:\windows\sed.exe
2009-10-23 06:18:09 236544 ----a-w- c:\windows\PEV.exe
2009-10-23 06:18:09 161792 ----a-w- c:\windows\SWREG.exe
2009-10-23 06:14:15 0 d-----w- c:\windows\system32\appmgmt
2009-10-22 22:31:22 0 d-----w- c:\program\ESET
2009-10-22 21:43:43 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-10-22 21:38:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 21:37:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 21:37:58 0 d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-22 21:37:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-22 21:34:34 0 d-sh--w- c:\documents and settings\administratör\IECompatCache
2009-10-21 17:55:36 307200 ----a-w- c:\windows\IsUn041d.exe
2009-10-20 10:58:52 8238 ----a-w- c:\documents and settings\administratör\Captured.wav
2009-10-20 10:57:57 60416 ----a-w- c:\windows\ALCFDRTM.VER
2009-10-20 10:57:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-10-20 10:57:57 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-10-20 10:57:57 125690 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-10-20 10:57:56 0 d-----w- c:\windows\system32\Lang
2009-10-20 10:51:25 65536 ----a-w- c:\windows\system32\Audio3D.dll
2009-10-20 10:51:25 65536 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-20 10:51:25 601100 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-20 10:51:25 391424 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-10-20 10:51:25 155648 ----a-w- c:\windows\system32\RTLCPAPI.dll
2009-10-20 10:51:24 744 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2009-10-20 10:51:24 5672960 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-10-20 10:51:24 208896 ----a-w- c:\windows\alcupd.exe
2009-10-20 10:51:24 14204416 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2009-10-20 10:51:24 141016 ----a-w- c:\windows\system32\ALSNDMGR.WAV
2009-10-20 10:51:24 139264 ----a-w- c:\windows\alcrmv.exe
2009-10-20 10:25:09 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-10-20 10:24:59 0 d-----w- c:\program\DAEMON Tools Toolbar
2009-10-20 10:24:53 0 d-----w- c:\program\DAEMON Tools Lite
2009-10-20 10:21:39 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-10-20 10:21:39 1080 ----a-w- c:\windows\system32\settings.sfm
2009-10-20 10:21:04 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 10:21:00 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2009-10-20 10:19:23 0 d-----w- c:\program\VideoLAN
2009-10-20 10:16:22 60 ----a-w- c:\windows\sbwin.ini
2009-10-20 10:14:35 29604 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 10:14:35 11564 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 10:14:27 4935602 ----a-w- c:\windows\{00000002-00000000-00000009-00001102-00000008-10211102}.BAK
2009-10-20 09:59:25 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-10-20 09:39:52 30600 ----a-w- c:\windows\system32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 09:39:52 30600 ----a-w- c:\windows\system32\BMXState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 09:39:52 29604 ----a-w- c:\windows\system32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000008-10211102}.rfx
2009-10-20 09:36:33 4935602 ----a-w- c:\windows\{00000002-00000000-00000009-00001102-00000008-10211102}.CDF
2009-10-20 09:35:49 3072 ----a-w- c:\windows\CTXFIRES.DLL
2009-10-19 23:39:32 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-19 23:39:25 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-19 23:39:22 191304 ----a-w- c:\windows\system32\PnkBstrB.xtr
2009-10-19 23:39:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-19 23:39:17 0 d-----w- c:\windows\system32\LogFiles
2009-10-19 23:20:49 0 d-----w- c:\docume~1\admini~1\applic~1\Xfire
2009-10-19 23:20:45 0 d-----w- c:\program\Xfire
2009-10-19 23:12:24 0 d-----w- C:\spel
2009-10-19 23:10:35 0 d-sh--w- c:\windows\ftpcache
2009-10-19 22:50:21 13646 ----a-w- c:\windows\system32\wpa.bak
2009-10-19 22:38:09 0 d-----w- c:\program\Net iD
2009-10-19 22:38:09 0 d-----w- c:\docume~1\admini~1\applic~1\iid
2009-10-19 22:29:37 0 d-----w- c:\program\Siber Systems
2009-10-19 22:27:27 27904 ----a-w- c:\windows\system32\drivers\viaagp1.sys
2009-10-19 22:26:58 67472 ----a-w- c:\windows\UnDeploy.exe
2009-10-19 22:26:58 0 d-----w- c:\program\JGsoft
2009-10-19 22:26:36 0 d-----w- c:\documents and settings\administratör\WINDOWS
2009-10-19 22:23:15 0 d-----w- c:\program\FlashFXP
2009-10-19 21:43:05 0 d-----w- c:\program\Creative
2009-10-19 21:41:59 0 d-----w- c:\program\delade filer\InstallShield
2009-10-19 21:31:26 0 d-----w- c:\program\delade filer\SpeechEngines
2009-10-19 21:30:57 0 d--h--w- c:\documents and settings\all users\Mallar
2009-10-19 21:30:57 0 d-----w- c:\documents and settings\all users\Skrivbord
2009-10-19 21:30:57 0 d-----w- c:\documents and settings\all users\Favoriter
2009-10-19 21:30:57 0 d-----r- c:\documents and settings\all users\Start-meny
2009-10-19 21:30:57 0 d-----r- c:\documents and settings\all users\Dokument
2009-10-19 21:10:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother
2009-10-19 20:38:40 0 d-----w- c:\docume~1\admini~1\applic~1\Panda Security
2009-10-19 20:24:34 0 d-----w- c:\program\uTorrent
2009-10-19 20:23:36 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
2009-10-19 20:03:44 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2009-10-19 20:02:52 0 d-----w- c:\program\NVIDIA Corporation
2009-10-19 19:58:58 0 d-----w- c:\program\SystemRequirementsLab
2009-10-19 19:54:56 0 d-----w- c:\program\Panda Security
2009-10-19 19:54:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2009-10-19 19:41:54 0 d-sh--w- c:\documents and settings\all users\DRM
2009-10-19 19:40:48 0 d-----w- c:\program\delade filer\MSSoap
2009-10-19 19:38:58 0 d-----w- c:\program\MSN Gaming Zone
2009-10-19 19:38:32 0 d-----w- c:\program\Windows NT

==================== Find3M ====================

2009-10-31 17:32:36 2621440 ---ha-w- c:\documents and settings\administratör\NTUSER.DAT
2009-10-25 08:43:00 47784 ----a-w- c:\windows\system32\perfc01D.dat
2009-10-25 08:43:00 315006 ----a-w- c:\windows\system32\perfh01D.dat
2009-10-22 21:29:07 14336 ------w- c:\windows\system32\svchost.exe
2009-10-20 10:13:36 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-20 10:13:36 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-19 19:39:32 21700 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 00:01:24 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-29 11:05:54 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 11:02:58 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 10:56:32 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-27 16:19:52 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 14:12:22 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12:22 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12:22 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12:22 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12:22 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12:22 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12:22 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 05:37:35 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:19:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05:41 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00:24 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02:18 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01:46 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29:37 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29:36 2024960 ------w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 18:51:46,85 ===============

Edited by Polecat69, 31 October 2009 - 01:04 PM.


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 31 October 2009 - 02:37 PM

Hello, Polecat69 and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.







Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Polecat69

Polecat69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 31 October 2009 - 03:06 PM

Hi Tom, thanks for taking the time to go threw the logs for me.

Here is my combofix log:

ComboFix 09-10-30.01 - Administratör 2009-10-31 20:45.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2601 [GMT 1:00]
Körs från: c:\documents and settings\Administratör\Skrivbord\schrauber.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\ndisapi.dll

----- BITS: Troligen infekterade webbplatser -----

hxxp://downlj+|Cv+@J:NGD_DQ{zcxLJS@[OI!.WU Client DownloadS-1-5-18`HT4?? 6VwoQZCDHM6VwoQZCDHMXupaEWpaEWpaEWpaEW!KcxLJS@GD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cvcom
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISRD
-------\Service_NDISRD


(((((((((((((((((((((((( Filer Skapade från 2009-09-28 till 2009-10-31 ))))))))))))))))))))))))))))))
.

2009-10-30 15:40 . 2009-10-31 19:11 8 ----a-w- c:\windows\system32\nvModes.dat
2009-10-28 10:14 . 2009-10-30 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Voddler
2009-10-28 10:13 . 2009-10-28 10:14 -------- d-----w- c:\program\Voddler
2009-10-27 22:01 . 2009-10-27 22:01 -------- d-----w- c:\program\Microsoft
2009-10-27 22:00 . 2009-10-27 22:00 -------- d-----w- c:\program\Windows Live SkyDrive
2009-10-27 22:00 . 2009-10-27 22:01 -------- d-----w- c:\program\Windows Live
2009-10-27 21:58 . 2009-10-27 21:58 -------- d-----w- c:\program\Delade filer\Windows Live
2009-10-27 19:55 . 2009-10-27 20:45 -------- d-----w- c:\program\Microsoft Works
2009-10-27 19:49 . 2009-10-27 19:50 -------- d-----w- c:\windows\SHELLNEW
2009-10-27 19:49 . 2009-10-27 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 19:48 . 2009-10-27 19:48 -------- d-----r- C:\MSOCache
2009-10-25 10:57 . 2009-10-25 10:57 -------- d-----w- c:\documents and settings\Administrat”r
2009-10-25 10:52 . 2009-10-25 10:52 -------- d-----w- C:\Program Files
2009-10-25 10:51 . 2009-10-25 10:54 -------- d-----w- c:\program\MioNet
2009-10-25 10:33 . 2009-10-25 10:33 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
2009-10-25 10:26 . 2007-12-14 03:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2009-10-25 10:26 . 2009-10-25 10:26 -------- d-----w- c:\program\NETGEAR
2009-10-25 10:26 . 2009-10-25 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR
2009-10-25 10:25 . 2009-10-25 10:25 -------- d-----w- c:\windows\Downloaded Installations
2009-10-24 21:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-24 21:38 . 2009-10-24 21:39 -------- d-----w- c:\program\K-Lite Codec Pack
2009-10-24 21:33 . 2009-10-24 22:09 -------- d-----w- C:\DECCHECK
2009-10-24 21:30 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-23 09:24 . 2009-10-23 09:24 -------- d-----w- c:\program\Foxit Software
2009-10-23 09:19 . 2009-10-23 09:19 -------- d-----w- c:\windows\Sun
2009-10-23 09:18 . 2009-10-23 09:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-23 09:18 . 2009-10-23 09:18 -------- d-----w- c:\program\Java
2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\program\ESET
2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-22 21:38 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 21:37 . 2009-10-22 21:43 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-22 21:37 . 2009-10-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 21:37 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 17:55 . 1998-11-13 11:13 307200 ----a-w- c:\windows\IsUn041d.exe
2009-10-20 10:57 . 2009-10-20 10:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-10-20 10:57 . 2009-10-20 10:57 -------- d-----w- c:\windows\system32\Lang
2009-10-20 10:51 . 2004-01-09 21:17 601100 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-20 10:51 . 2004-01-09 00:54 65536 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-20 10:51 . 2003-12-18 00:05 155648 ----a-w- c:\windows\system32\RTLCPAPI.dll
2009-10-20 10:51 . 2003-12-11 21:54 391424 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-10-20 10:51 . 2003-08-19 17:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2009-10-20 10:51 . 2004-01-09 00:53 5672960 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-10-20 10:51 . 2003-11-21 14:58 208896 ----a-w- c:\windows\alcupd.exe
2009-10-20 10:51 . 2003-11-21 14:56 139264 ----a-w- c:\windows\alcrmv.exe
2009-10-20 10:51 . 2003-07-31 19:08 744 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2009-10-20 10:25 . 2009-10-20 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-20 10:24 . 2009-10-20 10:25 -------- d-----w- c:\program\DAEMON Tools Toolbar
2009-10-20 10:24 . 2009-10-20 10:53 -------- d-----w- c:\program\DAEMON Tools Lite
2009-10-20 10:21 . 2009-10-20 10:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 10:19 . 2009-10-20 10:19 -------- d-----w- c:\program\VideoLAN
2009-10-20 09:35 . 2006-08-11 12:56 3072 ----a-w- c:\windows\CTXFIRES.DLL
2009-10-20 09:21 . 2009-10-21 17:58 -------- d-----w- c:\program\Delade filer\Adobe
2009-10-19 23:39 . 2009-10-21 20:13 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-19 23:39 . 2009-10-21 20:13 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-19 23:39 . 2009-10-25 09:41 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 23:39 . 2009-10-19 23:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-19 23:22 . 2009-10-19 23:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-10-19 23:20 . 2009-10-21 19:34 -------- d-----w- c:\program\Xfire
2009-10-19 23:12 . 2009-10-19 23:12 -------- d-----w- C:\spel
2009-10-19 23:10 . 2009-10-19 23:10 -------- d-sh--w- c:\windows\ftpcache
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-19 22:38 . 2009-10-19 22:38 -------- d-----w- c:\program\Net iD
2009-10-19 22:29 . 2009-10-19 22:29 -------- d-----w- c:\program\Siber Systems
2009-10-19 22:27 . 2009-10-19 22:27 27904 ----a-w- c:\windows\system32\drivers\viaagp1.sys
2009-10-19 22:26 . 2009-10-24 22:09 -------- d-----w- c:\program\JGsoft
2009-10-19 22:26 . 2006-06-06 00:08 67472 ----a-w- c:\windows\UnDeploy.exe
2009-10-19 22:23 . 2009-10-30 18:37 -------- d-----w- c:\program\FlashFXP
2009-10-19 22:11 . 2009-10-20 10:09 -------- d-----w- c:\program\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 15:45 . 2009-10-28 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Voddler
2009-10-30 12:49 . 2009-10-19 20:58 -------- d-----w- c:\program\Opera
2009-10-28 10:14 . 2009-10-28 10:13 -------- d-----w- c:\program\Voddler
2009-10-25 08:43 . 2008-04-15 12:00 47784 ----a-w- c:\windows\system32\perfc01D.dat
2009-10-25 08:43 . 2008-04-15 12:00 315006 ----a-w- c:\windows\system32\perfh01D.dat
2009-10-22 21:29 . 2008-04-15 12:00 14336 ------w- c:\windows\system32\svchost.exe
2009-10-20 10:51 . 2009-10-19 21:42 -------- d--h--w- c:\program\InstallShield Installation Information
2009-10-20 10:51 . 2009-10-19 21:41 -------- d-----w- c:\program\Delade filer\InstallShield
2009-10-20 10:13 . 2009-10-19 21:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-20 10:13 . 2009-10-19 21:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-20 10:07 . 2009-10-19 21:43 -------- d-----w- c:\program\Creative
2009-10-19 22:10 . 2009-10-19 22:09 -------- d-----w- c:\program\Winamp
2009-10-19 21:44 . 2009-10-19 20:02 -------- d-----w- c:\program\NVIDIA Corporation
2009-10-19 21:21 . 2009-10-19 21:12 65 ----a-w- c:\windows\system32\BD7420.dat
2009-10-19 21:10 . 2009-10-19 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-10-19 20:24 . 2009-10-19 20:24 -------- d-----w- c:\program\uTorrent
2009-10-19 20:03 . 2009-10-19 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-19 19:59 . 2009-10-19 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-19 19:59 . 2009-10-19 19:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-19 19:58 . 2009-10-19 19:58 -------- d-----w- c:\program\SystemRequirementsLab
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\program\Panda Security
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-10-19 19:44 . 2009-10-19 19:44 -------- d-----w- c:\program\microsoft frontpage
2009-10-19 19:39 . 2009-10-19 19:39 21700 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 00:01 . 2009-10-15 00:01 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-29 11:05 . 2009-09-29 11:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 11:02 . 2009-09-29 11:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 10:56 . 2009-09-29 10:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 14:12 . 2009-09-27 14:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2009-09-27 14:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2009-09-27 14:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2009-09-27 14:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-09-27 14:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-09-27 14:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2009-09-27 14:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2009-09-27 14:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:19 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2008-04-15 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-15 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-15 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 21:14 2024960 ------w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-10-23_06.29.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 01:19 . 2007-11-07 01:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 05:07 . 2008-07-29 05:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2009-10-31 19:53 . 2009-10-31 19:53 16384 c:\windows\temp\Perflib_Perfdata_fc.dat
+ 2007-12-14 03:31 . 2007-12-14 03:31 57408 c:\windows\system32\wsimd.sys
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\system32\VBAME.DLL
+ 2009-07-26 15:44 . 2009-07-26 15:44 48448 c:\windows\system32\sirenacm.dll
+ 2006-07-24 09:50 . 2006-07-24 09:50 39728 c:\windows\system32\SCP32.DLL
+ 2008-04-15 12:00 . 2009-10-25 08:43 39992 c:\windows\system32\perfc009.dat
- 2008-04-15 12:00 . 2009-10-19 21:27 39992 c:\windows\system32\perfc009.dat
+ 2008-10-01 15:45 . 2008-10-01 15:45 57440 c:\windows\system32\jswscimd.sys
+ 2006-11-15 23:01 . 2006-11-15 23:01 33600 c:\windows\system32\FM20SVE.DLL
+ 2006-10-26 12:10 . 2006-10-26 12:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2008-06-27 15:17 . 2008-06-27 15:17 82017 c:\windows\system32\dsaNac.dll
+ 2008-10-01 15:45 . 2008-10-01 15:45 57440 c:\windows\system32\drivers\jswscimd.sys
+ 2003-07-24 11:10 . 2003-07-24 11:10 17149 c:\windows\system32\DNINDIS5.sys
+ 2003-07-24 11:10 . 2003-07-24 11:10 94208 c:\windows\system32\DNIN50.dll
+ 2009-10-27 22:01 . 2009-10-27 22:01 27136 c:\windows\Installer\3b60c8.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 83456 c:\windows\Installer\3b60b6.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 58880 c:\windows\Installer\3b60b0.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 48128 c:\windows\Installer\2be14ab.msi
+ 2009-10-27 22:01 . 2009-10-27 22:01 80395 c:\windows\Installer\{EC928237-A3BD-4640-ABD0-E49E758F2315}\MsblIco.Exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-04-03 17:01 . 2009-04-03 17:01 71504 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNVP.DLL
+ 2009-04-03 16:57 . 2009-04-03 16:57 21320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12EXE.EXE
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\VBAME.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 92976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSADDNDR.DLL
+ 2006-10-26 20:17 . 2006-10-26 20:17 11072 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 72472 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNVP.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 21264 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-26 18:59 . 2006-10-26 18:59 15672 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SMARTTAGINSTALL.EXE
+ 2006-10-26 18:49 . 2006-10-26 18:49 34104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETLANG.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 40424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFIEBAR.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 38168 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 46936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUPPS.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 18760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OPHPROXY.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 16728 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OMUOPTINPS.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 23392 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISCTRL.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 54680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFRHD.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 65824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 43832 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSH.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 35152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOSTYLE.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 66368 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOMSE.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 67896 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHTMED.EXE
+ 2006-10-27 14:01 . 2006-10-27 14:01 76088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOHEV.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 26936 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 14664 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 19768 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSMH.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 48424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSE7.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 89400 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\METCONV.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 53576 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\AUTHZAX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 56120 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 15160 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 47976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\WNDA3100_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut9_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut8_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut7_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut6_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut5_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut4_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut3_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut23_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut22_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut2_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut19_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut18_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut17_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut16_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut14_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut13_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\NewShortcut1_385FFF305DB34C18B1F9D7793D1B9A0B.exe
+ 2009-10-25 10:26 . 2009-10-25 10:26 3638 c:\windows\Installer\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\ARPPRODUCTICON.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 02:54 . 2008-07-29 02:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 19:23 . 2007-11-06 19:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2008-06-27 15:27 . 2008-06-27 15:27 249924 c:\windows\system32\wsimd.dll
+ 2008-06-27 15:27 . 2008-06-27 15:27 254022 c:\windows\system32\wsfwDS.dll
+ 2006-10-26 12:45 . 2006-10-26 12:45 293376 c:\windows\system32\WISPTIS.EXE
+ 2008-06-27 15:22 . 2008-06-27 15:22 352347 c:\windows\system32\wcapiU.dll
+ 2008-06-27 15:20 . 2008-06-27 15:20 401408 c:\windows\system32\wcapi.dll
+ 2004-04-18 15:43 . 2004-04-18 15:43 147456 c:\windows\system32\ssleay32.dll
+ 2008-04-15 12:00 . 2009-10-25 08:43 311604 c:\windows\system32\perfh009.dat
- 2008-04-15 12:00 . 2009-10-19 21:27 311604 c:\windows\system32\perfh009.dat
+ 2008-10-16 13:07 . 2008-10-16 13:07 208744 c:\windows\system32\muweb.dll
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\system32\MSSTDFMT.DLL
+ 2004-04-18 15:43 . 2004-04-18 15:43 651264 c:\windows\system32\libeay32.dll
+ 2008-10-01 15:44 . 2008-10-01 15:44 405582 c:\windows\system32\jswscsup.dll
+ 2009-10-23 09:18 . 2009-10-23 09:18 149280 c:\windows\system32\javaws.exe
+ 2009-10-23 09:18 . 2009-10-23 09:18 145184 c:\windows\system32\javaw.exe
+ 2009-10-23 09:18 . 2009-10-23 09:18 145184 c:\windows\system32\java.exe
+ 2008-06-27 15:18 . 2008-06-27 15:18 262216 c:\windows\system32\IPTests.dll
+ 2006-10-26 12:45 . 2006-10-26 12:45 207360 c:\windows\system32\INKED.DLL
+ 2009-10-19 21:30 . 2009-10-27 20:55 192184 c:\windows\system32\FNTCACHE.DAT
+ 2009-01-14 01:23 . 2009-01-14 01:23 458752 c:\windows\system32\drivers\WN111v2.sys
+ 2008-06-27 15:24 . 2008-06-27 15:24 307294 c:\windows\system32\athcfg20U.dll
+ 2008-06-27 15:23 . 2008-06-27 15:23 127079 c:\windows\system32\athcfg20resU.dll
+ 2008-06-27 15:19 . 2008-06-27 15:19 127053 c:\windows\system32\athcfg20res.dll
+ 2008-06-27 15:19 . 2008-06-27 15:19 241664 c:\windows\system32\athcfg20.dll
+ 2008-06-27 15:24 . 2008-06-27 15:24 467028 c:\windows\system32\acs.exe
+ 2009-10-28 10:14 . 2009-10-28 10:14 228352 c:\windows\Installer\7d1755.msi
+ 2009-10-25 10:51 . 2009-10-25 10:51 849920 c:\windows\Installer\3cd8fb.msi
+ 2009-10-27 22:01 . 2009-10-27 22:01 430080 c:\windows\Installer\3b60d4.msi
+ 2009-10-27 22:01 . 2009-10-27 22:01 155648 c:\windows\Installer\3b60ce.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 140288 c:\windows\Installer\3b60c2.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 202752 c:\windows\Installer\3b60bc.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 107008 c:\windows\Installer\3b60aa.msi
+ 2009-10-27 22:00 . 2009-10-27 22:00 301056 c:\windows\Installer\3b60a4.msi
+ 2009-05-26 17:53 . 2009-05-26 17:53 579072 c:\windows\Installer\2eb1e59.msp
+ 2009-04-04 13:27 . 2009-04-04 13:27 987648 c:\windows\Installer\2eb1e2a.msp
+ 2009-04-04 13:17 . 2009-04-04 13:17 971776 c:\windows\Installer\2eb1e23.msp
+ 2007-10-12 19:47 . 2007-10-12 19:47 644608 c:\windows\Installer\2be1545.msp
+ 2007-10-12 19:48 . 2007-10-12 19:48 644608 c:\windows\Installer\2be153e.msp
+ 2009-10-27 19:51 . 2009-10-27 19:51 501760 c:\windows\Installer\2be14d6.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 506880 c:\windows\Installer\2be14d0.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 513536 c:\windows\Installer\2be14c9.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 505856 c:\windows\Installer\2be14c3.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 505344 c:\windows\Installer\2be14bd.msi
+ 2009-10-27 20:43 . 2009-10-27 20:43 217864 c:\windows\Installer\{90120000-006E-041D-0000-0000000FF1CE}\misc.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-04-03 17:11 . 2009-04-03 17:11 408424 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WINWORD.EXE
+ 2007-06-07 18:51 . 2007-06-07 18:51 465800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OUTLFLTR.DLL
+ 2006-07-24 09:50 . 2006-07-24 09:50 125744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSSTDFMT.DLL
+ 2006-10-26 19:49 . 2006-10-26 19:49 509200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CVR.DLL
+ 2006-10-27 14:23 . 2006-10-27 14:23 347432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-26 19:06 . 2006-10-26 19:06 439600 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-26 19:13 . 2006-10-26 19:13 503624 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-26 20:07 . 2006-10-26 20:07 368968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPSLAX.DLL
+ 2006-10-27 14:04 . 2006-10-27 14:04 465200 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT.EXE
+ 2006-10-26 20:30 . 2006-10-26 20:30 482088 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-07-26 17:53 . 2006-07-26 17:53 459080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 285008 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 998208 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 274744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-20 07:37 . 2006-10-20 07:37 637744 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGALEGIT.DLL
+ 2006-10-26 19:06 . 2006-10-26 19:06 232816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 538904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 145688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORE.EXE
+ 2006-10-26 18:55 . 2006-10-26 18:55 832800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-26 12:56 . 2006-10-26 12:56 505136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-26 18:50 . 2006-10-26 18:50 672024 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 13:47 . 2006-10-26 13:47 727840 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSPROOF6.DLL
+ 2006-10-26 12:56 . 2006-10-26 12:56 436520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 428816 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 13:59 . 2006-10-27 13:59 161080 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-26 12:58 . 2006-10-26 12:58 117552 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 460616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MODHELP.DLL
+ 2006-10-26 18:55 . 2006-10-26 18:55 828704 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 178488 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IETAG.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 173328 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 14:09 . 2006-10-27 14:09 983376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-26 18:48 . 2006-10-26 18:48 434528 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2006-10-26 18:48 . 2006-10-26 18:48 439568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 19:12 . 2006-10-26 19:12 106824 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DSSM.EXE
+ 2006-10-26 19:12 . 2006-10-26 19:12 189760 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-26 18:59 . 2006-10-26 18:59 205616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 14:41 . 2006-10-27 14:41 399640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 371568 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 224104 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 551800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 289648 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 260976 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 392048 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 387960 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 279352 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 207736 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 629616 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-26 19:13 . 2006-10-26 19:13 338800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 191360 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 576376 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-26 17:49 . 2006-10-26 17:49 970528 c:\windows\Installer\$PatchCache$\Managed\000021090100D1400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2009-05-20 11:17 . 2009-05-20 11:17 689536 c:\windows\Downloaded Program Files\Manager.exe
+ 2008-07-29 07:05 . 2008-07-29 07:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 07:05 . 2008-07-29 07:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2007-08-22 23:18 . 2007-08-22 23:18 1101824 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2008-06-27 15:17 . 2008-06-27 15:17 1265758 c:\windows\system32\dsa.dll
+ 2009-10-23 09:18 . 2009-10-23 09:18 1757696 c:\windows\Installer\9c57b1.msi
+ 2009-07-27 03:31 . 2009-07-27 03:31 3738624 c:\windows\Installer\2eb1eb8.msp
+ 2009-08-18 12:08 . 2009-08-18 12:08 1373696 c:\windows\Installer\2eb1ea1.msp
+ 2009-04-24 11:30 . 2009-04-24 11:30 2583552 c:\windows\Installer\2eb1e8a.msp
+ 2009-05-04 06:46 . 2009-05-04 06:46 8299008 c:\windows\Installer\2eb1e71.msp
+ 2009-04-24 11:29 . 2009-04-24 11:29 9013760 c:\windows\Installer\2eb1e43.msp
+ 2009-04-04 16:10 . 2009-04-04 16:10 9926144 c:\windows\Installer\2eb1e1c.msp
+ 2009-05-04 06:47 . 2009-05-04 06:47 9124864 c:\windows\Installer\2eb1cd4.msp
+ 2009-04-24 11:28 . 2009-04-24 11:28 4450816 c:\windows\Installer\2eb1cbc.msp
+ 2009-02-25 18:08 . 2009-02-25 18:08 8311808 c:\windows\Installer\2eb1ca3.msp
+ 2007-10-12 19:48 . 2007-10-12 19:48 5749760 c:\windows\Installer\2be1537.msp
+ 2007-10-12 19:47 . 2007-10-12 19:47 6205440 c:\windows\Installer\2be152e.msp
+ 2009-10-27 19:52 . 2009-10-27 19:52 1641472 c:\windows\Installer\2be14ee.msi
+ 2009-10-27 19:52 . 2009-10-27 19:52 1653760 c:\windows\Installer\2be14e8.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 1653760 c:\windows\Installer\2be14e2.msi
+ 2009-10-27 19:51 . 2009-10-27 19:51 1653760 c:\windows\Installer\2be14dc.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 2346496 c:\windows\Installer\2be14b7.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 1648640 c:\windows\Installer\2be14b1.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 1641984 c:\windows\Installer\2be14a2.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 2023936 c:\windows\Installer\2be149c.msi
+ 2009-10-27 19:50 . 2009-10-27 19:50 1749504 c:\windows\Installer\2be1496.msi
+ 2009-10-27 19:49 . 2009-10-27 19:49 2414080 c:\windows\Installer\2be1490.msi
+ 2009-10-25 10:26 . 2009-10-25 10:26 4632576 c:\windows\Installer\25ef03.msi
+ 2009-10-30 12:49 . 2009-10-30 12:49 2226176 c:\windows\Installer\12925c1.msi
+ 2009-10-27 19:55 . 2009-10-27 20:51 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-27 19:55 . 2009-10-27 20:51 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-04-03 16:57 . 2009-04-03 16:57 4671320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WRD12CNV.DLL
+ 2009-02-05 10:36 . 2009-02-05 10:36 1640800 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\OGL.DLL
+ 2008-11-20 22:06 . 2008-11-20 22:06 1194848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\FM20.DLL
+ 2006-10-27 14:11 . 2006-10-27 14:11 4235560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-09-29 23:42 . 2006-09-29 23:42 2583344 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 13:57 . 2006-10-27 13:57 2330968 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 18:52 . 2006-10-26 18:52 2012480 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-27 14:04 . 2006-10-27 14:04 7980848 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.DLL
+ 2006-10-26 19:07 . 2006-10-26 19:07 6536992 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-10-27 14:18 . 2006-10-27 14:18 1658152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:14 . 2006-10-26 19:14 7033152 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-26 19:42 . 2006-10-26 19:42 8423224 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OARTCONV.DLL
+ 2006-10-26 13:47 . 2006-10-26 13:47 1512304 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\NLSD0000.DLL
+ 2006-10-26 19:00 . 2006-10-26 19:00 6635320 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-27 14:10 . 2006-10-27 14:10 5281592 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-26 19:02 . 2006-10-26 19:02 2526520 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-26 18:21 . 2006-10-26 18:21 1682232 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 1190688 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-27 14:00 . 2006-10-27 14:00 1751904 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-26 17:49 . 2006-10-26 17:49 1011488 c:\windows\Installer\$PatchCache$\Managed\000021090100D1400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2009-04-04 16:09 . 2009-04-04 16:09 10874880 c:\windows\Installer\2eb1e11.msp
+ 2009-04-04 13:26 . 2009-04-04 13:26 20132864 c:\windows\Installer\2eb1d14.msp
+ 2009-04-04 13:25 . 2009-04-04 13:25 14045696 c:\windows\Installer\2eb1d05.msp
+ 2009-04-14 02:49 . 2009-04-14 02:49 13509120 c:\windows\Installer\2eb1cef.msp
+ 2009-04-14 03:24 . 2009-04-14 03:24 11275264 c:\windows\Installer\2eb1ce6.msp
+ 2009-04-14 03:59 . 2009-04-14 03:59 16642560 c:\windows\Installer\2eb1cdd.msp
+ 2007-10-12 19:47 . 2007-10-12 19:47 23988224 c:\windows\Installer\2be1505.msp
+ 2007-10-12 19:47 . 2007-10-12 19:47 12262400 c:\windows\Installer\2be14ff.msp
+ 2009-10-27 19:55 . 2009-10-27 19:55 18181632 c:\windows\Installer\2be14f6.msi
+ 2009-04-03 17:01 . 2009-04-03 17:01 15108448 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\XL12CNV.EXE
+ 2009-04-03 17:11 . 2009-04-03 17:11 17740136 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\WWLIB.DLL
+ 2006-10-26 20:13 . 2006-10-26 20:13 14674216 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-27 14:23 . 2006-10-27 14:23 17483560 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-27 14:14 . 2006-10-27 14:14 14151456 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 14:26 . 2006-10-27 14:26 16870712 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MSO.DLL
+ 2006-10-27 14:07 . 2006-10-27 14:07 17891112 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2009-10-25 10:25 . 2009-10-25 10:25 17790464 c:\windows\Downloaded Installations\{BB1F9BC3-F3C9-499B-BDEA-C2A672A4F8D9}\WN111v2.msi
+ 2009-04-04 16:08 . 2009-04-04 16:08 343058432 c:\windows\Installer\2eb1e06.msp
+ 2007-10-12 19:47 . 2007-10-12 19:47 229852160 c:\windows\Installer\2be15b9.msp
.
-- Snapshot återställt till dagens datum --
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]
"Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"MioNet"="c:\program\MioNet\MioNetLauncher.exe" [2009-10-25 32768]
"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2009-10-27 557256]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-06-23 19456]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-21 110592]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Xfire\\Xfire.exe"=
"c:\\spel\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program\\MioNet\\MioNetManager.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Voddler\\service\\voddler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-09-29 96408]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-07-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-01 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-01-14 458752]
S1 b2db9f54;b2db9f54;c:\windows\system32\drivers\b2db9f54.sys --> c:\windows\system32\drivers\b2db9f54.sys [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547]
S4 MioNet;MioNet;c:\program\MioNet\MioNetManager.exe -s "c:\program\MioNet\wrapper.conf" --> c:\program\MioNet\MioNetManager.exe -s c:\program\MioNet\wrapper.conf [?]

--- Övriga tjänster/drivrutiner i minnet ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
.
------- Extra genomsökning -------
.
uStart Page = about:blank
IE: Anpassa RF menu - file://c:\program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fyll i formulär &] - file://c:\program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Spara &formulär &[ - file://c:\program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.
.
------- Filassociationer -------
.
txtfile="c:\program\JGsoft\EditPadPro6\EditPadPro.exe" "%1"
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKLM-Run-jswtrayutil - c:\program\NETGEAR\WN111v2\jswtrayutil.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 20:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spyl.sys >>UNKNOWN [0x8A1B7938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF7978B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF7978B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-583907252-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\acs.exe
c:\program\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program\Voddler\service\voddler.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\SCardSvr.exe
c:\program\MioNet\jvm\bin\MioNet.exe
.
**************************************************************************
.
Sluttid: 2009-10-31 20:58 - datorn startades om.
ComboFix-quarantined-files.txt 2009-10-31 19:58
ComboFix2.txt 2009-10-23 06:34

Före genomsökningen: 105 281 978 368 byte ledigt
Efter genomsökningen: 105 350 279 168 byte ledigt

- - End Of File - - 5CD221428CAC1F6C9597EB82B3D45576

Regards
Jonas

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 31 October 2009 - 05:29 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

MBR::
Driver::
b2db9f54
File::
c:\windows\system32\drivers\b2db9f54.sys

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Polecat69

Polecat69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 01 November 2009 - 04:23 AM

So here is the combofix log

/Jonas

ComboFix 09-10-30.01 - Administratör 2009-11-01 10:10.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.3070.2606 [GMT 1:00]
Körs från: c:\documents and settings\Administratör\Skrivbord\schrauber.exe
Använda kommandoväxlar :: c:\documents and settings\Administratör\Skrivbord\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Skapade en ny återställningspunkt

FILE ::
"c:\windows\system32\drivers\b2db9f54.sys"
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_b2db9f54


(((((((((((((((((((((((( Filer Skapade från 2009-10-01 till 2009-11-01 ))))))))))))))))))))))))))))))
.

2009-11-01 09:06 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-10-30 15:40 . 2009-10-31 19:11 8 ----a-w- c:\windows\system32\nvModes.dat
2009-10-28 10:14 . 2009-10-31 20:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Voddler
2009-10-28 10:13 . 2009-10-28 10:14 -------- d-----w- c:\program\Voddler
2009-10-27 22:01 . 2009-10-27 22:01 -------- d-----w- c:\program\Microsoft
2009-10-27 22:00 . 2009-10-27 22:00 -------- d-----w- c:\program\Windows Live SkyDrive
2009-10-27 22:00 . 2009-10-27 22:01 -------- d-----w- c:\program\Windows Live
2009-10-27 21:58 . 2009-10-27 21:58 -------- d-----w- c:\program\Delade filer\Windows Live
2009-10-27 19:55 . 2009-10-27 20:45 -------- d-----w- c:\program\Microsoft Works
2009-10-27 19:49 . 2009-10-27 19:50 -------- d-----w- c:\windows\SHELLNEW
2009-10-27 19:49 . 2009-10-27 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 19:48 . 2009-10-27 19:48 -------- d-----r- C:\MSOCache
2009-10-25 10:57 . 2009-10-25 10:57 -------- d-----w- c:\documents and settings\Administrat”r
2009-10-25 10:52 . 2009-10-25 10:52 -------- d-----w- C:\Program Files
2009-10-25 10:51 . 2009-10-25 10:54 -------- d-----w- c:\program\MioNet
2009-10-25 10:33 . 2009-10-25 10:33 -------- d--h--r- c:\documents and settings\All Users\Application Data\Atheros
2009-10-25 10:26 . 2007-12-14 03:31 57408 ----a-w- c:\windows\system32\drivers\wsimd.sys
2009-10-25 10:26 . 2009-10-25 10:26 -------- d-----w- c:\program\NETGEAR
2009-10-25 10:26 . 2009-10-25 10:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NETGEAR
2009-10-25 10:25 . 2009-10-25 10:25 -------- d-----w- c:\windows\Downloaded Installations
2009-10-24 21:38 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-24 21:38 . 2009-10-24 21:39 -------- d-----w- c:\program\K-Lite Codec Pack
2009-10-24 21:33 . 2009-10-24 22:09 -------- d-----w- C:\DECCHECK
2009-10-24 21:30 . 2008-04-15 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-23 09:24 . 2009-10-23 09:24 -------- d-----w- c:\program\Foxit Software
2009-10-23 09:19 . 2009-10-23 09:19 -------- d-----w- c:\windows\Sun
2009-10-23 09:18 . 2009-10-23 09:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-23 09:18 . 2009-10-23 09:18 -------- d-----w- c:\program\Java
2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\program\ESET
2009-10-22 22:31 . 2009-10-22 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-22 21:38 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 21:37 . 2009-10-22 21:43 -------- d-----w- c:\program\Malwarebytes' Anti-Malware
2009-10-22 21:37 . 2009-10-22 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-22 21:37 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 17:55 . 1998-11-13 11:13 307200 ----a-w- c:\windows\IsUn041d.exe
2009-10-20 10:57 . 2009-10-20 10:57 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-10-20 10:57 . 2009-10-20 10:57 -------- d-----w- c:\windows\system32\Lang
2009-10-20 10:51 . 2004-01-09 21:17 601100 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2009-10-20 10:51 . 2004-01-09 00:54 65536 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-20 10:51 . 2003-12-18 00:05 155648 ----a-w- c:\windows\system32\RTLCPAPI.dll
2009-10-20 10:51 . 2003-12-11 21:54 391424 ----a-w- c:\windows\system32\drivers\ALCXSENS.SYS
2009-10-20 10:51 . 2003-08-19 17:36 65536 ----a-w- c:\windows\system32\Audio3D.dll
2009-10-20 10:51 . 2004-01-09 00:53 5672960 ----a-w- c:\windows\system32\RTLCPL.EXE
2009-10-20 10:51 . 2003-11-21 14:58 208896 ----a-w- c:\windows\alcupd.exe
2009-10-20 10:51 . 2003-11-21 14:56 139264 ----a-w- c:\windows\alcrmv.exe
2009-10-20 10:51 . 2003-07-31 19:08 744 ----a-w- c:\windows\system32\drivers\alcxinit.dat
2009-10-20 10:25 . 2009-10-20 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-10-20 10:24 . 2009-10-20 10:25 -------- d-----w- c:\program\DAEMON Tools Toolbar
2009-10-20 10:24 . 2009-10-20 10:53 -------- d-----w- c:\program\DAEMON Tools Lite
2009-10-20 10:21 . 2009-10-20 10:21 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 10:19 . 2009-10-20 10:19 -------- d-----w- c:\program\VideoLAN
2009-10-20 09:35 . 2006-08-11 12:56 3072 ----a-w- c:\windows\CTXFIRES.DLL
2009-10-20 09:21 . 2009-10-21 17:58 -------- d-----w- c:\program\Delade filer\Adobe
2009-10-19 23:39 . 2009-10-21 20:13 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-19 23:39 . 2009-10-21 20:13 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-19 23:39 . 2009-10-25 09:41 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 23:39 . 2009-10-19 23:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-19 23:22 . 2009-10-19 23:22 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-10-19 23:20 . 2009-10-21 19:34 -------- d-----w- c:\program\Xfire
2009-10-19 23:12 . 2009-10-19 23:12 -------- d-----w- C:\spel
2009-10-19 23:10 . 2009-10-19 23:10 -------- d-sh--w- c:\windows\ftpcache
2009-10-19 22:47 . 2009-10-19 22:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-19 22:38 . 2009-10-19 22:38 -------- d-----w- c:\program\Net iD
2009-10-19 22:29 . 2009-10-19 22:29 -------- d-----w- c:\program\Siber Systems
2009-10-19 22:27 . 2009-10-19 22:27 27904 ----a-w- c:\windows\system32\drivers\viaagp1.sys
2009-10-19 22:26 . 2009-10-24 22:09 -------- d-----w- c:\program\JGsoft
2009-10-19 22:26 . 2006-06-06 00:08 67472 ----a-w- c:\windows\UnDeploy.exe
2009-10-19 22:23 . 2009-10-30 18:37 -------- d-----w- c:\program\FlashFXP
2009-10-19 22:11 . 2009-10-20 10:09 -------- d-----w- c:\program\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 20:06 . 2009-10-28 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Voddler
2009-10-30 12:49 . 2009-10-19 20:58 -------- d-----w- c:\program\Opera
2009-10-28 10:14 . 2009-10-28 10:13 -------- d-----w- c:\program\Voddler
2009-10-25 08:43 . 2008-04-15 12:00 47784 ----a-w- c:\windows\system32\perfc01D.dat
2009-10-25 08:43 . 2008-04-15 12:00 315006 ----a-w- c:\windows\system32\perfh01D.dat
2009-10-22 21:29 . 2008-04-15 12:00 14336 ------w- c:\windows\system32\svchost.exe
2009-10-20 10:51 . 2009-10-19 21:42 -------- d--h--w- c:\program\InstallShield Installation Information
2009-10-20 10:51 . 2009-10-19 21:41 -------- d-----w- c:\program\Delade filer\InstallShield
2009-10-20 10:13 . 2009-10-19 21:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-20 10:13 . 2009-10-19 21:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-20 10:07 . 2009-10-19 21:43 -------- d-----w- c:\program\Creative
2009-10-19 22:10 . 2009-10-19 22:09 -------- d-----w- c:\program\Winamp
2009-10-19 21:44 . 2009-10-19 20:02 -------- d-----w- c:\program\NVIDIA Corporation
2009-10-19 21:21 . 2009-10-19 21:12 65 ----a-w- c:\windows\system32\BD7420.dat
2009-10-19 21:10 . 2009-10-19 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-10-19 20:24 . 2009-10-19 20:24 -------- d-----w- c:\program\uTorrent
2009-10-19 20:03 . 2009-10-19 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-10-19 19:59 . 2009-10-19 19:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-19 19:59 . 2009-10-19 19:59 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-10-19 19:58 . 2009-10-19 19:58 -------- d-----w- c:\program\SystemRequirementsLab
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\program\Panda Security
2009-10-19 19:54 . 2009-10-19 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2009-10-19 19:44 . 2009-10-19 19:44 -------- d-----w- c:\program\microsoft frontpage
2009-10-19 19:39 . 2009-10-19 19:39 21700 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 00:01 . 2009-10-15 00:01 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-09-29 11:05 . 2009-09-29 11:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-09-29 11:02 . 2009-09-29 11:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-29 10:56 . 2009-09-29 10:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-09-27 16:19 . 2009-09-27 16:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 14:12 . 2009-09-27 14:12 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 14:12 . 2009-09-27 14:12 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 14:12 . 2009-09-27 14:12 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 14:12 . 2009-09-27 14:12 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 14:12 . 2009-09-27 14:12 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 14:12 . 2009-09-27 14:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 14:12 . 2009-09-27 14:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 14:12 . 2009-09-27 14:12 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 14:12 . 2009-09-27 14:12 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:19 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:05 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:00 . 2008-04-15 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2008-04-15 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2008-04-15 12:00 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2008-04-14 21:14 2024960 ------w- c:\windows\system32\ntkrnlpa.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-15 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-10-31_19.54.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-01 09:17 . 2009-11-01 09:17 16384 c:\windows\temp\Perflib_Perfdata_100.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"Net iD"="c:\program\Net iD\iid.exe" [2009-01-09 95472]
"Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
"SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"MioNet"="c:\program\MioNet\MioNetLauncher.exe" [2009-10-25 32768]
"VoddlerNet Manager"="c:\program\Voddler\service\VNetManager.exe" [2009-10-27 557256]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2009-06-23 19456]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-01-09 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Gamma Loader.lnk - c:\program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-21 110592]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program\NETGEAR\WN111v2\WN111V2.exe [2009-3-25 1503290]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\uTorrent\\uTorrent.exe"=
"c:\\Program\\Xfire\\Xfire.exe"=
"c:\\spel\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program\\MioNet\\jvm\\bin\\MioNet.exe"=
"c:\\Program\\MioNet\\MioNetManager.exe"=
"c:\\Program\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program\\Voddler\\service\\voddler.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-09-29 96408]
R2 ekrn;ESET Service;c:\program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-07-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-01 57440]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-01-14 458752]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-06-23 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-06-23 566296]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547]
S4 MioNet;MioNet;c:\program\MioNet\MioNetManager.exe -s "c:\program\MioNet\wrapper.conf" --> c:\program\MioNet\MioNetManager.exe -s c:\program\MioNet\wrapper.conf [?]

--- Övriga tjänster/drivrutiner i minnet ---

*Deregistered* - mbr
.
.
------- Extra genomsökning -------
.
uStart Page = about:blank
IE: Anpassa RF menu - file://c:\program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xportera till Microsoft Excel - c:\program\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fyll i formulär &] - file://c:\program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Spara &formulär &[ - file://c:\program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_USERS\S-1-5-21-583907252-1220945662-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,38,99,36,ca,56,7c,4b,9d,5d,c5,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\webcheck.dll
.
------------------------ Andra processer som körs ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\acs.exe
c:\program\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\wdfmgr.exe
c:\program\Voddler\service\voddler.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\SCardSvr.exe
c:\program\MioNet\jvm\bin\MioNet.exe
.
**************************************************************************
.
Sluttid: 2009-11-01 10:21 - datorn startades om.
ComboFix-quarantined-files.txt 2009-11-01 09:20
ComboFix2.txt 2009-10-31 19:58
ComboFix3.txt 2009-10-23 06:34

Före genomsökningen: 105 330 130 944 byte ledigt
Efter genomsökningen: 105 298 477 056 byte ledigt

- - End Of File - - 9F7010614D34A0A13F2EDB3C2F3B255A

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 01 November 2009 - 06:18 AM

Hi,

how is your system running right now?

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Polecat69

Polecat69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 01 November 2009 - 07:43 AM

It seems to run better and faster now, IE seems to be more stable then before.

Here is the log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administratör at 2009-11-01 13:35:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 100 GB (88%) free of 114 GB
Total RAM: 3070 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:03, on 2009-11-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Voddler\service\voddler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Net iD\iid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Voddler\service\VNetManager.exe
C:\Program\NETGEAR\WN111v2\WN111V2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administratör\Skrivbord\RSIT.exe
C:\Program\trend micro\Administratör.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MioNet] C:\Program\MioNet\MioNetLauncher.exe /p
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fyll i formulär &] - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Spara &formulär &[ - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fyll i - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara &formulär &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygslist &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256675124906
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VoddlerNet - Voddler - C:\Program\Voddler\service\voddler.exe

--
End of file - 7907 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program\Siber Systems\AI RoboForm\RoboForm.dll [2004-07-10 2506752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\Program\FlashFXP\IEFlash.dll [2004-07-29 190616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll [2004-07-10 2506752]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"Net iD"=C:\Program\Net iD\iid.exe [2009-01-09 95472]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-06-23 19456]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-09 65536]
"Malwarebytes Anti-Malware (reboot)"=C:\Program\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"egui"=C:\Program\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2054360]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-10-23 149280]
"MioNet"=C:\Program\MioNet\MioNetLauncher.exe [2009-10-25 32768]
"VoddlerNet Manager"=C:\Program\Voddler\service\VNetManager.exe [2009-10-27 557256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
C:\Program\MioNet\MioNetLauncher.exe [2009-10-25 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
Adobe Gamma Loader.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
NETGEAR WN111v2 Smart Wizard.lnk - C:\Program\NETGEAR\WN111v2\WN111V2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-08-27 190976]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program\Xfire\Xfire.exe"="C:\Program\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\spel\Call of Duty 2\CoD2MP_s.exe"="C:\spel\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program\MioNet\jvm\bin\MioNet.exe"="C:\Program\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program\MioNet\MioNetManager.exe"="C:\Program\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program\Voddler\service\voddler.exe"="C:\Program\Voddler\service\voddler.exe:*:Enabled:Voddler"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.txt - open - "C:\Program\JGsoft\EditPadPro6\EditPadPro.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-01 13:35:52 ----D---- C:\Program\trend micro
2009-11-01 13:35:51 ----D---- C:\rsit
2009-11-01 10:21:42 ----A---- C:\ComboFix.txt
2009-11-01 10:15:56 ----D---- C:\WINDOWS\temp
2009-11-01 10:08:52 ----D---- C:\schrauber
2009-11-01 10:06:13 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-01 10:06:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-31 20:44:23 ----A---- C:\WINDOWS\MBR.exe
2009-10-28 11:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Voddler
2009-10-28 11:13:59 ----D---- C:\Program\Voddler
2009-10-27 23:01:07 ----D---- C:\Program\Microsoft
2009-10-27 23:00:49 ----D---- C:\Program\Windows Live SkyDrive
2009-10-27 23:00:37 ----D---- C:\Program\Windows Live
2009-10-27 22:58:35 ----D---- C:\Program\Delade filer\Windows Live
2009-10-27 20:55:22 ----D---- C:\Program\Microsoft Works
2009-10-27 20:55:00 ----D---- C:\Program\Microsoft Visual Studio
2009-10-27 20:54:59 ----D---- C:\Program\Delade filer\DESIGNER
2009-10-27 20:54:32 ----D---- C:\Program\Delade filer\ODBC
2009-10-27 20:49:54 ----D---- C:\WINDOWS\SHELLNEW
2009-10-27 20:49:30 ----D---- C:\Program\Microsoft Office
2009-10-27 20:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-27 20:48:57 ----RD---- C:\MSOCache
2009-10-26 09:27:09 ----D---- C:\WINDOWS\pss
2009-10-26 09:26:21 ----D---- C:\Documents and Settings\Administratör\Application Data\Foxit Software
2009-10-25 11:52:30 ----D---- C:\Program Files
2009-10-25 11:51:46 ----D---- C:\Documents and Settings\Administratör\Application Data\MioNet
2009-10-25 11:51:26 ----D---- C:\Program\MioNet
2009-10-25 11:50:06 ----D---- C:\Documents and Settings\Administratör\Application Data\Download Manager
2009-10-25 11:33:15 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2009-10-25 11:26:21 ----D---- C:\Program\NETGEAR
2009-10-25 11:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\NETGEAR
2009-10-25 11:25:34 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-24 22:38:26 ----A---- C:\WINDOWS\system32\unrar.dll
2009-10-24 22:38:25 ----A---- C:\WINDOWS\avisplitter.ini
2009-10-24 22:38:08 ----D---- C:\Program\K-Lite Codec Pack
2009-10-24 22:33:58 ----D---- C:\DECCHECK
2009-10-24 22:30:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-24 22:24:59 ----D---- C:\Documents and Settings\Administratör\Application Data\Media Player Classic
2009-10-23 10:24:39 ----D---- C:\Program\Foxit Software
2009-10-23 10:24:39 ----D---- C:\Documents and Settings\Administratör\Application Data\Foxit
2009-10-23 10:19:03 ----D---- C:\WINDOWS\Sun
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\java.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-23 10:18:04 ----D---- C:\Program\Java
2009-10-23 10:17:18 ----D---- C:\Documents and Settings\Administratör\Application Data\Sun
2009-10-23 08:53:47 ----D---- C:\Documents and Settings\Administratör\Application Data\JGsoft
2009-10-23 07:49:40 ----A---- C:\RootRepeal report 10-23-09 (08-49-40).txt
2009-10-23 07:21:00 ----A---- C:\Boot.bak
2009-10-23 07:20:55 ----RASHD---- C:\cmdcons
2009-10-23 07:18:09 ----A---- C:\WINDOWS\zip.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWSC.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWREG.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\sed.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\PEV.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\grep.exe
2009-10-23 07:18:04 ----D---- C:\WINDOWS\ERDNT
2009-10-23 07:16:36 ----D---- C:\Qoobox
2009-10-23 07:14:15 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-22 23:31:22 ----D---- C:\Program\ESET
2009-10-22 23:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-10-22 22:43:43 ----D---- C:\Documents and Settings\Administratör\Application Data\Malwarebytes
2009-10-22 22:37:58 ----D---- C:\Program\Malwarebytes' Anti-Malware
2009-10-22 22:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-21 18:55:36 ----A---- C:\WINDOWS\IsUn041d.exe
2009-10-20 11:57:57 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2009-10-20 11:57:56 ----D---- C:\WINDOWS\system32\Lang
2009-10-20 11:51:25 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2009-10-20 11:51:25 ----A---- C:\WINDOWS\system32\Audio3D.dll
2009-10-20 11:51:25 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-10-20 11:51:24 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2009-10-20 11:51:24 ----A---- C:\WINDOWS\alcupd.exe
2009-10-20 11:51:24 ----A---- C:\WINDOWS\alcrmv.exe
2009-10-20 11:26:22 ----D---- C:\Documents and Settings\Administratör\Application Data\dvdcss
2009-10-20 11:25:09 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-10-20 11:24:59 ----D---- C:\Program\DAEMON Tools Toolbar
2009-10-20 11:24:53 ----D---- C:\Program\DAEMON Tools Lite
2009-10-20 11:21:00 ----D---- C:\Documents and Settings\Administratör\Application Data\DAEMON Tools Lite
2009-10-20 11:20:19 ----D---- C:\Documents and Settings\Administratör\Application Data\vlc
2009-10-20 11:19:23 ----D---- C:\Program\VideoLAN
2009-10-20 11:16:22 ----A---- C:\WINDOWS\sbwin.ini
2009-10-20 11:14:27 ----A---- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000008-10211102}.BAK
2009-10-20 10:35:49 ----A---- C:\WINDOWS\CTXFIRES.DLL
2009-10-20 10:22:16 ----D---- C:\Documents and Settings\Administratör\Application Data\AdobeUM
2009-10-20 10:21:19 ----D---- C:\Program\Delade filer\Adobe
2009-10-20 10:20:42 ----D---- C:\Program\Adobe
2009-10-20 00:39:25 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-20 00:39:17 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-20 00:39:17 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-20 00:20:49 ----D---- C:\Documents and Settings\Administratör\Application Data\Xfire
2009-10-20 00:20:45 ----D---- C:\Program\Xfire
2009-10-20 00:17:22 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-10-20 00:17:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-10-20 00:17:04 ----A---- C:\WINDOWS\game.ini
2009-10-20 00:12:24 ----D---- C:\spel
2009-10-20 00:10:35 ----SHD---- C:\WINDOWS\ftpcache
2009-10-19 23:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-19 23:50:21 ----A---- C:\WINDOWS\system32\wpa.bak
2009-10-19 23:47:18 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-19 23:38:09 ----D---- C:\Program\Net iD
2009-10-19 23:38:09 ----D---- C:\Documents and Settings\Administratör\Application Data\iid
2009-10-19 23:29:37 ----D---- C:\Program\Siber Systems
2009-10-19 23:26:58 ----D---- C:\Program\JGsoft
2009-10-19 23:26:58 ----A---- C:\WINDOWS\UnDeploy.exe
2009-10-19 23:23:15 ----D---- C:\Program\FlashFXP
2009-10-19 23:20:48 ----D---- C:\Program\WinRAR
2009-10-19 23:11:27 ----D---- C:\Documents and Settings\Administratör\Application Data\ImgBurn
2009-10-19 23:11:15 ----D---- C:\Program\ImgBurn
2009-10-19 23:09:37 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxafs.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\vxblock.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxwave.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxsfs.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxmas.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxdrv.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\px.dll
2009-10-19 23:09:08 ----D---- C:\Program\Winamp
2009-10-19 23:09:08 ----D---- C:\Documents and Settings\Administratör\Application Data\Winamp
2009-10-19 22:46:59 ----A---- C:\WINDOWS\ODBC.INI
2009-10-19 22:45:41 ----A---- C:\WINDOWS\CMISETUP.ini
2009-10-19 22:45:38 ----A---- C:\WINDOWS\IsUninst.exe
2009-10-19 22:44:41 ----D---- C:\WINDOWS\system32\Defaults
2009-10-19 22:43:41 ----D---- C:\Documents and Settings\Administratör\Application Data\Creative
2009-10-19 22:43:41 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-10-19 22:43:41 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-10-19 22:43:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-19 22:43:06 ----D---- C:\WINDOWS\system32\Data
2009-10-19 22:43:05 ----D---- C:\Program\Creative
2009-10-19 22:42:52 ----HD---- C:\Program\InstallShield Installation Information
2009-10-19 22:41:59 ----D---- C:\Program\Delade filer\InstallShield
2009-10-19 22:35:52 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-19 22:32:42 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-19 22:31:35 ----A---- C:\WINDOWS\imsins.BAK
2009-10-19 22:31:31 ----SHD---- C:\WINDOWS\Installer
2009-10-19 22:31:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 22:31:30 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-19 22:31:26 ----RD---- C:\Program
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer\SpeechEngines
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer\Microsoft Shared
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-19 22:31:10 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-19 22:31:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-19 22:31:08 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-19 22:31:08 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-19 22:31:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-10-19 22:31:06 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-19 22:30:57 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-19 22:30:54 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-19 22:30:51 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-19 22:30:50 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-19 22:30:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-19 22:30:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-19 22:30:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-19 22:30:34 ----A---- C:\WINDOWS\system32\BrWia04b.dll
2009-10-19 22:30:34 ----A---- C:\WINDOWS\system32\BrUSi04b.dll
2009-10-19 22:30:19 ----A---- C:\WINDOWS\setuplog.txt
2009-10-19 22:30:15 ----D---- C:\Documents and Settings
2009-10-19 22:30:14 ----SHD---- C:\System Volume Information
2009-10-19 22:29:34 ----RASH---- C:\boot.ini
2009-10-19 22:24:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-19 22:24:25 ----RSD---- C:\WINDOWS\Fonts
2009-10-19 22:24:25 ----RD---- C:\WINDOWS\Web
2009-10-19 22:24:25 ----HD---- C:\WINDOWS\inf
2009-10-19 22:24:25 ----D---- C:\WINDOWS\WinSxS
2009-10-19 22:24:25 ----D---- C:\WINDOWS\twain_32
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\wins
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\wbem
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\usmt
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\sv-se
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\sv
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\spool
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\Setup
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ras
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\oobe
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\npp
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\mui
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\IME
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\icsxml
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ias
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\export
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\drivers
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\dhcp
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\config
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\3076
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\2052
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1054
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1053
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1042
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1041
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1037
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1033
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1031
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1028
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1025
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system
2009-10-19 22:24:25 ----D---- C:\WINDOWS\security
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Resources
2009-10-19 22:24:25 ----D---- C:\WINDOWS\repair
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Provisioning
2009-10-19 22:24:25 ----D---- C:\WINDOWS\PeerNet
2009-10-19 22:24:25 ----D---- C:\WINDOWS\pchealth
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-19 22:24:25 ----D---- C:\WINDOWS\mui
2009-10-19 22:24:25 ----D---- C:\WINDOWS\msapps
2009-10-19 22:24:25 ----D---- C:\WINDOWS\msagent
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Media
2009-10-19 22:24:25 ----D---- C:\WINDOWS\L2Schemas
2009-10-19 22:24:25 ----D---- C:\WINDOWS\java
2009-10-19 22:24:25 ----D---- C:\WINDOWS\ime
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Help
2009-10-19 22:24:25 ----D---- C:\WINDOWS\ehome
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Driver Cache
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Debug
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Cursors
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Connection Wizard
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Config
2009-10-19 22:24:25 ----D---- C:\WINDOWS\AppPatch
2009-10-19 22:24:25 ----D---- C:\WINDOWS\addins
2009-10-19 22:24:25 ----D---- C:\WINDOWS
2009-10-19 22:12:13 ----A---- C:\WINDOWS\brwmark.ini
2009-10-19 22:12:13 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-10-19 22:12:13 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-10-19 22:12:13 ----A---- C:\WINDOWS\brpcfx.ini
2009-10-19 22:11:41 ----A---- C:\WINDOWS\system32\brinsstr.dll
2009-10-19 22:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-19 22:11:33 ----A---- C:\WINDOWS\brunin03.dll
2009-10-19 22:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-19 22:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-10-19 22:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-19 22:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-19 22:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-19 22:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-19 22:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-19 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-19 22:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-19 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-19 22:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-19 22:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-19 22:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-19 22:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-19 22:08:37 ----D---- C:\WINDOWS\ie8updates
2009-10-19 22:08:22 ----D---- C:\WINDOWS\WBEM
2009-10-19 22:07:32 ----HDC---- C:\WINDOWS\ie8
2009-10-19 22:07:32 ----D---- C:\WINDOWS\system32\en-US
2009-10-19 22:05:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-19 22:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-19 22:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-19 22:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-19 22:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-19 22:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-19 22:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-19 22:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-19 22:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-19 22:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-19 22:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-19 22:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-19 22:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-19 22:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-19 22:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-19 22:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-19 22:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-19 22:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-19 22:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-19 22:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-19 22:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-19 22:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-19 22:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-19 22:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-19 22:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-19 22:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-19 22:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-19 22:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-19 22:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-19 22:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-19 22:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-19 22:00:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-19 22:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-19 22:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-19 22:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-19 22:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-19 22:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-19 22:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-19 22:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-19 22:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-19 21:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-19 21:58:31 ----D---- C:\Documents and Settings\Administratör\Application Data\Opera
2009-10-19 21:58:22 ----D---- C:\Program\Opera
2009-10-19 21:38:40 ----D---- C:\Documents and Settings\Administratör\Application Data\Panda Security
2009-10-19 21:25:01 ----SHD---- C:\RECYCLER
2009-10-19 21:24:34 ----D---- C:\Program\uTorrent
2009-10-19 21:23:36 ----D---- C:\Documents and Settings\Administratör\Application Data\uTorrent
2009-10-19 21:21:48 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-19 21:03:44 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-10-19 21:02:52 ----D---- C:\Program\NVIDIA Corporation
2009-10-19 20:58:58 ----D---- C:\Program\SystemRequirementsLab
2009-10-19 20:57:41 ----D---- C:\Documents and Settings\Administratör\Application Data\Adobe
2009-10-19 20:57:00 ----D---- C:\Documents and Settings\Administratör\Application Data\Macromedia
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-10-19 20:54:56 ----D---- C:\Program\Panda Security
2009-10-19 20:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-10-19 20:54:45 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-19 20:54:45 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-10-19 20:54:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-19 20:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-19 20:54:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-19 20:50:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-19 20:48:57 ----D---- C:\Documents and Settings\Administratör\Application Data\Identities
2009-10-19 20:48:50 ----ASH---- C:\Documents and Settings\Administratör\Application Data\desktop.ini
2009-10-19 20:48:49 ----SD---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2009-10-19 20:48:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-19 20:48:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-19 20:48:05 ----D---- C:\WINDOWS\Prefetch
2009-10-19 20:48:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-19 20:44:20 ----D---- C:\WINDOWS\system32\xircom
2009-10-19 20:44:20 ----D---- C:\Program\xerox
2009-10-19 20:44:20 ----D---- C:\Program\microsoft frontpage
2009-10-19 20:43:59 ----A---- C:\WINDOWS\control.ini
2009-10-19 20:43:59 ----A---- C:\AUTOEXEC.BAT
2009-10-19 20:43:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-19 20:42:55 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-19 20:41:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-19 20:41:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-19 20:41:39 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-19 20:41:32 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-19 20:41:07 ----D---- C:\WINDOWS\system32\DirectX
2009-10-19 20:41:02 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-19 20:41:00 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-19 20:41:00 ----A---- C:\WINDOWS\desktop.ini
2009-10-19 20:40:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-19 20:40:52 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-19 20:40:51 ----D---- C:\Program\Delade filer\Services
2009-10-19 20:40:49 ----SD---- C:\WINDOWS\Tasks
2009-10-19 20:40:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-19 20:40:48 ----D---- C:\Program\Delade filer\MSSoap
2009-10-19 20:40:45 ----D---- C:\WINDOWS\srchasst
2009-10-19 20:40:44 ----D---- C:\WINDOWS\system32\Macromed
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-19 20:40:41 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-10-19 20:40:41 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-19 20:40:37 ----D---- C:\Program\Movie Maker
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-19 20:40:18 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-10-19 20:40:18 ----D---- C:\WINDOWS\system32\Restore
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-19 20:40:14 ----D---- C:\Program\NetMeeting
2009-10-19 20:40:14 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-19 20:40:14 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-19 20:40:13 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-19 20:40:13 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-19 20:40:12 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-10-19 20:40:12 ----D---- C:\Program\Outlook Express
2009-10-19 20:40:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-19 20:40:12 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-19 20:40:06 ----D---- C:\Program\Delade filer\System
2009-10-19 20:40:03 ----D---- C:\Program\Internet Explorer
2009-10-19 20:39:21 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-19 20:39:21 ----A---- C:\WINDOWS\vb.ini
2009-10-19 20:39:17 ----D---- C:\WINDOWS\Registration
2009-10-19 20:39:09 ----D---- C:\Program\Windows Media Player
2009-10-19 20:38:58 ----D---- C:\Program\MSN Gaming Zone
2009-10-19 20:38:58 ----A---- C:\WINDOWS\system32\write.exe
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-19 20:38:48 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-19 20:38:42 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-19 20:38:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-19 20:38:34 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-19 20:38:33 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-19 20:38:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-19 20:38:32 ----D---- C:\Program\Windows NT
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-19 20:38:31 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-10-19 20:38:29 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-19 20:38:28 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-19 20:38:26 ----D---- C:\WINDOWS\system32\Com
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-19 20:38:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-10-15 01:01:24 ----A---- C:\WINDOWS\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2009-11-01 10:18:32 ----A---- C:\WINDOWS\system.ini
2009-10-28 22:22:49 ----A---- C:\WINDOWS\win.ini
2009-10-22 22:29:07 ----N---- C:\WINDOWS\system32\svchost.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408]
R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40320]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-29 116008]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-18 11904]
R3 catchme;catchme; \??\C:\schrauber\catchme.sys []
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-06-23 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-06-23 528408]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-06-23 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-06-23 157208]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-06-23 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-06-23 798744]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-06-23 189464]
R3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-10-01 57440]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-06-23 127512]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-15 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-15 59520]
R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2009-01-14 458752]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]
S3 agdkjpzc;agdkjpzc; C:\WINDOWS\system32\drivers\agdkjpzc.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-06-23 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-06-23 162840]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\mbr.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2008-06-27 467028]
R2 ekrn;ESET Service; C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-20 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-21 191304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VoddlerNet;VoddlerNet; C:\Program\Voddler\service\voddler.exe [2009-10-27 1190096]
S3 ehttpsrv;ESET HTTP Server; C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 20680]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MioNet;MioNet; C:\Program\MioNet\MioNetManager.exe [2008-06-10 139264]

-----------------EOF-----------------

And here is the info.txt

info.txt logfile of random's system information tool 1.06 2009-11-01 13:36:05

======Uninstall list======

-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUN041D.EXE -f"C:\Program\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program\Adobe\Photoshop 7.0\Uninst.dll"
Call of Duty® 2-->C:\Program\DELADE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Creative Audio Console-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative WaveStudio 7-->RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program\DAEMON Tools Toolbar\uninst.exe
FlashFXP v3-->C:\Program\FlashFXP\unins000.exe
Foxit Reader-->C:\Program\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program\trend micro\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program\ImgBurn\uninstall.exe"
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
JGsoft EditPad Pro 6 DEMO 6.1.2-->C:\WINDOWS\UnDeploy.exe "C:\Program\JGsoft\EditPadPro6\Deploy.log"
K-Lite Codec Pack 5.2.0 (Full)-->"C:\Program\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041D-0000-0000000FF1CE} /uninstall {8C2A0B2D-382B-428C-9E8D-247D31B22201}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-041D-0000-0000000FF1CE} /uninstall {1AEE207F-E4DC-4A6C-9ACD-D1218F08B442}
Microsoft Office Access MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0015-041D-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program\Delade filer\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel 2007 Help Uppdatering (KB963678)-->msiexec /package {90120000-0016-041D-0000-0000000FF1CE} /uninstall {6696EB50-EC8B-4D01-8061-04A6DE3D590C}
Microsoft Office Excel MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0016-041D-0000-0000000FF1CE}
Microsoft Office Groove MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00BA-041D-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0044-041D-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Swedish) 2007-->MsiExec.exe /X{90120000-00A1-041D-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001A-041D-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)-->msiexec /package {90120000-0018-041D-0000-0000000FF1CE} /uninstall {18E9F644-2552-4544-AABB-C1838964DDEE}
Microsoft Office PowerPoint MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0018-041D-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Swedish) 2007-->MsiExec.exe /X{90120000-002C-041D-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {8C00DF3E-E8BD-4C6A-B86F-0135E11DAF1C}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {43722AA8-ACEA-4F54-9B83-2467D376EF8A}
Microsoft Office Publisher MUI (Swedish) 2007-->MsiExec.exe /X{90120000-0019-041D-0000-0000000FF1CE}
Microsoft Office Shared MUI (Swedish) 2007-->MsiExec.exe /X{90120000-006E-041D-0000-0000000FF1CE}
Microsoft Office Word 2007 Help Uppdatering (KB963665)-->msiexec /package {90120000-001B-041D-0000-0000000FF1CE} /uninstall {5DF6817C-E3C0-4226-9565-5C10A0AF4BF5}
Microsoft Office Word MUI (Swedish) 2007-->MsiExec.exe /X{90120000-001B-041D-0000-0000000FF1CE}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Net iD 5.0-->C:\Program\Net iD\iid.exe -uninstall
NVIDIA Drivers-->C:\Program\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219}
RangeMax Wireless-N USB Adapter WN111v2-->C:\Program\InstallShield Installation Information\{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\setup.exe -runfromtemp -l0x0409
Realtek AC'97 Audio-->RunDll32 C:\Program\DELADE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Snabbkorrigering för Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Snabbkorrigering för Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
System Requirements Lab-->C:\Program\SystemRequirementsLab\Uninstall.exe
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Uppdatering för Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Uppdatering för Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
WD Anywhere Access Powered by MioNet-->MsiExec.exe /I{53AF3638-DDB4-4755-B3DC-259981689DB7}
Winamp-->"C:\Program\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{5A70922D-9365-43CC-ADA9-CB84E4A54E4E}
Windows Live inloggningsassistenten-->MsiExec.exe /I{0E93710D-31E5-477C-8A4B-5032B484BE74}
Windows Live Messenger-->MsiExec.exe /X{EC928237-A3BD-4640-ABD0-E49E758F2315}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR -->C:\Program\WinRAR\uninstall.exe
VLC media player 1.0.2-->C:\Program\VideoLAN\VLC\uninstall.exe
Voddler-->"C:\Program\Voddler\Uninstall.exe"
Xfire (remove only)-->"C:\Program\Xfire\uninst.exe"

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: STORARUM
Event Code: 257
Message: En timeout inträffade när ett meddelande om ändring av målenhet skickades till fönstret för CtHelper

Record Number: 483
Source Name: PlugPlayManager
Time Written: 20091020120852.000000+120
Event Type: Varning
User:

Computer Name: STORARUM
Event Code: 20
Message: Skrivardrivrutinen Brother MFC-7420 USB Printer för Windows NT x86 Version-3 lades till eller uppdaterades. Filer: BROMF04B.DLL, BRUMF04B.DLL, BM7420.PPD, BROMF04B.HLP, BM7420.INI, BM7420.DAT, BW7420.INI, BE7420.DAT, BRLMF04B.DLL, BRMS104B.DLL, BRMS404B.DLL, BRQIKMON.EXE, BRQIKMON.HLP, BRMD04.EXE, BRB7404B.DLL, BRB7504B.DLL.

Record Number: 300
Source Name: Print
Time Written: 20091019232152.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 20
Message: Skrivardrivrutinen Brother PC-FAX för Windows NT x86 Version-3 lades till eller uppdaterades. Filer: brofx04a.dll, brufx04a.dll, brofx04a.ppd.

Record Number: 299
Source Name: Print
Time Written: 20091019231212.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 4226
Message: TCP/IP har nått det högsta antal samtidiga TCP-anslutningsförsök som tillåts av säkerhetsskäl.

Record Number: 139
Source Name: Tcpip
Time Written: 20091019224402.000000+120
Event Type: Varning
User:

Computer Name: STORARUM
Event Code: 1005
Message: IP-adressen 192.168.1.7 för det nätverkskort som har nätverksadressen 0030BDB1CBCF
används redan på nätverket.
Datorn kommer automatiskt att försöka erhålla en annan IP-adress.

Record Number: 6
Source Name: Dhcp
Time Written: 20091019213615.000000+120
Event Type: Varning
User:

=====Application event log=====

Computer Name: STORARUM
Event Code: 5603
Message: En provider, Rsop Planning Mode Provider, har registrerats i WMI-namnområdet, root\RSOP, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.

Record Number: 15
Source Name: WinMgmt
Time Written: 20091019213954.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 5603
Message: En provider, Rsop Planning Mode Provider, har registrerats i WMI-namnområdet, root\RSOP, men angav inte egenskapen HostingModel. Providern kommer att köras under kontot LocalSystem. Detta konto har höga privilegier och providern kan orsaka säkerhetsproblem om den inte personifierar begäranden från användare korrekt. Kontrollera att providern har testats så att den inte har några säkerhetshål och uppdatera egenskapen HostingModel så att ett konto med så låga privilegier som är praktiskt möjligt används.

Record Number: 14
Source Name: WinMgmt
Time Written: 20091019213954.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 63
Message: En provider, CmdTriggerConsumer, har registrerats i WMI-namnområdet Root\cimv2 för att använda kontot Lokalt system. Detta konto har privilegier och providern kan därför orsaka en säkerhetsöverskridning om den inte personifierar användarbegäranden korrekt.

Record Number: 13
Source Name: WinMgmt
Time Written: 20091019213953.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 63
Message: En provider, CmdTriggerConsumer, har registrerats i WMI-namnområdet Root\cimv2 för att använda kontot Lokalt system. Detta konto har privilegier och providern kan därför orsaka en säkerhetsöverskridning om den inte personifierar användarbegäranden korrekt.

Record Number: 12
Source Name: WinMgmt
Time Written: 20091019213953.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

Computer Name: STORARUM
Event Code: 63
Message: En provider, HiPerfCooker_v1, har registrerats i WMI-namnområdet Root\WMI för att använda kontot Lokalt system. Detta konto har privilegier och providern kan därför orsaka en säkerhetsöverskridning om den inte personifierar användarbegäranden korrekt.

Record Number: 11
Source Name: WinMgmt
Time Written: 20091019213950.000000+120
Event Type: Varning
User: NT INSTANS\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 01 November 2009 - 11:39 AM

Hi,



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."






Step 1

Please update your version of Malwarebytes, run a quick scan and post back with the content of the logfile.





Step 2

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.







Please post back with:
  • Malwarebytes-Logfile
  • BitDefender-Logfile
  • Fresh RSIT-Logfile

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Polecat69

Polecat69
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 01 November 2009 - 04:34 PM

Here is the logs.

Malwarebytes' Anti-Malware 1.41
Databasversion: 3078
Windows 5.1.2600 Service Pack 3

2009-11-01 17:49:20
mbam-log-2009-11-01 (17-49-20).txt

Skanningstyp: Snabb skanning
Antal skannade objekt: 94449
Förfluten tid: 3 minute(s), 15 second(s)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 0
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 0
Infekterade filer: 0

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
(Inga illasinnade poster hittades)

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
(Inga illasinnade poster hittades)

Infekterade filer:
(Inga illasinnade poster hittades)

BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Nov 01, 2009 - 22:28:17


--------------------------------------------------------------------------------





Scan Info



Scanned Files
452705

Infected Files
0








Virus Detected



No virus found.











--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administratör at 2009-11-01 22:28:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 100 GB (88%) free of 114 GB
Total RAM: 3070 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:01, on 2009-11-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Voddler\service\voddler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\Net iD\iid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program\Java\jre6\bin\jusched.exe
C:\Program\Voddler\service\VNetManager.exe
C:\Program\NETGEAR\WN111v2\WN111V2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Windows Live\Contacts\wlcomm.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Program\JGsoft\EditPadPro6\EditPadPro.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administratör\Skrivbord\RSIT.exe
C:\Program\trend micro\Administratör.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Net iD] "C:\Program\Net iD\iid.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Program\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MioNet] C:\Program\MioNet\MioNetLauncher.exe /p
O4 - HKLM\..\Run: [VoddlerNet Manager] C:\Program\Voddler\service\VNetManager.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program\NETGEAR\WN111v2\WN111V2.exe
O8 - Extra context menu item: Anpassa RF menu - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fyll i formulär &] - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Spara &formulär &[ - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fyll i - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll i formulär &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Spara - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Spara &formulär &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF verktygslist &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1256675124906
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15109/CTPID.cab
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program\NETGEAR\WN111v2\jswpsapi.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VoddlerNet - Voddler - C:\Program\Voddler\service\voddler.exe

--
End of file - 8385 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program\Siber Systems\AI RoboForm\RoboForm.dll [2004-07-10 2506752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live inloggningshjälpen - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\Program\FlashFXP\IEFlash.dll [2004-07-29 190616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program\Siber Systems\AI RoboForm\RoboForm.dll [2004-07-10 2506752]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"Net iD"=C:\Program\Net iD\iid.exe [2009-01-09 95472]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-06-23 19456]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-01-09 65536]
"Malwarebytes Anti-Malware (reboot)"=C:\Program\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"egui"=C:\Program\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2054360]
"SunJavaUpdateSched"=C:\Program\Java\jre6\bin\jusched.exe [2009-10-23 149280]
"MioNet"=C:\Program\MioNet\MioNetLauncher.exe [2009-10-25 32768]
"VoddlerNet Manager"=C:\Program\Voddler\service\VNetManager.exe [2009-10-27 557256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MioNet]
C:\Program\MioNet\MioNetLauncher.exe [2009-10-25 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MioNet"=2

C:\Documents and Settings\All Users\Start-meny\Program\Autostart
Adobe Gamma Loader.lnk - C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
NETGEAR WN111v2 Smart Wizard.lnk - C:\Program\NETGEAR\WN111v2\WN111V2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-08-27 190976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\uTorrent\uTorrent.exe"="C:\Program\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program\Xfire\Xfire.exe"="C:\Program\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\spel\Call of Duty 2\CoD2MP_s.exe"="C:\spel\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program\MioNet\jvm\bin\MioNet.exe"="C:\Program\MioNet\jvm\bin\MioNet.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program\MioNet\MioNetManager.exe"="C:\Program\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program\Voddler\service\voddler.exe"="C:\Program\Voddler\service\voddler.exe:*:Enabled:Voddler"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program\Windows Live\Messenger\msnmsgr.exe"="C:\Program\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.txt - open - "C:\Program\JGsoft\EditPadPro6\EditPadPro.exe" "%1"

======List of files/folders created in the last 1 months======

2009-11-01 17:50:32 ----D---- C:\WINDOWS\BDOSCAN8
2009-11-01 17:50:29 ----D---- C:\WINDOWS\LastGood
2009-11-01 13:35:52 ----D---- C:\Program\trend micro
2009-11-01 13:35:51 ----D---- C:\rsit
2009-11-01 10:15:56 ----D---- C:\WINDOWS\temp
2009-11-01 10:08:52 ----D---- C:\schrauber
2009-11-01 10:06:13 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-01 10:06:12 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-31 20:44:23 ----A---- C:\WINDOWS\MBR.exe
2009-10-28 11:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Voddler
2009-10-28 11:13:59 ----D---- C:\Program\Voddler
2009-10-27 23:01:07 ----D---- C:\Program\Microsoft
2009-10-27 23:00:49 ----D---- C:\Program\Windows Live SkyDrive
2009-10-27 23:00:37 ----D---- C:\Program\Windows Live
2009-10-27 22:58:35 ----D---- C:\Program\Delade filer\Windows Live
2009-10-27 20:55:22 ----D---- C:\Program\Microsoft Works
2009-10-27 20:55:00 ----D---- C:\Program\Microsoft Visual Studio
2009-10-27 20:54:59 ----D---- C:\Program\Delade filer\DESIGNER
2009-10-27 20:54:32 ----D---- C:\Program\Delade filer\ODBC
2009-10-27 20:49:54 ----D---- C:\WINDOWS\SHELLNEW
2009-10-27 20:49:30 ----D---- C:\Program\Microsoft Office
2009-10-27 20:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-27 20:48:57 ----RD---- C:\MSOCache
2009-10-26 09:27:09 ----D---- C:\WINDOWS\pss
2009-10-26 09:26:21 ----D---- C:\Documents and Settings\Administratör\Application Data\Foxit Software
2009-10-25 11:52:30 ----D---- C:\Program Files
2009-10-25 11:51:46 ----D---- C:\Documents and Settings\Administratör\Application Data\MioNet
2009-10-25 11:51:26 ----D---- C:\Program\MioNet
2009-10-25 11:50:06 ----D---- C:\Documents and Settings\Administratör\Application Data\Download Manager
2009-10-25 11:33:15 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2009-10-25 11:26:21 ----D---- C:\Program\NETGEAR
2009-10-25 11:26:11 ----D---- C:\Documents and Settings\All Users\Application Data\NETGEAR
2009-10-25 11:25:34 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-24 22:38:26 ----A---- C:\WINDOWS\system32\unrar.dll
2009-10-24 22:38:25 ----A---- C:\WINDOWS\avisplitter.ini
2009-10-24 22:38:08 ----D---- C:\Program\K-Lite Codec Pack
2009-10-24 22:33:58 ----D---- C:\DECCHECK
2009-10-24 22:30:29 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-10-24 22:24:59 ----D---- C:\Documents and Settings\Administratör\Application Data\Media Player Classic
2009-10-23 10:24:39 ----D---- C:\Program\Foxit Software
2009-10-23 10:24:39 ----D---- C:\Documents and Settings\Administratör\Application Data\Foxit
2009-10-23 10:19:03 ----D---- C:\WINDOWS\Sun
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\java.exe
2009-10-23 10:18:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-23 10:18:04 ----D---- C:\Program\Java
2009-10-23 10:17:18 ----D---- C:\Documents and Settings\Administratör\Application Data\Sun
2009-10-23 08:53:47 ----D---- C:\Documents and Settings\Administratör\Application Data\JGsoft
2009-10-23 07:21:00 ----A---- C:\Boot.bak
2009-10-23 07:20:55 ----RASHD---- C:\cmdcons
2009-10-23 07:18:09 ----A---- C:\WINDOWS\zip.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWSC.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\SWREG.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\sed.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\PEV.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-23 07:18:09 ----A---- C:\WINDOWS\grep.exe
2009-10-23 07:18:04 ----D---- C:\WINDOWS\ERDNT
2009-10-23 07:16:36 ----D---- C:\Qoobox
2009-10-23 07:14:15 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-22 23:31:22 ----D---- C:\Program\ESET
2009-10-22 23:31:22 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-10-22 22:43:43 ----D---- C:\Documents and Settings\Administratör\Application Data\Malwarebytes
2009-10-22 22:37:58 ----D---- C:\Program\Malwarebytes' Anti-Malware
2009-10-22 22:37:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-21 18:55:36 ----A---- C:\WINDOWS\IsUn041d.exe
2009-10-20 11:57:57 ----A---- C:\WINDOWS\ALCFDRTM.EXE
2009-10-20 11:57:56 ----D---- C:\WINDOWS\system32\Lang
2009-10-20 11:51:25 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2009-10-20 11:51:25 ----A---- C:\WINDOWS\system32\Audio3D.dll
2009-10-20 11:51:25 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-10-20 11:51:24 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2009-10-20 11:51:24 ----A---- C:\WINDOWS\alcupd.exe
2009-10-20 11:51:24 ----A---- C:\WINDOWS\alcrmv.exe
2009-10-20 11:26:22 ----D---- C:\Documents and Settings\Administratör\Application Data\dvdcss
2009-10-20 11:25:09 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-10-20 11:24:59 ----D---- C:\Program\DAEMON Tools Toolbar
2009-10-20 11:24:53 ----D---- C:\Program\DAEMON Tools Lite
2009-10-20 11:21:00 ----D---- C:\Documents and Settings\Administratör\Application Data\DAEMON Tools Lite
2009-10-20 11:20:19 ----D---- C:\Documents and Settings\Administratör\Application Data\vlc
2009-10-20 11:19:23 ----D---- C:\Program\VideoLAN
2009-10-20 11:16:22 ----A---- C:\WINDOWS\sbwin.ini
2009-10-20 11:14:27 ----A---- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000008-10211102}.BAK
2009-10-20 10:35:49 ----A---- C:\WINDOWS\CTXFIRES.DLL
2009-10-20 10:22:16 ----D---- C:\Documents and Settings\Administratör\Application Data\AdobeUM
2009-10-20 10:21:19 ----D---- C:\Program\Delade filer\Adobe
2009-10-20 10:20:42 ----D---- C:\Program\Adobe
2009-10-20 00:39:25 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-20 00:39:17 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-20 00:39:17 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-20 00:20:49 ----D---- C:\Documents and Settings\Administratör\Application Data\Xfire
2009-10-20 00:20:45 ----D---- C:\Program\Xfire
2009-10-20 00:17:22 ----A---- C:\WINDOWS\system32\psisdecd.dll
2009-10-20 00:17:20 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2009-10-20 00:17:04 ----A---- C:\WINDOWS\game.ini
2009-10-20 00:12:24 ----D---- C:\spel
2009-10-20 00:10:35 ----SHD---- C:\WINDOWS\ftpcache
2009-10-19 23:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-19 23:50:21 ----A---- C:\WINDOWS\system32\wpa.bak
2009-10-19 23:47:18 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-19 23:38:09 ----D---- C:\Program\Net iD
2009-10-19 23:38:09 ----D---- C:\Documents and Settings\Administratör\Application Data\iid
2009-10-19 23:29:37 ----D---- C:\Program\Siber Systems
2009-10-19 23:26:58 ----D---- C:\Program\JGsoft
2009-10-19 23:26:58 ----A---- C:\WINDOWS\UnDeploy.exe
2009-10-19 23:23:15 ----D---- C:\Program\FlashFXP
2009-10-19 23:20:48 ----D---- C:\Program\WinRAR
2009-10-19 23:11:27 ----D---- C:\Documents and Settings\Administratör\Application Data\ImgBurn
2009-10-19 23:11:15 ----D---- C:\Program\ImgBurn
2009-10-19 23:09:37 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2009-10-19 23:09:12 ----A---- C:\WINDOWS\system32\pxafs.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\vxblock.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxwave.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxsfs.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxmas.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\pxdrv.dll
2009-10-19 23:09:10 ----A---- C:\WINDOWS\system32\px.dll
2009-10-19 23:09:08 ----D---- C:\Program\Winamp
2009-10-19 23:09:08 ----D---- C:\Documents and Settings\Administratör\Application Data\Winamp
2009-10-19 22:46:59 ----A---- C:\WINDOWS\ODBC.INI
2009-10-19 22:45:41 ----A---- C:\WINDOWS\CMISETUP.ini
2009-10-19 22:45:38 ----A---- C:\WINDOWS\IsUninst.exe
2009-10-19 22:44:41 ----D---- C:\WINDOWS\system32\Defaults
2009-10-19 22:43:41 ----D---- C:\Documents and Settings\Administratör\Application Data\Creative
2009-10-19 22:43:41 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-10-19 22:43:41 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-10-19 22:43:18 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-19 22:43:06 ----D---- C:\WINDOWS\system32\Data
2009-10-19 22:43:05 ----D---- C:\Program\Creative
2009-10-19 22:42:52 ----HD---- C:\Program\InstallShield Installation Information
2009-10-19 22:41:59 ----D---- C:\Program\Delade filer\InstallShield
2009-10-19 22:35:52 ----A---- C:\WINDOWS\system32\h323log.txt
2009-10-19 22:32:42 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-19 22:31:35 ----A---- C:\WINDOWS\imsins.BAK
2009-10-19 22:31:31 ----SHD---- C:\WINDOWS\Installer
2009-10-19 22:31:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-19 22:31:30 ----A---- C:\WINDOWS\ODBCINST.INI
2009-10-19 22:31:26 ----RD---- C:\Program
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer\SpeechEngines
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer\Microsoft Shared
2009-10-19 22:31:26 ----D---- C:\Program\Delade filer
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-10-19 22:31:22 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-10-19 22:31:20 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-10-19 22:31:18 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-10-19 22:31:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-10-19 22:31:15 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\irclass.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-10-19 22:31:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-10-19 22:31:10 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-10-19 22:31:08 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-10-19 22:31:08 ----A---- C:\WINDOWS\system32\CONFIG.TMP
2009-10-19 22:31:08 ----A---- C:\WINDOWS\system32\batt.dll
2009-10-19 22:31:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-10-19 22:31:06 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-19 22:30:57 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-10-19 22:30:54 ----RA---- C:\WINDOWS\SET8.tmp
2009-10-19 22:30:51 ----RA---- C:\WINDOWS\SET4.tmp
2009-10-19 22:30:50 ----RA---- C:\WINDOWS\SET3.tmp
2009-10-19 22:30:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-19 22:30:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-19 22:30:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-19 22:30:34 ----A---- C:\WINDOWS\system32\BrWia04b.dll
2009-10-19 22:30:34 ----A---- C:\WINDOWS\system32\BrUSi04b.dll
2009-10-19 22:30:19 ----A---- C:\WINDOWS\setuplog.txt
2009-10-19 22:30:15 ----D---- C:\Documents and Settings
2009-10-19 22:30:14 ----SHD---- C:\System Volume Information
2009-10-19 22:29:34 ----RASH---- C:\boot.ini
2009-10-19 22:24:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-19 22:24:25 ----RSD---- C:\WINDOWS\Fonts
2009-10-19 22:24:25 ----RD---- C:\WINDOWS\Web
2009-10-19 22:24:25 ----HD---- C:\WINDOWS\inf
2009-10-19 22:24:25 ----D---- C:\WINDOWS\WinSxS
2009-10-19 22:24:25 ----D---- C:\WINDOWS\twain_32
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\wins
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\wbem
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\usmt
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\sv-se
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\sv
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\spool
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ShellExt
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\Setup
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ras
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\oobe
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\npp
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\mui
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\IME
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\icsxml
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\ias
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\export
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\drivers
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\dhcp
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\config
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\3com_dmi
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\3076
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\2052
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1054
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1053
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1042
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1041
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1037
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1033
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1031
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1028
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32\1025
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system32
2009-10-19 22:24:25 ----D---- C:\WINDOWS\system
2009-10-19 22:24:25 ----D---- C:\WINDOWS\security
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Resources
2009-10-19 22:24:25 ----D---- C:\WINDOWS\repair
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Provisioning
2009-10-19 22:24:25 ----D---- C:\WINDOWS\PeerNet
2009-10-19 22:24:25 ----D---- C:\WINDOWS\pchealth
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Network Diagnostic
2009-10-19 22:24:25 ----D---- C:\WINDOWS\mui
2009-10-19 22:24:25 ----D---- C:\WINDOWS\msapps
2009-10-19 22:24:25 ----D---- C:\WINDOWS\msagent
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Media
2009-10-19 22:24:25 ----D---- C:\WINDOWS\L2Schemas
2009-10-19 22:24:25 ----D---- C:\WINDOWS\java
2009-10-19 22:24:25 ----D---- C:\WINDOWS\ime
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Help
2009-10-19 22:24:25 ----D---- C:\WINDOWS\ehome
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Driver Cache
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Debug
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Cursors
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Connection Wizard
2009-10-19 22:24:25 ----D---- C:\WINDOWS\Config
2009-10-19 22:24:25 ----D---- C:\WINDOWS\AppPatch
2009-10-19 22:24:25 ----D---- C:\WINDOWS\addins
2009-10-19 22:24:25 ----D---- C:\WINDOWS
2009-10-19 22:12:13 ----A---- C:\WINDOWS\brwmark.ini
2009-10-19 22:12:13 ----A---- C:\WINDOWS\BRPP2KA.INI
2009-10-19 22:12:13 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-10-19 22:12:13 ----A---- C:\WINDOWS\brpcfx.ini
2009-10-19 22:11:41 ----A---- C:\WINDOWS\system32\brinsstr.dll
2009-10-19 22:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-19 22:11:33 ----A---- C:\WINDOWS\brunin03.dll
2009-10-19 22:11:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-19 22:10:47 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-10-19 22:10:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-19 22:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-19 22:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-19 22:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-19 22:10:02 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-19 22:09:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-19 22:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-19 22:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-19 22:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-19 22:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-19 22:09:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-19 22:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-19 22:08:37 ----D---- C:\WINDOWS\ie8updates
2009-10-19 22:08:22 ----D---- C:\WINDOWS\WBEM
2009-10-19 22:07:32 ----HDC---- C:\WINDOWS\ie8
2009-10-19 22:07:32 ----D---- C:\WINDOWS\system32\en-US
2009-10-19 22:05:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-19 22:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-19 22:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-19 22:03:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-19 22:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-19 22:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-19 22:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-19 22:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-19 22:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-19 22:03:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-19 22:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-19 22:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-19 22:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-19 22:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-19 22:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-19 22:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-19 22:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-19 22:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-19 22:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-19 22:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-19 22:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-19 22:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-19 22:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-19 22:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-19 22:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-19 22:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-19 22:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-19 22:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-19 22:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-19 22:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-19 22:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-19 22:00:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-19 22:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-19 22:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-19 22:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-19 22:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-19 22:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-19 22:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-19 22:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-19 22:00:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-19 21:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-19 21:58:31 ----D---- C:\Documents and Settings\Administratör\Application Data\Opera
2009-10-19 21:58:22 ----D---- C:\Program\Opera
2009-10-19 21:38:40 ----D---- C:\Documents and Settings\Administratör\Application Data\Panda Security
2009-10-19 21:25:01 ----SHD---- C:\RECYCLER
2009-10-19 21:24:34 ----D---- C:\Program\uTorrent
2009-10-19 21:23:36 ----D---- C:\Documents and Settings\Administratör\Application Data\uTorrent
2009-10-19 21:21:48 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-19 21:03:44 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-10-19 21:02:52 ----D---- C:\Program\NVIDIA Corporation
2009-10-19 20:58:58 ----D---- C:\Program\SystemRequirementsLab
2009-10-19 20:57:41 ----D---- C:\Documents and Settings\Administratör\Application Data\Adobe
2009-10-19 20:57:00 ----D---- C:\Documents and Settings\Administratör\Application Data\Macromedia
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-10-19 20:55:36 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-10-19 20:54:56 ----D---- C:\Program\Panda Security
2009-10-19 20:54:56 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-10-19 20:54:45 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-19 20:54:45 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-10-19 20:54:44 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-10-19 20:54:43 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-19 20:54:43 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-19 20:50:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-19 20:48:57 ----D---- C:\Documents and Settings\Administratör\Application Data\Identities
2009-10-19 20:48:50 ----ASH---- C:\Documents and Settings\Administratör\Application Data\desktop.ini
2009-10-19 20:48:49 ----SD---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2009-10-19 20:48:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-19 20:48:05 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-19 20:48:05 ----D---- C:\WINDOWS\Prefetch
2009-10-19 20:48:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-19 20:44:20 ----D---- C:\WINDOWS\system32\xircom
2009-10-19 20:44:20 ----D---- C:\Program\xerox
2009-10-19 20:44:20 ----D---- C:\Program\microsoft frontpage
2009-10-19 20:43:59 ----A---- C:\WINDOWS\control.ini
2009-10-19 20:43:59 ----A---- C:\AUTOEXEC.BAT
2009-10-19 20:43:01 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-19 20:42:55 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-10-19 20:41:40 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-19 20:41:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-19 20:41:39 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-10-19 20:41:32 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-19 20:41:07 ----D---- C:\WINDOWS\system32\DirectX
2009-10-19 20:41:02 ----A---- C:\WINDOWS\system32\atrace.dll
2009-10-19 20:41:00 ----A---- C:\WINDOWS\system32\desktop.ini
2009-10-19 20:41:00 ----A---- C:\WINDOWS\desktop.ini
2009-10-19 20:40:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-10-19 20:40:52 ----A---- C:\WINDOWS\system32\acctres.dll
2009-10-19 20:40:51 ----D---- C:\Program\Delade filer\Services
2009-10-19 20:40:49 ----SD---- C:\WINDOWS\Tasks
2009-10-19 20:40:49 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-10-19 20:40:48 ----D---- C:\Program\Delade filer\MSSoap
2009-10-19 20:40:45 ----D---- C:\WINDOWS\srchasst
2009-10-19 20:40:44 ----D---- C:\WINDOWS\system32\Macromed
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-10-19 20:40:42 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-10-19 20:40:41 ----N---- C:\WINDOWS\system32\wuauclt.exe
2009-10-19 20:40:41 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wups.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-10-19 20:40:41 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-10-19 20:40:37 ----D---- C:\Program\Movie Maker
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-10-19 20:40:21 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-10-19 20:40:18 ----N---- C:\WINDOWS\system32\srsvc.dll
2009-10-19 20:40:18 ----D---- C:\WINDOWS\system32\Restore
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\srclient.dll
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-10-19 20:40:18 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\msconf.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-10-19 20:40:17 ----A---- C:\WINDOWS\system32\ils.dll
2009-10-19 20:40:14 ----D---- C:\Program\NetMeeting
2009-10-19 20:40:14 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-10-19 20:40:14 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-10-19 20:40:13 ----A---- C:\WINDOWS\system32\inetres.dll
2009-10-19 20:40:13 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-10-19 20:40:12 ----N---- C:\WINDOWS\system32\schedsvc.dll
2009-10-19 20:40:12 ----D---- C:\Program\Outlook Express
2009-10-19 20:40:12 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-10-19 20:40:12 ----A---- C:\WINDOWS\system32\mstask.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\isign32.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-10-19 20:40:11 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-10-19 20:40:06 ----D---- C:\Program\Delade filer\System
2009-10-19 20:40:03 ----D---- C:\Program\Internet Explorer
2009-10-19 20:39:21 ----A---- C:\WINDOWS\vbaddin.ini
2009-10-19 20:39:21 ----A---- C:\WINDOWS\vb.ini
2009-10-19 20:39:17 ----D---- C:\WINDOWS\Registration
2009-10-19 20:39:09 ----D---- C:\Program\Windows Media Player
2009-10-19 20:38:58 ----D---- C:\Program\MSN Gaming Zone
2009-10-19 20:38:58 ----A---- C:\WINDOWS\system32\write.exe
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\hticons.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avwav.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-10-19 20:38:49 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-10-19 20:38:48 ----A---- C:\WINDOWS\system32\winchat.exe
2009-10-19 20:38:42 ----A---- C:\WINDOWS\system32\getuname.dll
2009-10-19 20:38:42 ----A---- C:\WINDOWS\system32\charmap.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\winmine.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\sol.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-10-19 20:38:41 ----A---- C:\WINDOWS\system32\calc.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tskill.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\tscon.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\shadow.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\reset.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\regini.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-10-19 20:38:40 ----A---- C:\WINDOWS\system32\freecell.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\msg.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\logoff.exe
2009-10-19 20:38:39 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-10-19 20:38:34 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-10-19 20:38:33 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-10-19 20:38:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-10-19 20:38:32 ----D---- C:\Program\Windows NT
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-10-19 20:38:32 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-10-19 20:38:31 ----A---- C:\WINDOWS\system32\spider.exe
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-19 20:38:30 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-10-19 20:38:29 ----N---- C:\WINDOWS\system32\termsrv.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-10-19 20:38:29 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-10-19 20:38:28 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-10-19 20:38:28 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-10-19 20:38:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-10-19 20:38:26 ----D---- C:\WINDOWS\system32\Com
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\stclient.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\colbact.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-10-19 20:38:26 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comuid.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-10-19 20:38:25 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-10-19 20:38:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-10-19 20:38:19 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-10-15 01:01:24 ----A---- C:\WINDOWS\system32\xfcodec.dll

======List of files/folders modified in the last 1 months======

2009-11-01 10:18:32 ----A---- C:\WINDOWS\system.ini
2009-10-28 22:22:49 ----A---- C:\WINDOWS\win.ini
2009-10-22 22:29:07 ----N---- C:\WINDOWS\system32\svchost.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-29 96408]
R1 intelppm;Intel-processordrivrutin; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40320]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-29 116008]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-11 391424]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-01-09 601100]
R3 Arp1394;1394 ARP-klientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-18 11904]
R3 catchme;catchme; \??\C:\schrauber\catchme.sys []
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-06-23 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-06-23 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-06-23 528408]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-06-23 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-06-23 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-06-23 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-06-23 157208]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-06-23 92696]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-06-23 798744]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-06-23 189464]
R3 hidusb;Microsoft HID-klassdrivrutin; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-10-01 57440]
R3 mouhid;HID-drivrutin för mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-15 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-06-23 127512]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-15 30208]
R3 usbhub;USB2-aktiverat nav; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-15 59520]
R3 usbprint;Microsoft USB-skrivarklass; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Drivrutin för USB-masslagringsenheter; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-15 20608]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WN111v2.sys [2009-01-14 458752]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-14 57408]
S3 agdkjpzc;agdkjpzc; C:\WINDOWS\system32\drivers\agdkjpzc.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-06-23 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-06-23 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-06-23 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-06-23 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-06-23 566296]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-06-23 162840]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOKALA~1\Temp\mbr.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-12-06 285952]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2008-06-27 467028]
R2 ekrn;ESET Service; C:\Program\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-20 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-21 191304]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VoddlerNet;VoddlerNet; C:\Program\Voddler\service\voddler.exe [2009-10-27 1190096]
S3 ehttpsrv;ESET HTTP Server; C:\Program\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 20680]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program\NETGEAR\WN111v2\jswpsapi.exe [2008-02-27 360547]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program\Delade filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 MioNet;MioNet; C:\Program\MioNet\MioNetManager.exe [2008-06-10 139264]

-----------------EOF-----------------

Attached Files



#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 02 November 2009 - 01:54 PM

Hi,


Please close all browser windows and run RSIT again, post back with the logfile. Note: your browser must be closed when you run RSIT.

How is your system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:20 PM

Posted 07 November 2009 - 04:30 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users