Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have... something


  • This topic is locked This topic is locked
31 replies to this topic

#1 cccv

cccv

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 17 November 2009 - 04:57 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/271014/had-a-bunch-of-viruses-need-to-know-if-theyre-gone/ ~ OB

Not sure what I have exactly, but this was part of the response:

Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\sessionstore.js
Hooked by "" at address 0x82f9cf08
Status: Hooked by "PCTCore.sys" at address 0xf7b40d72


You still have serious issues


So here's the rootrepeal report...

ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/11/15 17:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5805000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8324000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mchInjDrv.sys
Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys
Address: 0xF83F4000 Size: 2560 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEBE21000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro****ail.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\11\11-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v11-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\h****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\12\12-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v12-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\the****il.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\13\13-{13452DD2-9A43-4D83-A08A-5EC9627E11AA}-v13-{13452DD2-9A43-4D83-A08A-5EC9627E11AA}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\the****il.com\SharingMetadata\hi****il.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\13\13-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v13-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\the****l.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\14\14-{13452DD2-9A43-4D83-A08A-5EC9627E11AA}-v14-{13452DD2-9A43-4D83-A08A-5EC9627E11AA}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\14\14-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v14-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\the****ail.com\SharingMetadata\his****l.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\15\15-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v15-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegr****il.com\SharingMetadata\his****il.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\16\16-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v16-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****mail.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\30\31-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v30-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegr****ail.com\SharingMetadata\his****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\32\32-{59~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\33\33-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v33-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\his****il.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\34\34-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v34-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\hi****mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\35\35-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v35-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v35-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****ail.com\SharingMetadata\hi****mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\36\36-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v36-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v36-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro****mail.com\SharingMetadata\hisai****il.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\37\37-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v37-{597DD5A4-510B-4135-847C-FAEDD12F8B28}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegr****ail.com\SharingMetadata\hi****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\40\40-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v40-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v40-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegr****il.com\SharingMetadata\his****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\41\41-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v41-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v41-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro****l.com\SharingMetadata\his****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\42\42-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v42-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v42-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\theg****mail.com\SharingMetadata\his****ail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\43\43-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v43-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v43-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegr****mail.com\SharingMetadata\hisa***mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\43\43-{59~2.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro***tmail.com\SharingMetadata\hisa***mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\44\44-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v44-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v44-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro***otmail.com\SharingMetadata\his***mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\45\45-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v45-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v45-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegrowingch***tmail.com\SharingMetadata\hisa***mail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\46\46-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v46-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v46-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Microsoft\Messenger\thegro***hotmail.com\SharingMetadata\his***tmail.com\DFSR\Staging\CS{C4387EAF-74BE-0E65-BD59-471DCD19E23D}\48\48-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v48-{1B76D6E9-F776-4CCD-8643-4F4213D4B998}-v48-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "" at address 0x835e1308

#: 041 Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf7b40d72

#: 047 Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7b219a6

#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7b21b98

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0x835e15d8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf7b41568

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7b41820

#: 119 Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf7b3fa80

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "" at address 0x835e1380

#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "" at address 0x835e1218

#: 192 Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf7b41c8a

#: 213 Function Name: NtSetContextThread
Status: Hooked by "" at address 0x835e1470

#: 226 Function Name: NtSetInformationKey
Status: Hooked by "" at address 0x835b01b8

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "" at address 0x835d5a60

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "" at address 0x835e14e8

#: 247 Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf7b41036

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "" at address 0x835d59e8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "" at address 0x835e13f8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7b21656

#: 258 Function Name: NtTerminateThread
Status: Hooked by "" at address 0x835e1560

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0x835e1290

Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x82ffbfa8 Size: 88

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x82ffbcb0 Size: 635

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x82ffbb68 Size: 963

Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x82ffb9f8 Size: 1331

Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x82ffb7a8 Size: 1923

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82ffb590 Size: 2459

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82ff6c10 Size: 1009

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x82ff69f8 Size: 1545

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x82ff6838 Size: 1993

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82ff66f0 Size: 2321

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82ff65e0 Size: 2593

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82ff6470 Size: 2961

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82ff63a8 Size: 3161

Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82ff6260 Size: 3489

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82ff5fa8 Size: 88

Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82ff4f58 Size: 168

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82ff4e80 Size: 384

Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82ff4d18 Size: 744

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x82ff4ba8 Size: 1112

Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x82fedc90 Size: 737

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82fedb10 Size: 266

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82fed410 Size: 2058

Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x83013180 Size: 1377

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x830125f8 Size: 166

Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x83012490 Size: 526

Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x83012320 Size: 894

Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x83012210 Size: 1166

Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x83010bf8 Size: 889

Shadow SSDT
-------------------
#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "" at address 0x82f9cf08

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "" at address 0x82c21420

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "" at address 0x82fc66e8

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "" at address 0x832944b0

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "" at address 0x82f9b618

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "" at address 0x82f750c8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "" at address 0x82fdc540

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "" at address 0x8340b0c8

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "" at address 0x82ea60c8

==EOF==




Here's the Win32 diagnostic...



Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!




Here's a log I was told to create with a command prompt....




Volume in drive C has no label.
Volume Serial Number is 587B-2287

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

02/06/2009 12:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$hf_mig$\KB975467\SP2QFE

02/06/2009 12:46 PM 408,064 netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 01:00 PM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 01:00 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 01:00 PM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ERDNT\cache

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ERDNT\cache

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ERDNT\cache

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 06:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 06:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 06:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
14 File(s) 3,393,024 bytes
0 Dir(s) 7,661,658,112 bytes free






And here's the DDS....



DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 15:27:10.70 on Tue 11/17/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.25 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.emachines.com/
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SunKistEM] "c:\program files\digital media reader\shwiconem.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [VTTimer] "VTTimer.exe"
mRun: [VTTrayp] "VTtrayp.exe"
mRun: [Recguard] "%WINDIR%\SMINST\RECGUARD.EXE"
mRun: [Reminder] "%WINDIR%\Creator\Remind_XP.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] "c:\progra~1\avg\avg9\avgtray.exe"
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-11-17 02:36:12 0 d-----w- c:\program files\Cobian Backup 9
2009-11-17 02:32:22 0 d-----w- c:\windows\system32\NtmsData
2009-11-15 17:42:53 244024 ----a-w- c:\windows\system32\MsFlxGrd.ocx
2009-11-15 17:42:24 126976 ----a-w- c:\windows\system32\ovsBooleanControls.ocx
2009-11-15 17:41:50 0 d-----w- c:\program files\GDS
2009-11-12 19:34:48 98816 ----a-w- c:\windows\sed.exe
2009-11-12 19:34:48 77312 ----a-w- c:\windows\MBR.exe
2009-11-12 19:34:48 260608 ----a-w- c:\windows\PEV.exe
2009-11-12 19:34:48 161792 ----a-w- c:\windows\SWREG.exe
2009-11-12 19:34:28 0 d-----w- C:\ComboFix
2009-11-12 17:37:19 0 d-----w- c:\docume~1\owner\applic~1\My Games
2009-11-07 21:01:53 0 d-----w- c:\program files\common files\DivX Shared
2009-11-07 21:01:52 0 d-----w- c:\program files\DivX
2009-11-01 19:44:12 0 d-sh--w- c:\documents and settings\owner\IECompatCache
2009-11-01 01:25:11 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-01 01:25:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-01 01:25:03 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-01 00:38:11 0 d-sha-r- C:\cmdcons
2009-10-31 21:00:43 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2009-10-31 21:00:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 21:00:31 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 21:00:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-31 21:00:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 20:47:05 0 d-----w- c:\windows\pss
2009-10-31 04:49:50 0 d-----w- c:\documents and settings\owner\DoctorWeb
2009-10-31 03:48:59 0 d-----w- C:\stdtsa
2009-10-31 01:44:38 52 ----a-w- c:\windows\system32\1C.tmp
2009-10-30 23:39:06 52 ----a-w- c:\windows\system32\1E.tmp
2009-10-30 23:33:02 52 ----a-w- c:\windows\system32\1A.tmp
2009-10-30 23:26:36 52 ----a-w- c:\windows\system32\1B.tmp
2009-10-30 23:25:42 0 ----a-w- c:\windows\SC.INS
2009-10-30 22:48:21 52 ----a-w- c:\windows\system32\16.tmp
2009-10-30 21:09:21 823 ----a-w- c:\windows\Shortcut to soundman.exe.lnk
2009-10-30 19:39:26 52 ----a-w- c:\windows\system32\12.tmp
2009-10-30 17:25:08 52 ----a-w- c:\windows\system32\13.tmp
2009-10-30 17:09:21 1563008 ----a-w- c:\windows\WRSetup.dll
2009-10-30 17:09:19 0 d-----w- c:\docume~1\owner\applic~1\Webroot
2009-10-30 17:09:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2009-10-30 16:29:37 52 ----a-w- c:\windows\system32\C.tmp
2009-10-30 09:44:46 0 d-----w- c:\docume~1\owner\applic~1\.bittorrent
2009-10-30 08:34:18 52 ----a-w- c:\windows\system32\86.tmp
2009-10-30 08:08:47 52 ----a-w- c:\windows\system32\73.tmp
2009-10-30 07:45:36 52 ----a-w- c:\windows\system32\19.tmp
2009-10-30 07:20:18 52 ----a-w- c:\windows\system32\7.tmp
2009-10-30 05:23:51 0 d-----w- c:\program files\MSSOAP
2009-10-30 05:20:29 164 ----a-w- c:\windows\install.dat
2009-10-29 20:15:35 0 ----a-w- c:\windows\Tbovewipezupew.bin
2009-10-29 20:15:34 120 ----a-w- c:\windows\Fqureh.dat
2009-10-29 15:30:13 52 ----a-w- c:\windows\system32\4.tmp
2009-10-29 03:51:11 0 d-----w- c:\program files\common files\HP
2009-10-29 03:47:43 0 d-----w- c:\program files\common files\Hewlett-Packard
2009-10-29 03:46:49 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-29 03:46:47 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-29 03:46:04 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-29 03:45:44 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-29 03:45:18 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-29 03:45:18 90112 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-29 03:45:18 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-29 03:45:18 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-29 03:45:18 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-29 03:45:17 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-29 03:41:31 0 d-----w- c:\program files\HP
2009-10-29 03:39:28 68965 ----a-w- c:\windows\hpoins05.dat
2009-10-29 03:39:28 19696 ------w- c:\windows\hpomdl05.dat
2009-10-29 01:50:08 0 d-----w- c:\docume~1\owner\applic~1\BSplayer Pro
2009-10-29 01:50:08 0 d-----w- c:\docume~1\owner\applic~1\BSplayer
2009-10-29 01:50:07 0 d-----w- c:\program files\Webteh
2009-10-29 01:31:25 1 ----a-w- c:\windows\system32\3.tmp
2009-10-29 01:31:24 52 ----a-w- c:\windows\system32\2.tmp
2009-10-29 01:26:04 0 d-----w- c:\program files\Media Player Classic
2009-10-29 01:04:18 56320 ------w- c:\windows\system32\eventlog.dll
2009-10-29 01:02:05 0 d-----w- c:\windows\system32\LogFiles
2009-10-29 00:57:47 31232 ----a-w- c:\windows\system32\verclsid.exe
2009-10-29 00:56:33 54156 ---ha-w- c:\windows\QTFont.qfn
2009-10-29 00:56:33 1409 ----a-w- c:\windows\QTFont.for
2009-10-29 00:33:55 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-29 00:33:33 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-29 00:33:33 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-10-29 00:33:33 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-29 00:33:03 0 d-----w- c:\program files\common files\PC Tools
2009-10-29 00:33:02 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-29 00:32:52 0 d-----w- c:\program files\Spyware Doctor
2009-10-29 00:32:52 0 d-----w- c:\docume~1\owner\applic~1\PC Tools
2009-10-29 00:32:52 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-10-29 00:15:54 45568 -c--a-w- c:\windows\system32\dllcache\drwtsn32.exe
2009-10-29 00:15:54 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2009-10-29 00:15:33 8192 -c--a-w- c:\windows\system32\dllcache\control.exe
2009-10-29 00:15:33 10752 ----a-w- c:\windows\system32\control.exe
2009-10-29 00:08:49 0 ----a-w- c:\documents and settings\owner\206.tmp
2009-10-29 00:08:04 0 d-----w- c:\docume~1\alluse~1\applic~1\efd1e44
2009-10-28 23:44:47 0 d-sh--w- c:\documents and settings\owner\PrivacIE
2009-10-26 18:25:20 0 d-----w- c:\windows\system32\scripting
2009-10-26 18:25:19 0 d-----w- c:\windows\system32\en
2009-10-26 18:25:19 0 d-----w- c:\windows\system32\bits
2009-10-26 18:21:14 0 d-----w- c:\windows\network diagnostic
2009-10-26 18:15:15 0 d-----w- c:\windows\EHome
2009-10-26 06:09:07 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-26 06:09:04 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-26 06:09:02 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-26 06:09:02 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-26 06:07:59 144384 ------w- c:\windows\system32\onex.dll
2009-10-26 06:06:47 36352 ----a-w- c:\windows\system32\mmcperf.exe
2009-10-26 06:06:46 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-10-26 06:06:45 397312 ------w- c:\windows\system32\mmcex.dll
2009-10-26 06:06:45 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-10-26 06:06:31 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-26 06:06:30 61440 ------w- c:\windows\system32\kmsvc.dll
2009-10-26 06:06:28 6144 ------w- c:\windows\system32\kbdpash.dll
2009-10-26 06:06:28 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-10-26 06:06:27 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-10-26 06:06:26 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-10-26 06:06:07 1261 ------w- c:\windows\system32\pid.inf
2009-10-26 06:04:53 15423 ----a-w- c:\windows\system32\drivers\ch7xxnt5.dll
2009-10-26 05:44:07 0 d-sh--w- c:\documents and settings\owner\IETldCache
2009-10-26 05:24:17 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-26 05:24:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-26 05:24:17 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 05:24:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-26 05:24:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 05:24:17 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-26 05:24:00 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 05:20:57 0 dc-h--w- c:\windows\ie8
2009-10-26 05:16:27 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-26 04:51:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-26 04:51:30 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 04:51:30 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-10-25 23:00:17 516 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
2009-10-25 21:02:29 0 d-----w- C:\$AVG
2009-10-25 21:02:13 12464 ------w- c:\windows\system32\avgrsstx.dll.install_backup
2009-10-25 21:01:20 0 d-----w- c:\program files\AVG
2009-10-25 21:01:20 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-25 20:44:34 4 ----a-w- c:\windows\msoffice.ini
2009-10-25 17:35:48 0 d-----w- c:\program files\BitTorrent
2009-10-25 17:33:56 0 d-----w- c:\docume~1\owner\applic~1\Azureus
2009-10-25 17:33:22 0 d-----w- c:\program files\Azureus
2009-10-25 09:24:53 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-25 09:24:52 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-25 09:19:04 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-25 09:14:13 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-25 09:12:52 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-25 09:11:32 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-25 09:08:46 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-25 09:06:50 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-25 09:06:49 218112 -c--a-w- c:\windows\system32\dllcache\wordpad.exe
2009-10-25 09:05:15 0 d-----w- c:\docume~1\owner\applic~1\MSNInstaller
2009-10-25 09:00:28 0 d-----w- c:\windows\system32\PreInstall
2009-10-25 08:50:18 32866 ----a-w- c:\windows\OLDFD.tmp
2009-10-25 08:49:16 823 ----a-w- c:\windows\Shortcut (2) to soundman.lnk
2009-10-25 08:49:12 823 ----a-w- c:\windows\Shortcut to soundman.lnk
2009-10-25 08:26:21 0 d-sh--w- c:\documents and settings\owner\UserData
2009-10-25 08:17:54 0 d-----w- c:\documents and settings\owner\Tracing
2009-10-25 08:10:31 0 d-----w- c:\program files\Microsoft
2009-10-25 08:06:44 0 d-----w- c:\program files\common files\Windows Live
2009-10-25 07:51:55 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-10-25 07:49:47 8192 ----a-w- c:\windows\REGLOCS.OLD
2009-10-25 07:43:58 0 ----a-w- c:\windows\system32\Gateway_T3104__CK859C0017854.MRK
2009-10-25 07:43:48 333 ----a-w- c:\windows\system32\$ncsp$.inf
2009-10-25 07:40:40 0 d-----w- c:\docume~1\owner\applic~1\AOL
2009-10-25 07:34:07 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-25 07:33:17 0 d--h--w- c:\windows\$hf_mig$
2009-10-25 07:32:15 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-10-25 07:31:55 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-25 07:29:57 0 d-----w- c:\program files\Realtek Sound Manager
2009-10-25 07:29:56 0 d-----w- c:\program files\AvRack
2009-10-25 07:29:55 164 ----a-w- c:\windows\avrack.ini
2009-10-25 07:28:50 0 d-----w- c:\program files\MSN Encarta Plus
2009-10-25 07:27:53 0 d-----w- c:\program files\Microsoft Money 2005
2009-10-25 07:27:09 173184 ----a-w- c:\windows\system32\ygpss.scr
2009-10-25 07:27:09 0 d-----w- c:\docume~1\owner\applic~1\You've Got Pictures Screensaver
2009-10-25 07:27:07 0 d-----w- c:\program files\common files\Nullsoft
2009-10-25 07:26:34 0 d-----w- c:\program files\common files\Real
2009-10-25 07:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-10-25 07:26:18 0 d-----w- c:\program files\Viewpoint
2009-10-25 07:26:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-10-25 07:26:14 0 d-----w- c:\program files\Pure Networks
2009-10-25 07:25:44 0 d-----w- c:\program files\common files\AolCoach
2009-10-25 07:25:06 1129 ---ha-w- C:\IPH.PH
2009-10-25 07:25:05 0 d-----w- c:\program files\common files\AOL
2009-10-25 07:24:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Napster
2009-10-25 07:24:29 0 d-----w- c:\program files\Napster
2009-10-25 07:23:56 0 d-----w- c:\program files\VIA
2009-10-25 07:23:42 24576 ----a-w- c:\windows\system32\Marker32.exe
2009-10-25 07:23:30 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2009-10-25 07:22:19 2238 ----a-w- c:\windows\system32\32-aol.ico
2009-10-25 07:22:19 1406 ----a-w- c:\windows\system32\16-aol.ico
2009-10-25 07:22:15 471300 ----a-w- c:\windows\wallpe.exe
2009-10-25 07:22:15 30056 ----a-w- c:\windows\system32\oemlogo.bmp
2009-10-25 07:19:56 376 ----a-w- c:\windows\ODBC.INI
2009-10-25 07:19:49 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-10-25 07:19:17 0 d-----w- c:\program files\Microsoft ActiveSync
2009-10-25 07:18:55 0 d-----w- c:\windows\SHELLNEW
2009-10-25 07:17:49 65280 ----a-w- c:\windows\system32\drivers\Rtlnic51.sys
2009-10-25 07:12:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2009-10-25 07:12:06 3126 ----a-w- c:\windows\emachines_32.bmp
2009-10-25 07:11:52 18000 ----a-w- c:\windows\BigFixClientOverride.dll
2009-10-25 07:11:51 0 d-----w- c:\program files\BigFix
2009-10-25 07:08:47 0 d-----w- c:\program files\Digital Media Reader
2009-10-25 07:05:35 27904 ----a-w- c:\windows\system32\drivers\VIAAGP1.SYS
2009-10-25 07:05:22 0 d-----w- c:\windows\system32\ReinstallBackups
2009-10-25 07:01:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-10-25 07:01:11 0 d-----w- c:\program files\common files\New Boundary
2009-10-25 06:58:15 0 d-----w- c:\windows\system32\URTTemp
2009-10-25 06:58:05 2 --sh--r- C:\USER
2009-10-25 06:57:08 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-25 06:56:56 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-10-25 06:56:15 0 d-----w- c:\program files\CONEXANT
2009-10-25 06:56:12 46464 ----a-w- c:\windows\system32\drivers\gagp30kx.sys
2009-10-25 06:55:51 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-10-25 06:55:40 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-10-25 06:55:39 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-10-25 06:49:55 0 d-----w- c:\windows\creator
2009-10-25 06:46:58 49209 ----a-w- c:\windows\system32\usrv80a.dll
2009-10-25 06:45:56 72192 ----a-w- c:\windows\system32\sprio800.dll
2009-10-25 06:44:59 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys
2009-10-25 06:42:47 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2009-10-25 06:40:53 64 ----a-w- C:\MOVE_RECOVERY
2009-10-25 06:40:02 0 d-----w- C:\My Backup -- 09-10-24 1140PM
2009-10-25 06:37:59 6784 -c--a-w- c:\windows\system32\dllcache\parvdm.sys
2009-10-25 06:35:49 86016 ----a-w- c:\windows\system32\dpvsetup.exe

==================== Find3M ====================

2009-11-01 06:44:28 138752 ----a-w- c:\windows\system32\sndvol32.exe
2009-10-31 08:04:26 286208 ----a-w- c:\windows\winhlp32.exe
2009-10-31 08:04:25 90112 ----a-w- c:\windows\unvise32qt.exe
2009-10-31 08:04:23 109568 ----a-w- c:\windows\UninstallFirefox.exe
2009-10-31 08:04:22 28160 ----a-w- c:\windows\twunk_32.exe
2009-10-31 08:04:22 17920 ----a-w- c:\windows\TASKMAN.EXE
2009-10-31 08:04:19 36864 ----a-w- c:\windows\slrundll.exe
2009-10-31 08:04:17 148992 ----a-w- c:\windows\regedit.exe
2009-10-31 08:04:16 69632 ----a-w- c:\windows\POWERCFG.EXE
2009-10-31 08:04:15 71680 ----a-w- c:\windows\notepad.exe
2009-10-31 08:03:51 309248 ----a-w- c:\windows\IsUninst.exe
2009-10-31 08:03:50 309248 ----a-w- c:\windows\IsUn0411.exe
2009-10-31 08:03:49 13312 ----a-w- c:\windows\hh.exe
2009-10-31 08:03:44 311296 ----a-w- c:\windows\alcupd.exe
2009-10-31 08:03:43 221184 ----a-w- c:\windows\Alcrmv.exe
2009-10-31 05:26:26 87552 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-31 05:26:21 1053696 ----a-w- c:\windows\explorer.exe
2009-10-31 05:22:47 230400 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-10-31 05:22:45 199168 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2009-10-31 05:22:45 15872 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2009-10-31 05:22:45 129024 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2009-10-31 05:22:44 118784 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-10-31 05:22:43 19456 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-10-31 05:22:42 38912 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-10-31 05:22:40 18944 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-10-31 05:17:42 34816 ----a-w- c:\windows\system32\wupdmgr.exe
2009-10-31 05:17:42 148992 ----a-w- c:\windows\system32\WudfHost.exe
2009-10-31 05:17:39 168448 ----a-w- c:\windows\system32\wuauclt1.exe
2009-10-31 05:17:38 16384 ----a-w- c:\windows\system32\wscntfy.exe
2009-10-31 05:17:38 159744 ----a-w- c:\windows\system32\wscript.exe
2009-10-31 05:17:37 8192 ----a-w- c:\windows\system32\write.exe
2009-10-31 05:17:37 13824 ----a-w- c:\windows\system32\wpnpinst.exe
2009-10-31 05:17:36 34816 ----a-w- c:\windows\system32\wpabaln.exe
2009-10-31 05:17:19 192512 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-10-31 05:17:15 8192 ----a-w- c:\windows\system32\winver.exe
2009-10-31 05:17:07 436224 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-10-31 05:17:03 67584 ----a-w- c:\windows\system32\wextract.exe
2009-10-31 05:15:59 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-10-31 05:14:56 73728 ----a-w- c:\windows\system32\odbcconf.exe
2009-10-31 05:13:53 54272 ----a-w- c:\windows\system32\migpwd.exe
2009-10-31 05:12:47 45056 ----a-w- c:\windows\system32\ftp.exe
2009-10-31 05:11:57 1302528 ----a-w- c:\windows\system32\dxdiag.exe
2009-10-31 05:10:53 139264 ----a-w- c:\windows\system32\cscript.exe
2009-10-31 05:09:51 64512 ----a-w- c:\windows\system32\alg.exe
2009-10-31 05:09:50 100864 ----a-w- c:\windows\system32\ahui.exe
2009-10-31 05:09:48 6656 ----a-w- c:\windows\system32\actmovie.exe
2009-10-31 05:09:46 186880 ----a-w- c:\windows\system32\accwiz.exe
2009-10-30 23:22:25 32768 ----a-w- c:\windows\system32\replace.exe
2009-10-25 07:26:39 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-09-25 05:56:32 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll

============= FINISH: 15:30:50.15 ===============


Thank you for reading.

Edited by Orange Blossom, 17 November 2009 - 05:17 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 25 November 2009 - 07:25 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 26 November 2009 - 11:21 AM

Thank you. Like I said I'm not sure what the extent is of the problems I have, I only know I had them and they're not all gone yet. I can tell you for sure that AVG keeps telling me I have a virut stuck to system32\replace.exe and it can't do anything about it. Other than that all I know is someone stole my credit card number off of my computer and I need to know that whatever allowed him or her to do it is cleaned up. Also, I think I still get redirects from google searches from time to time, although maybe it's just webroot being overprotective or something, I can't tell since I'm saved from going to the site. Anyway...

The OTL Report:

OTL logfile created on: 11/26/2009 9:48:52 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 184.79 Mb Available Physical Memory | 26.30% Memory free
1.68 Gb Paging File | 0.87 Gb Available in Paging File | 51.71% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.17 Gb Total Space | 6.43 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.07 Gb Free Space | 52.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALF
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/26 09:47:52 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/11/12 09:30:44 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 09:30:39 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/06 23:34:33 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/31 19:24:19 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/31 19:24:18 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/31 19:24:18 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/31 19:24:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/30 23:26:26 | 00,087,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2009/10/30 23:26:21 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/30 23:25:53 | 00,434,176 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/30 23:25:46 | 00,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/10/30 23:25:45 | 00,278,528 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2009/10/30 23:25:43 | 00,155,648 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe
PRC - [2009/10/30 23:25:43 | 00,053,248 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2009/10/30 23:16:59 | 00,167,936 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2009/10/30 23:16:59 | 00,073,728 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2009/10/30 23:13:09 | 00,090,112 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2009/10/30 11:10:58 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/10/25 01:05:17 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/09/30 18:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/07/26 15:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/22 21:44:50 | 01,181,064 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/07/22 21:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/05/13 14:40:08 | 06,345,840 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/04/21 17:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/04/21 17:26:50 | 00,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/01/07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe


========== Modules (SafeList) ==========

MOD - [2009/11/26 09:47:52 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/02/13 13:16:54 | 00,140,680 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/02/13 13:11:44 | 00,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/11/13 13:19:40 | 00,148,944 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (SCardSvr)
SRV - [2009/10/31 19:24:03 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/30 23:26:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2009/10/30 23:13:09 | 00,090,112 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2009/10/30 11:10:58 | 01,205,760 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2009/10/25 01:05:17 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/07/22 21:44:48 | 01,097,096 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/06/01 05:06:52 | 00,343,435 | R--- | M] () -- C:\Documents and Settings\All Users\Application Data\Webroot\ 6563812.exe -- (.1256457225SsTR)
SRV - [2009/04/21 17:26:52 | 04,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/01/07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/11/09 13:15:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/10/31 19:25:04 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/31 19:25:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/24 13:05:06 | 00,206,256 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/04/21 17:27:04 | 00,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/04/21 17:27:04 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/04/21 17:27:02 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2005/12/16 13:50:00 | 03,842,560 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/06 19:31:36 | 00,173,696 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx)
DRV - [2004/12/14 10:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2004/12/14 10:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2004/12/14 10:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/11/15 18:41:54 | 00,036,804 | ---- | M] (Alcor Micro Corp.) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/08/13 11:49:00 | 00,065,280 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2004/08/04 13:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 13:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 13:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 13:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 13:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 13:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 13:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 13:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 13:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 13:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 13:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 13:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 16:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 16:56:22 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 16:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 16:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2003/12/09 13:16:00 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/02 06:42:00 | 00,027,904 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/01/10 15:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 21:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 07:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\S-1-5-21-1150626451-20114053-460562092-1003\S-1-5-21-1150626451-20114053-460562092-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.4
FF - prefs.js..extensions.enabledItems: {77ACC793-F7F3-463B-B5F2-A70799838EB4}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.51

FF - HKLM\software\mozilla\Firefox\Extensions\\{77ACC793-F7F3-463B-B5F2-A70799838EB4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{77ACC793-F7F3-463B-B5F2-A70799838EB4} [2009/10/28 18:12:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/09 16:34:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 23:34:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 15:02:15 | 00,000,000 | ---D | M]

[2009/10/25 02:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/10/25 02:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/25 11:40:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions
[2009/10/25 03:56:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/10/25 03:18:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/10/25 03:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/08/26 11:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 23:34:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/06 23:34:29 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 23:34:31 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/08/07 12:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/11/06 23:34:42 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/01/28 01:57:22 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/01/28 01:56:18 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/09/10 21:43:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/10 21:43:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/10 21:43:47 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/10 21:43:47 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/10 21:43:47 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/10 21:43:48 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/10 21:43:48 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B31F54A0-560A-496A-9928-EB43789BA130} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B31F54A0-560A-496A-9928-EB43789BA130} - No CLSID value found.
O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] File not found
O4 - HKLM..\Run: [Reminder] File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1150626451-20114053-460562092-1003..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1150626451-20114053-460562092-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Security Packages - (|) - File not found
O30 - LSA: Security Packages - (----) - File not found
O30 - LSA: Security Packages - (|) - File not found
O30 - LSA: Security Packages - (m]) - File not found
O30 - LSA: Security Packages - ((microsoft) - File not found
O30 - LSA: Security Packages - (corpora) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/26 09:47:49 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/25 03:02:19 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/16 20:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/11/16 20:35:01 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Owner\Desktop\cbSetup.exe
[2009/11/16 20:32:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/11/15 16:26:49 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/15 11:42:53 | 00,244,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MsFlxGrd.ocx
[2009/11/15 11:42:24 | 00,126,976 | ---- | C] (Oceanview Software Limited) -- C:\WINDOWS\System32\ovsBooleanControls.ocx
[2009/11/15 11:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\GDS
[2009/11/14 17:41:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\z
[2009/11/12 13:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/12 13:34:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/12 13:34:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/12 13:34:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/12 13:34:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/12 13:34:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/12 11:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/11/11 17:35:23 | 21,906,744 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\64wlsq5x.exe
[2009/11/07 15:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/07 15:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/11/01 13:44:12 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2009/11/01 00:58:37 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/10/31 19:25:11 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/31 19:25:10 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/31 19:25:03 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/31 19:25:02 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/31 18:41:31 | 00,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\drivers\ultra.sys
[2009/10/31 18:41:31 | 00,036,736 | ---- | C] (Promise Technology, Inc.) -- C:\WINDOWS\System32\dllcache\ultra.sys
[2009/10/31 18:41:30 | 00,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_u3.sys
[2009/10/31 18:41:30 | 00,030,688 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_u3.sys
[2009/10/31 18:41:30 | 00,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\drivers\sym_hi.sys
[2009/10/31 18:41:30 | 00,028,384 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\sym_hi.sys
[2009/10/31 18:41:29 | 00,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\drivers\symc8xx.sys
[2009/10/31 18:41:29 | 00,032,640 | ---- | C] (LSI Logic) -- C:\WINDOWS\System32\dllcache\symc8xx.sys
[2009/10/31 18:41:29 | 00,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\drivers\symc810.sys
[2009/10/31 18:41:29 | 00,016,256 | ---- | C] (Symbios Logic Inc.) -- C:\WINDOWS\System32\dllcache\symc810.sys
[2009/10/31 18:41:28 | 00,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1280.sys
[2009/10/31 18:41:28 | 00,049,024 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1280.sys
[2009/10/31 18:41:28 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\sparrow.sys
[2009/10/31 18:41:28 | 00,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2009/10/31 18:41:27 | 00,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql12160.sys
[2009/10/31 18:41:27 | 00,045,312 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql12160.sys
[2009/10/31 18:41:27 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ql1240.sys
[2009/10/31 18:41:27 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql1240.sys
[2009/10/31 18:41:26 | 00,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\drivers\ql1080.sys
[2009/10/31 18:41:26 | 00,040,320 | ---- | C] (QLogic Corporation) -- C:\WINDOWS\System32\dllcache\ql1080.sys
[2009/10/31 18:41:26 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ql10wnt.sys
[2009/10/31 18:41:26 | 00,033,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ql10wnt.sys
[2009/10/31 18:41:25 | 00,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\perc2.sys
[2009/10/31 18:41:25 | 00,027,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2.sys
[2009/10/31 18:41:25 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\perc2hib.sys
[2009/10/31 18:41:25 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\perc2hib.sys
[2009/10/31 18:41:24 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\drivers\mraid35x.sys
[2009/10/31 18:41:24 | 00,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2009/10/31 18:41:24 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ini910u.sys
[2009/10/31 18:41:24 | 00,016,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ini910u.sys
[2009/10/31 18:41:23 | 00,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hpn.sys
[2009/10/31 18:41:23 | 00,025,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hpn.sys
[2009/10/31 18:41:23 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\i2omp.sys
[2009/10/31 18:41:23 | 00,018,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omp.sys
[2009/10/31 18:41:22 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dpti2o.sys
[2009/10/31 18:41:22 | 00,020,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpti2o.sys
[2009/10/31 18:41:22 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dac960nt.sys
[2009/10/31 18:41:22 | 00,014,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dac960nt.sys
[2009/10/31 18:41:21 | 00,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\drivers\dac2w2k.sys
[2009/10/31 18:41:21 | 00,179,584 | ---- | C] (Mylex Corporation) -- C:\WINDOWS\System32\dllcache\dac2w2k.sys
[2009/10/31 18:41:21 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cpqarray.sys
[2009/10/31 18:41:21 | 00,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cpqarray.sys
[2009/10/31 18:41:20 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cbidf2k.sys
[2009/10/31 18:41:20 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cbidf2k.sys
[2009/10/31 18:41:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cd20xrnt.sys
[2009/10/31 18:41:20 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cd20xrnt.sys
[2009/10/31 18:41:19 | 00,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\drivers\asc.sys
[2009/10/31 18:41:19 | 00,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2009/10/31 18:41:19 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\asc3350p.sys
[2009/10/31 18:41:19 | 00,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2009/10/31 18:41:19 | 00,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\drivers\asc3550.sys
[2009/10/31 18:41:19 | 00,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2009/10/31 18:41:18 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aic78xx.sys
[2009/10/31 18:41:18 | 00,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2009/10/31 18:41:18 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\amsint.sys
[2009/10/31 18:41:18 | 00,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2009/10/31 18:41:17 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aic78u2.sys
[2009/10/31 18:41:17 | 00,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2009/10/31 18:41:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aha154x.sys
[2009/10/31 18:41:17 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2009/10/31 18:41:16 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\adpu160m.sys
[2009/10/31 18:41:16 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2009/10/31 18:41:15 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ABP480N5.SYS
[2009/10/31 18:41:15 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2009/10/31 18:38:11 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/31 18:34:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/31 18:32:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/31 15:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/10/31 15:00:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/31 15:00:31 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/31 15:00:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/31 15:00:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/31 14:47:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/30 22:49:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2009/10/30 22:47:23 | 20,262,144 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2009/10/30 21:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sophos
[2009/10/30 21:48:59 | 00,000,000 | ---D | C] -- C:\stdtsa
[2009/10/30 11:09:21 | 01,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/10/30 11:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Webroot
[2009/10/30 11:09:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2009/10/30 10:56:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Webroot_Antivirus_with_Antispyware_6.1.0.128_2009_by_alzaabi
[2009/10/30 03:44:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Webroot Antivirus with Antispyware 6.1.0.128 2009
[2009/10/30 03:44:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.bittorrent
[2009/10/29 23:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2009/10/28 21:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2009/10/28 21:51:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2009/10/28 21:48:37 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2009/10/28 21:47:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2009/10/28 21:46:49 | 00,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2009/10/28 21:46:47 | 00,051,120 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2009/10/28 21:46:04 | 00,021,744 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2009/10/28 21:45:44 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/10/28 21:45:18 | 00,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2009/10/28 21:45:18 | 00,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2009/10/28 21:45:18 | 00,090,112 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2009/10/28 21:45:18 | 00,065,536 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2009/10/28 21:45:18 | 00,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2009/10/28 21:45:17 | 00,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2009/10/28 21:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/10/28 19:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BSplayer Pro
[2009/10/28 19:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BSplayer
[2009/10/28 19:50:07 | 00,000,000 | ---D | C] -- C:\Program Files\Webteh
[2009/10/28 19:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Media Player Classic
[2009/10/28 19:26:04 | 00,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2009/10/28 19:04:18 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[2009/10/28 19:02:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/28 19:02:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/28 18:57:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/10/28 18:33:55 | 00,159,600 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/10/28 18:33:33 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/28 18:33:33 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/28 18:33:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/10/28 18:33:02 | 00,064,392 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2009/10/28 18:32:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/10/28 18:32:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2009/10/28 18:32:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/10/28 18:32:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/28 18:15:54 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drwtsn32.exe
[2009/10/28 18:15:54 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drwtsn32.exe
[2009/10/28 18:15:33 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2009/10/28 18:15:33 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\control.exe
[2009/10/28 18:12:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{77ACC793-F7F3-463B-B5F2-A70799838EB4}
[2009/10/28 18:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\efd1e44
[2009/10/28 17:44:47 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/26 09:47:52 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/26 09:11:06 | 45,750,167 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/25 19:47:09 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Grade Book F09 ST.xls
[2009/11/25 19:37:35 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Grade Book F09 TH.xls
[2009/11/25 18:51:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/11/25 17:10:15 | 00,105,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/25 15:15:37 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/25 10:40:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/25 10:40:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/25 10:40:12 | 73,667,7888 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/25 03:21:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/25 03:04:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 09:17:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/19 11:19:57 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1500 series.job
[2009/11/18 17:58:23 | 00,008,192 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 15:48:19 | 00,002,735 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/11/17 15:15:48 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/16 20:35:26 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Owner\Desktop\cbSetup.exe
[2009/11/15 16:29:33 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/11/15 16:27:24 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/15 16:26:51 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 13:51:25 | 00,001,288 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/12 13:27:12 | 03,559,202 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/11/11 17:36:34 | 21,906,744 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\64wlsq5x.exe
[2009/11/11 07:28:44 | 00,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 03:47:13 | 00,001,288 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 13:15:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/08 22:59:40 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I am a geek.doc
[2009/11/07 19:24:36 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kitcom.wps
[2009/11/07 19:24:36 | 00,000,516 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/11/07 18:54:03 | 00,037,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/05 11:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 10:45:43 | 00,001,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2009/11/03 15:10:58 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 15:10:57 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 15:10:53 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/01 00:57:57 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/01 00:57:57 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/01 00:50:23 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/01 00:44:28 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/11/01 00:44:28 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/10/31 19:25:11 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/31 19:25:04 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/31 19:25:02 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/31 19:25:02 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/31 18:59:31 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/31 18:38:22 | 00,000,270 | RHS- | M] () -- C:\boot.ini
[2009/10/31 15:00:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/31 02:04:26 | 00,286,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winhlp32.exe
[2009/10/31 02:04:25 | 00,090,112 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2009/10/31 02:04:23 | 00,109,568 | ---- | M] () -- C:\WINDOWS\UninstallFirefox.exe
[2009/10/31 02:04:22 | 00,028,160 | ---- | M] (Twain Working Group) -- C:\WINDOWS\twunk_32.exe
[2009/10/31 02:04:22 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/10/31 02:04:19 | 00,036,864 | ---- | M] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/10/31 02:04:17 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\regedit.exe
[2009/10/31 02:04:16 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2009/10/31 02:04:15 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2009/10/31 02:03:51 | 00,309,248 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2009/10/31 02:03:50 | 00,309,248 | ---- | M] (InstallShield Software Corporation) -- C:\WINDOWS\IsUn0411.exe
[2009/10/31 02:03:49 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\hh.exe
[2009/10/31 02:03:44 | 00,311,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2009/10/31 02:03:43 | 00,221,184 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe
[2009/10/30 23:35:09 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\60 day trial - Office 2003.exe
[2009/10/30 23:26:26 | 00,087,552 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2009/10/30 23:26:21 | 01,053,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2009/10/30 23:20:57 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/10/30 23:20:56 | 00,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wscript.exe
[2009/10/30 23:20:56 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wupdmgr.exe
[2009/10/30 23:20:56 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/10/30 23:20:55 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/10/30 23:20:48 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/10/30 23:20:45 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/10/30 23:20:43 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vssadmin.exe
[2009/10/30 23:20:43 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/10/30 23:20:42 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\verifier.exe
[2009/10/30 23:20:40 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/10/30 23:20:39 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unregmp2.exe
[2009/10/30 23:20:39 | 00,028,160 | ---- | M] (Twain Working Group) -- C:\WINDOWS\System32\dllcache\twunk_32.exe
[2009/10/30 23:20:39 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/10/30 23:20:39 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/10/30 23:20:38 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2009/10/30 23:20:38 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tracert6.exe
[2009/10/30 23:20:38 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/10/30 23:20:38 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/10/30 23:20:38 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/10/30 23:20:32 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/10/30 23:20:32 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tftp.exe
[2009/10/30 23:20:31 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpsvcs.exe
[2009/10/30 23:20:31 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2009/10/30 23:20:29 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009/10/30 23:20:28 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/10/30 23:20:27 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/10/30 23:20:25 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sfc.exe
[2009/10/30 23:20:22 | 00,113,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/10/30 23:20:20 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/10/30 23:20:20 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/10/30 23:20:20 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/10/30 23:20:20 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\runas.exe
[2009/10/30 23:20:20 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/10/30 23:20:19 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsvp.exe
[2009/10/30 23:20:19 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmui.exe
[2009/10/30 23:20:19 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rsmsink.exe
[2009/10/30 23:20:18 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/10/30 23:20:18 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\route.exe
[2009/10/30 23:20:18 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/10/30 23:20:18 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\replace.exe
[2009/10/30 23:20:18 | 00,007,168 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\dllcache\regwiz.exe
[2009/10/30 23:20:17 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/10/30 23:20:17 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasdial.exe
[2009/10/30 23:20:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/10/30 23:20:14 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\osuninst.exe
[2009/10/30 23:20:14 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ping6.exe
[2009/10/30 23:20:14 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pathping.exe
[2009/10/30 23:20:14 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pentnt.exe
[2009/10/30 23:20:12 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntsd.exe
[2009/10/30 23:20:02 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nbtstat.exe
[2009/10/30 23:19:59 | 00,410,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2009/10/30 23:19:57 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/10/30 23:19:55 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/10/30 23:19:51 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrinfo.exe
[2009/10/30 23:19:50 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/10/30 23:19:50 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpnotify.exe
[2009/10/30 23:19:50 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/10/30 23:19:47 | 00,238,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migwiz_a.exe
[2009/10/30 23:19:46 | 00,995,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009/10/30 23:19:46 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migisol.exe
[2009/10/30 23:19:40 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logagent.exe
[2009/10/30 23:19:40 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/10/30 23:19:40 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpq.exe
[2009/10/30 23:19:39 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lnkstub.exe
[2009/10/30 23:19:39 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lodctr.exe
[2009/10/30 23:19:29 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/10/30 23:19:27 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsec6.exe
[2009/10/30 23:19:20 | 00,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/10/30 23:19:19 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/10/30 23:19:18 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/10/30 23:19:17 | 00,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/10/30 23:19:16 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/10/30 23:19:15 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/10/30 23:19:15 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/10/30 23:19:15 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fc.exe
[2009/10/30 23:19:15 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\find.exe
[2009/10/30 23:19:14 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/10/30 23:19:14 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\expand.exe
[2009/10/30 23:19:14 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\eventvwr.exe
[2009/10/30 23:19:10 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\diskperf.exe
[2009/10/30 23:19:02 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cscript.exe
[2009/10/30 23:19:02 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/10/30 23:19:00 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/10/30 23:18:59 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/10/30 23:18:59 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/10/30 23:18:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/10/30 23:18:59 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/10/30 23:18:58 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/10/30 23:18:57 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/10/30 23:18:57 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bootvrfy.exe
[2009/10/30 23:18:53 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\arp.exe
[2009/10/30 23:17:42 | 00,148,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WudfHost.exe
[2009/10/30 23:17:42 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wupdmgr.exe
[2009/10/30 23:17:39 | 00,168,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/10/30 23:17:38 | 00,159,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscript.exe
[2009/10/30 23:17:38 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
[2009/10/30 23:17:37 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpnpinst.exe
[2009/10/30 23:17:37 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/10/30 23:17:36 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpabaln.exe
[2009/10/30 23:17:19 | 00,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE
[2009/10/30 23:17:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winver.exe
[2009/10/30 23:17:11 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/10/30 23:17:07 | 00,436,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wiaacmgr.exe
[2009/10/30 23:17:03 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wextract.exe
[2009/10/30 23:16:59 | 00,167,936 | ---- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\System32\VTTrayp.exe
[2009/10/30 23:16:59 | 00,073,728 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\VTTimer.exe
[2009/10/30 23:16:49 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssvc.exe
[2009/10/30 23:16:49 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vssadmin.exe
[2009/10/30 23:16:48 | 00,053,248 | ---- | M] (XSS (eXtended Software Solutions)) -- C:\WINDOWS\System32\VGASwitch.exe
[2009/10/30 23:16:47 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verifier.exe
[2009/10/30 23:16:47 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/10/30 23:16:45 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\utilman.exe
[2009/10/30 23:16:42 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\userinit.exe
[2009/10/30 23:16:40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ups.exe
[2009/10/30 23:16:40 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\upnpcont.exe
[2009/10/30 23:16:36 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/10/30 23:16:36 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/10/30 23:16:36 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/10/30 23:16:35 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/10/30 23:16:35 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert6.exe
[2009/10/30 23:16:35 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/10/30 23:16:34 | 00,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tourstart.exe
[2009/10/30 23:16:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tracert.exe
[2009/10/30 23:16:33 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tftp.exe
[2009/10/30 23:16:32 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\telnet.exe
[2009/10/30 23:16:32 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tcpsvcs.exe
[2009/10/30 23:16:30 | 00,138,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
[2009/10/30 23:16:30 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskman.exe
[2009/10/30 23:16:27 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sysocmgr.exe
[2009/10/30 23:16:22 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stimon.exe
[2009/10/30 23:16:18 | 00,684,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2009/10/30 23:16:18 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2009/10/30 23:16:15 | 00,614,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2009/10/30 23:16:15 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2009/10/30 23:16:15 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2009/10/30 23:16:13 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2009/10/30 23:16:13 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2009/10/30 23:16:12 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2009/10/30 23:16:09 | 00,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2009/10/30 23:16:06 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2009/10/30 23:16:05 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spnpinst.exe
[2009/10/30 23:16:04 | 00,541,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/10/30 23:16:04 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2009/10/30 23:16:03 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/10/30 23:16:03 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sort.exe
[2009/10/30 23:16:02 | 00,134,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/10/30 23:16:00 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smlogsvc.exe
[2009/10/30 23:16:00 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\smbinst.exe
[2009/10/30 23:15:59 | 00,036,864 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/10/30 23:15:57 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sigverif.exe
[2009/10/30 23:15:57 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\skeys.exe
[2009/10/30 23:15:56 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shutdown.exe
[2009/10/30 23:15:55 | 00,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shrpubw.exe
[2009/10/30 23:15:55 | 00,047,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shmgrate.exe
[2009/10/30 23:15:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/10/30 23:15:52 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc.exe
[2009/10/30 23:15:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\setup.exe
[2009/10/30 23:15:50 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sethc.exe
[2009/10/30 23:15:49 | 00,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/10/30 23:15:46 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sdbinst.exe
[2009/10/30 23:15:45 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scrnsave.scr
[2009/10/30 23:15:43 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sc.exe
[2009/10/30 23:15:42 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\savedump.exe
[2009/10/30 23:15:41 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/10/30 23:15:41 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runonce.exe
[2009/10/30 23:15:40 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rundll32.exe
[2009/10/30 23:15:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\runas.exe
[2009/10/30 23:15:29 | 07,515,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.EXE
[2009/10/30 23:15:28 | 00,079,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rtcshare.exe
[2009/10/30 23:15:27 | 00,135,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsvp.exe
[2009/10/30 23:15:27 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmui.exe
[2009/10/30 23:15:26 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsmsink.exe
[2009/10/30 23:15:26 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsh.exe
[2009/10/30 23:15:24 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\route.exe
[2009/10/30 23:15:21 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rexec.exe
[2009/10/30 23:15:21 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/10/30 23:15:20 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regsvr32.exe
[2009/10/30 23:15:20 | 00,007,168 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\regwiz.exe
[2009/10/30 23:15:19 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/10/30 23:15:19 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reg.exe
[2009/10/30 23:15:19 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/10/30 23:15:19 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/10/30 23:15:18 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/10/30 23:15:18 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcimlby.exe
[2009/10/30 23:15:18 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rcp.exe
[2009/10/30 23:15:16 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasphone.exe
[2009/10/30 23:15:15 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasautou.exe
[2009/10/30 23:15:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rasdial.exe
[2009/10/30 23:15:12 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/10/30 23:15:08 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\progman.exe
[2009/10/30 23:15:08 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/30 23:15:08 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\proxycfg.exe
[2009/10/30 23:15:07 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\print.exe
[2009/10/30 23:15:06 | 00,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\powercfg.exe
[2009/10/30 23:15:05 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping6.exe
[2009/10/30 23:15:05 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ping.exe
[2009/10/30 23:15:04 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\perfmon.exe
[2009/10/30 23:15:03 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pathping.exe
[2009/10/30 23:15:03 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pentnt.exe
[2009/10/30 23:15:02 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\packager.exe
[2009/10/30 23:15:01 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osk.exe
[2009/10/30 23:15:01 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\osuninst.exe
[2009/10/30 23:14:56 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcconf.exe
[2009/10/30 23:14:56 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\odbcad32.exe
[2009/10/30 23:14:53 | 00,423,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
[2009/10/30 23:14:53 | 00,034,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntsd.exe
[2009/10/30 23:14:47 | 01,138,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntbackup.exe
[2009/10/30 23:14:46 | 00,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nslookup.exe
[2009/10/30 23:14:45 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\notepad.exe
[2009/10/30 23:14:43 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netstat.exe
[2009/10/30 23:14:42 | 00,334,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsetup.exe
[2009/10/30 23:14:42 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netsh.exe
[2009/10/30 23:14:40 | 00,127,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net1.exe
[2009/10/30 23:14:40 | 00,113,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netdde.exe
[2009/10/30 23:14:40 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\net.exe
[2009/10/30 23:14:40 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nddeapir.exe
[2009/10/30 23:14:38 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\narrator.exe
[2009/10/30 23:14:38 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\nbtstat.exe
[2009/10/30 23:14:37 | 00,179,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/10/30 23:14:27 | 00,680,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/10/30 23:14:26 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/10/30 23:14:19 | 00,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/10/30 23:14:16 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2009/10/30 23:14:14 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/10/30 23:14:13 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/10/30 23:14:09 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/10/30 23:14:04 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mpnotify.exe
[2009/10/30 23:14:04 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mrinfo.exe
[2009/10/30 23:14:03 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/10/30 23:14:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mobsync.exe
[2009/10/30 23:14:02 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/10/30 23:14:01 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/10/30 23:13:53 | 01,417,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mmc.exe
[2009/10/30 23:13:53 | 00,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\migpwd.exe
[2009/10/30 23:13:46 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\makecab.exe
[2009/10/30 23:13:46 | 00,024,576 | ---- | M] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2009/10/30 23:13:45 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\magnify.exe
[2009/10/30 23:13:43 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lpq.exe
[2009/10/30 23:13:42 | 00,517,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logonui.exe
[2009/10/30 23:13:42 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logon.scr
[2009/10/30 23:13:42 | 00,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logman.exe
[2009/10/30 23:13:42 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/10/30 23:13:41 | 00,103,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logagent.exe
[2009/10/30 23:13:41 | 00,077,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\locator.exe
[2009/10/30 23:13:41 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lodctr.exe
[2009/10/30 23:13:40 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lnkstub.exe
[2009/10/30 23:13:30 | 00,131,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 23:13:30 | 00,053,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 23:13:30 | 00,053,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 23:13:27 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxroute.exe
[2009/10/30 23:13:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipv6.exe
[2009/10/30 23:13:24 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsec6.exe
[2009/10/30 23:13:22 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipconfig.exe
[2009/10/30 23:13:19 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi.exe
[2009/10/30 23:13:18 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iexpress.exe
[2009/10/30 23:13:18 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/10/30 23:13:14 | 00,175,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/10/30 23:13:09 | 00,090,112 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2009/10/30 23:13:09 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2009/10/30 23:13:07 | 00,520,192 | ---- | M] () -- C:\WINDOWS\System32\HotlineClient.exe
[2009/10/30 23:13:05 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\help.exe
[2009/10/30 23:13:03 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2009/10/30 23:12:47 | 00,045,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ftp.exe
[2009/10/30 23:12:43 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fsquirt.exe
[2009/10/30 23:12:41 | 00,057,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/10/30 23:12:39 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\forcedos.exe
[2009/10/30 23:12:38 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontview.exe
[2009/10/30 23:12:27 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/10/30 23:12:26 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fixmapi.exe
[2009/10/30 23:12:25 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\finger.exe
[2009/10/30 23:12:24 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\findstr.exe
[2009/10/30 23:12:23 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\find.exe
[2009/10/30 23:12:21 | 00,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fc.exe
[2009/10/30 23:12:20 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2009/10/30 23:12:18 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extrac32.exe
[2009/10/30 23:12:16 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\expand.exe
[2009/10/30 23:12:14 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventvwr.exe
[2009/10/30 23:12:12 | 00,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eudcedit.exe
[2009/10/30 23:11:57 | 01,302,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdiag.exe
[2009/10/30 23:11:56 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dwwin.exe
[2009/10/30 23:11:56 | 00,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2009/10/30 23:11:56 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dvdupgrd.exe
[2009/10/30 23:11:55 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dumprep.exe
[2009/10/30 23:11:49 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpvsetup.exe
[2009/10/30 23:11:47 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dpnsvr.exe
[2009/10/30 23:11:41 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dplaysvr.exe
[2009/10/30 23:11:36 | 00,018,432 | ---- | M] (Microsoft Corp.) -- C:\WINDOWS\System32\dmremote.exe
[2009/10/30 23:11:34 | 00,227,328 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\System32\dmadmin.exe
[2009/10/30 23:11:33 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskperf.exe
[2009/10/30 23:11:33 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllhost.exe
[2009/10/30 23:11:32 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diskpart.exe
[2009/10/30 23:11:31 | 00,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\diantz.exe
[2009/10/30 23:11:29 | 00,108,032 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgntfs.exe
[2009/10/30 23:11:29 | 00,085,504 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\dfrgfat.exe
[2009/10/30 23:11:27 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ddeshare.exe
[2009/10/30 23:11:27 | 00,027,648 | ---- | M] (Microsoft Corp. and Executive Software International, Inc.) -- C:\WINDOWS\System32\defrag.exe
[2009/10/30 23:11:26 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/10/30 23:10:53 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscript.exe
[2009/10/30 23:10:50 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
[2009/10/30 23:10:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\convert.exe
[2009/10/30 23:10:50 | 00,010,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\control.exe
[2009/10/30 23:10:46 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\compact.exe
[2009/10/30 23:10:45 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comp.exe
[2009/10/30 23:10:41 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmstp.exe
[2009/10/30 23:10:40 | 00,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmmon32.exe
[2009/10/30 23:10:40 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmdl32.exe
[2009/10/30 23:10:38 | 00,391,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
[2009/10/30 23:10:37 | 00,105,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/10/30 23:10:37 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\clipsrv.exe
[2009/10/30 23:10:37 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.exe
[2009/10/30 23:10:34 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cleanmgr.exe
[2009/10/30 23:10:33 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cisvc.exe
[2009/10/30 23:10:24 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/10/30 23:10:23 | 00,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cacls.exe
[2009/10/30 23:10:21 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootvrfy.exe
[2009/10/30 23:10:20 | 00,074,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\blastcln.exe
[2009/10/30 23:10:20 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\bootok.exe
[2009/10/30 23:10:12 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\auditusr.exe
[2009/10/30 23:10:11 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\attrib.exe
[2009/10/30 23:10:10 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\atmadm.exe
[2009/10/30 23:10:01 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\at.exe
[2009/10/30 23:10:00 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\arp.exe
[2009/10/30 23:09:51 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\alg.exe
[2009/10/30 23:09:50 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ahui.exe
[2009/10/30 23:09:48 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actmovie.exe
[2009/10/30 23:09:46 | 00,186,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/10/30 22:48:17 | 20,262,144 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\cureit.exe
[2009/10/30 20:47:18 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\58FA3000
[2009/10/30 17:25:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\SC.INS
[2009/10/30 17:22:25 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\replace.exe
[2009/10/30 15:09:21 | 00,000,823 | ---- | M] () -- C:\WINDOWS\Shortcut to soundman.exe.lnk
[2009/10/30 13:39:08 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Fqureh.dat
[2009/10/30 11:10:48 | 00,001,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spy Sweeper.lnk
[2009/10/30 00:03:41 | 00,000,164 | ---- | M] () -- C:\WINDOWS\install.dat
[2009/10/29 23:01:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Tbovewipezupew.bin
[2009/10/28 21:53:57 | 00,068,965 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2009/10/28 21:52:12 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2009/10/28 21:49:23 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/28 21:05:57 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\qqq.wps
[2009/10/28 21:05:39 | 00,017,946 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled0001.mdi
[2009/10/28 21:05:29 | 00,016,094 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled.mdi
[2009/10/28 18:56:33 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/28 17:56:13 | 80,328,446 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Movie.wmv
[2009/10/28 09:07:15 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2009/10/28 05:13:20 | 04,836,516 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/19 11:19:57 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\WebReg psc 1500 series.job
[2009/11/17 15:48:19 | 00,002,735 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/11/17 15:15:27 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/15 16:29:32 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/11/15 16:27:24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/12 13:34:48 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/12 13:34:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/12 13:34:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/12 13:34:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/12 13:34:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/08 22:33:42 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I am a geek.doc
[2009/10/31 21:21:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
[2009/10/31 18:38:21 | 00,000,201 | ---- | C] () -- C:\Boot.bak
[2009/10/31 18:38:14 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/31 18:25:50 | 03,559,202 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/10/31 15:00:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/30 17:25:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SC.INS
[2009/10/30 15:09:21 | 00,000,823 | ---- | C] () -- C:\WINDOWS\Shortcut to soundman.exe.lnk
[2009/10/30 11:10:48 | 00,001,669 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spy Sweeper.lnk
[2009/10/29 23:20:29 | 00,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/10/29 14:15:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tbovewipezupew.bin
[2009/10/29 14:15:34 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Fqureh.dat
[2009/10/28 21:52:12 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2009/10/28 21:49:23 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009/10/28 21:39:28 | 00,068,965 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2009/10/28 21:39:28 | 00,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009/10/28 21:05:57 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\qqq.wps
[2009/10/28 21:05:39 | 00,017,946 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled0001.mdi
[2009/10/28 21:05:28 | 00,016,094 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled.mdi
[2009/10/28 19:02:17 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/28 18:56:33 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/28 18:56:33 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/28 18:33:33 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/28 17:55:47 | 80,328,446 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Movie.wmv
[2009/10/25 17:00:17 | 00,000,516 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/10/25 14:44:34 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/25 03:55:14 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/10/25 02:08:45 | 00,008,192 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 02:06:26 | 00,037,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/25 01:56:49 | 00,000,071 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/10/25 01:29:55 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/25 01:29:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/10/25 01:19:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/25 00:45:39 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2009/10/25 00:38:44 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2009/10/25 00:38:33 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2009/10/25 00:38:33 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009/10/25 00:38:29 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2009/10/25 00:38:14 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2009/10/25 00:38:12 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2009/10/25 00:38:09 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2009/10/25 00:38:08 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2009/10/25 00:38:07 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2009/10/25 00:38:07 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2009/10/25 00:38:07 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2009/10/25 00:38:07 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2009/10/25 00:38:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2009/10/25 00:38:07 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2009/10/25 00:38:07 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2009/10/25 00:38:01 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2009/10/25 00:38:01 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2009/10/25 00:38:01 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2009/10/25 00:37:48 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2009/10/25 00:37:48 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2009/10/25 00:37:48 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2009/10/25 00:37:48 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2009/10/25 00:37:48 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2009/10/25 00:37:47 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2009/10/25 00:37:47 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2009/10/25 00:37:47 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2009/10/25 00:37:47 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2009/10/25 00:37:47 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2009/10/25 00:37:27 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2009/10/25 00:37:24 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2009/10/25 00:37:24 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2009/10/25 00:37:24 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2009/10/25 00:37:24 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009/10/25 00:37:24 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2009/10/25 00:37:13 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2009/10/25 00:36:31 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2009/10/25 00:36:31 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2009/10/25 00:36:28 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2009/10/25 00:36:21 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2009/10/25 00:36:13 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2009/10/25 00:36:12 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2009/10/25 00:36:11 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2009/10/25 00:35:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2009/10/25 00:35:40 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2009/10/25 00:35:32 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2009/10/25 00:35:13 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2009/10/25 00:35:12 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/10/31 03:48:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/09/20 23:02:58 | 00,000,089 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2006/09/04 18:29:03 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/21 20:36:47 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2006/06/21 18:56:14 | 00,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2006/05/11 16:48:56 | 00,000,465 | ---- | C] () -- C:\WINDOWS\asr.INI
[2006/05/11 16:45:03 | 00,000,128 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2005/11/19 18:03:51 | 00,000,485 | ---- | C] () -- C:\WINDOWS\MugE.ini
[2005/11/18 07:45:52 | 00,000,017 | ---- | C] () -- C:\WINDOWS\adm.ini
[2005/11/17 12:35:57 | 00,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2004/08/27 04:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 13:53:58 | 04,836,516 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2004/08/26 12:09:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2004/08/26 12:04:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/26 12:01:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/26 12:01:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/26 10:12:43 | 00,001,440 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 00,000,497 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 10:12:21 | 00,001,288 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 10:12:17 | 00,001,288 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/26 04:54:57 | 00,439,376 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/26 04:54:56 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 04:54:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >


And the extras...




OTL Extras logfile created on: 11/26/2009 9:48:52 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 184.79 Mb Available Physical Memory | 26.30% Memory free
1.68 Gb Paging File | 0.87 Gb Available in Paging File | 51.71% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.17 Gb Total Space | 6.43 Gb Free Space | 7.21% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.07 Gb Free Space | 52.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALF
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1150626451-20114053-460562092-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\BitTorrent\btdownloadgui.exe" = C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus.exe -- ()
"C:\Azureus\Azureus.exe" = C:\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E9CF2B-4063-4dab-A251-93FA46F7DECC}_is1" = Spy Sweeper
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B31F54A0-560A-496A-9928-EB43789BA130}" = Star
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG9Uninstall" = AVG Free 9.0
"Azureus" = Azureus
"BitTorrent" = BitTorrent 4.0.4
"BSPlayerf" = BS.Player FREE
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"CobBackup9" = Cobian Backup 9
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player Classic" = Media Player Classic
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Spyware Doctor" = Spyware Doctor 6.1
"TEW2005" = TEW2005
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/7/2009 5:04:15 PM | Computer Name = HALF | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/7/2009 5:04:21 PM | Computer Name = HALF | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

Error - 11/8/2009 2:47:59 AM | Computer Name = HALF | Source = ESENT | ID = 486
Description = wuauclt (3356) An attempt to move the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb00325.log"
to "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system
error 2 (0x00000002): "The system cannot find the file specified. ". The move
file operation will fail with error -1811 (0xfffff8ed).

Error - 11/8/2009 11:25:26 PM | Computer Name = HALF | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/8/2009 11:25:38 PM | Computer Name = HALF | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

Error - 11/17/2009 6:08:41 PM | Computer Name = HALF | Source = ESENT | ID = 486
Description = wlcomm (3432) An attempt to move the file "C:\Documents and Settings\Owner\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{18f6bec0-b230-4dc6-885d-e27c31c79eb6}\DBStore\Backup\temp\"
to "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows
Live Contacts\{18f6bec0-b230-4dc6-885d-e27c31c79eb6}\DBStore\Backup\new" failed
with system error 5 (0x00000005): "Access is denied. ". The move file operation
will fail with error -1032 (0xfffffbf8).

Error - 11/17/2009 6:08:41 PM | Computer Name = HALF | Source = ESENT | ID = 215
Description = wlcomm (3432) C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows Live Contacts\{18f6bec0-b230-4dc6-885d-e27c31c79eb6}\: The
backup has been stopped because it was halted by the client or the connection with
the client failed.

Error - 11/17/2009 6:08:41 PM | Computer Name = HALF | Source = ESENT | ID = 484
Description = wlcomm (3432) An attempt to remove the folder "C:\Documents and Settings\Owner\Local
Settings\Application Data\Microsoft\Windows Live Contacts\{18f6bec0-b230-4dc6-885d-e27c31c79eb6}\DBStore\Backup\temp\"
failed with system error 145 (0x00000091): "The directory is not empty. ". The
remove folder operation will fail with error -1022 (0xfffffc02).

Error - 11/23/2009 11:24:07 AM | Computer Name = HALF | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2009 11:24:14 AM | Computer Name = HALF | Source = Application Hang | ID = 1001
Description = Fault bucket 1545157916.

[ System Events ]
Error - 11/14/2009 2:41:04 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 1256457225SsTR service
to connect.

Error - 11/14/2009 2:41:04 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7000
Description = The 1256457225SsTR service failed to start due to the following error:
%%1053

Error - 11/15/2009 7:06:55 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 1256457225SsTR service
to connect.

Error - 11/15/2009 7:06:55 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7000
Description = The 1256457225SsTR service failed to start due to the following error:
%%1053

Error - 11/16/2009 8:28:28 AM | Computer Name = HALF | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 11/16/2009 5:28:40 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 1256457225SsTR service
to connect.

Error - 11/16/2009 5:28:40 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7000
Description = The 1256457225SsTR service failed to start due to the following error:
%%1053

Error - 11/25/2009 5:27:31 AM | Computer Name = HALF | Source = ssidrv | ID = 131098
Description = Failed to set monitor event rule.

Error - 11/25/2009 12:40:49 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the 1256457225SsTR service
to connect.

Error - 11/25/2009 12:40:49 PM | Computer Name = HALF | Source = Service Control Manager | ID = 7000
Description = The 1256457225SsTR service failed to start due to the following error:
%%1053


< End of report >

Thank you for reading.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 01 December 2009 - 10:09 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please check for the file C:\combofix.txt on your system. If it is present please post the content in your next reply.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove two of the following AVG and PC Tools and Spysweeper.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 01 December 2009 - 04:47 PM

Here's the combofix file you asked for, but it's probably about a month old by now. Some of these issues may be gone by now and new ones may have cropped up for all I know.

ComboFix 09-11-13.02 - Owner 11/12/2009 13:37.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.420 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe . . . is infected!!

c:\windows\system32\msdtc.exe . . . is infected!!

c:\windows\system32\sfc.exe . . . is infected!!

c:\windows\system32\wiaacmgr.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 17:37 . 2009-11-12 17:37 -------- d-----w- c:\documents and settings\Owner\Application Data\My Games
2009-11-12 15:31 . 2009-11-09 19:15 4026136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-11-12 15:31 . 2009-11-09 19:15 2016536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-11-12 15:31 . 2009-11-09 19:15 1257240 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-11-12 15:31 . 2009-11-01 01:24 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-11-12 15:31 . 2009-11-09 19:14 3963672 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-11-12 15:31 . 2009-11-01 01:24 496920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-11-09 19:15 . 2009-11-01 01:25 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-11-09 19:13 . 2009-11-01 01:24 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-09 19:13 . 2009-11-01 01:24 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-07 21:01 . 2009-11-07 21:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-07 21:01 . 2009-11-07 21:02 -------- d-----w- c:\program files\DivX
2009-11-01 19:44 . 2009-11-01 19:44 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-11-01 03:21 . 2009-11-12 17:51 0 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\prvlcl.dat
2009-11-01 01:25 . 2009-11-01 01:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-01 01:25 . 2009-11-09 19:15 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-01 01:25 . 2009-11-01 01:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-01 01:25 . 2009-11-01 01:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-31 21:00 . 2009-10-31 21:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-10-31 21:00 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-31 21:00 . 2009-10-31 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-31 21:00 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 21:00 . 2009-10-31 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 04:49 . 2009-10-31 05:18 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-10-31 03:54 . 2009-10-31 03:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sophos
2009-10-31 03:48 . 2009-10-31 03:49 -------- d-----w- C:\stdtsa
2009-10-30 17:09 . 2009-05-13 20:39 1563008 ----a-w- c:\windows\WRSetup.dll
2009-10-30 17:09 . 2009-10-30 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-10-30 17:09 . 2009-10-30 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Webroot
2009-10-30 15:53 . 2009-10-30 15:54 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing
2009-10-30 09:44 . 2009-10-30 09:44 -------- d-----w- c:\documents and settings\Owner\Application Data\.bittorrent
2009-10-30 05:23 . 2009-10-30 05:23 -------- d-----w- c:\program files\MSSOAP
2009-10-30 05:20 . 2009-10-30 06:03 164 ----a-w- c:\windows\install.dat
2009-10-29 20:15 . 2009-10-30 05:01 0 ----a-w- c:\windows\Tbovewipezupew.bin
2009-10-29 20:15 . 2009-10-30 19:39 120 ----a-w- c:\windows\Fqureh.dat
2009-10-29 17:52 . 2009-10-29 17:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM
2009-10-29 15:33 . 2009-10-29 15:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-29 03:53 . 2009-10-29 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-29 03:51 . 2009-10-29 03:51 -------- d-----w- c:\program files\Common Files\HP
2009-10-29 03:48 . 2009-10-29 03:49 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-29 03:47 . 2009-10-29 03:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-29 03:46 . 2004-12-14 16:07 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-29 03:46 . 2004-12-14 16:07 51120 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-29 03:46 . 2004-12-14 16:07 21744 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-29 03:45 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-29 03:45 . 2009-10-31 05:13 90112 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-29 03:45 . 2009-10-31 05:13 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-29 03:45 . 2004-09-29 17:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-29 03:45 . 2004-09-29 17:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-29 03:45 . 2004-09-29 17:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-29 03:45 . 2004-09-29 17:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-29 03:41 . 2009-10-29 03:49 -------- d-----w- c:\program files\HP
2009-10-29 03:39 . 2009-10-29 03:53 68965 ----a-w- c:\windows\hpoins05.dat
2009-10-29 03:39 . 2004-12-14 16:07 19696 ------w- c:\windows\hpomdl05.dat
2009-10-29 01:50 . 2008-12-11 18:26 60273 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\FFDShow\pthreadGC2.dll
2009-10-29 01:26 . 2009-10-29 01:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2009-10-29 01:26 . 2009-10-30 20:27 -------- d-----w- c:\program files\Media Player Classic
2009-10-29 01:04 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-10-29 01:02 . 2009-10-30 21:04 -------- d-----w- c:\windows\system32\LogFiles
2009-10-29 01:02 . 2009-10-30 21:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-29 00:57 . 2009-10-31 05:16 31232 ----a-w- c:\windows\system32\verclsid.exe
2009-10-29 00:33 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-29 00:33 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-29 00:33 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-29 00:33 . 2009-10-29 00:36 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-29 00:33 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-29 00:32 . 2009-11-05 00:10 -------- d-----w- c:\program files\Spyware Doctor
2009-10-29 00:32 . 2009-10-29 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2009-10-29 00:32 . 2009-10-29 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-29 00:32 . 2009-11-12 19:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-29 00:15 . 2004-08-04 19:00 45568 -c--a-w- c:\windows\system32\dllcache\drwtsn32.exe
2009-10-29 00:15 . 2004-08-04 19:00 45568 ----a-w- c:\windows\system32\drwtsn32.exe
2009-10-29 00:15 . 2009-10-31 05:10 10752 ----a-w- c:\windows\system32\control.exe
2009-10-29 00:15 . 2004-08-04 19:00 8192 -c--a-w- c:\windows\system32\dllcache\control.exe
2009-10-29 00:12 . 2009-10-29 00:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{77ACC793-F7F3-463B-B5F2-A70799838EB4}
2009-10-29 00:08 . 2009-10-29 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\efd1e44
2009-10-28 23:46 . 2009-10-28 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-28 23:44 . 2009-10-28 23:44 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-10-26 19:06 . 2009-10-26 19:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-26 18:25 . 2009-10-30 21:06 -------- d-----w- c:\windows\system32\scripting
2009-10-26 18:25 . 2009-10-26 18:25 -------- d-----w- c:\windows\system32\en
2009-10-26 18:25 . 2009-10-26 18:25 -------- d-----w- c:\windows\system32\bits
2009-10-26 18:15 . 2009-10-30 20:57 -------- d-----w- c:\windows\EHome
2009-10-26 06:09 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-10-26 06:09 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-10-26 06:09 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2009-10-26 06:09 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2009-10-26 06:07 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-10-26 06:07 . 2004-08-04 03:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2009-10-26 06:07 . 2009-10-31 05:14 179200 ----a-w- c:\windows\system32\napstat.exe
2009-10-26 06:07 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-10-26 06:07 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-10-26 06:07 . 2008-04-13 18:43 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2009-10-26 06:07 . 2008-04-14 00:12 1737856 ------w- c:\windows\system32\mtxparhd.dll
2009-10-26 06:07 . 2004-08-04 03:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2009-10-26 06:07 . 2004-08-04 03:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2009-10-26 06:07 . 2004-08-04 03:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2009-10-26 06:07 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-10-26 06:07 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-10-26 06:06 . 2009-10-31 05:14 36352 ----a-w- c:\windows\system32\mmcperf.exe
2009-10-26 06:06 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-10-26 06:06 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-10-26 06:06 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-10-26 06:06 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-10-26 06:06 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-10-26 06:06 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-10-26 06:06 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-10-26 06:06 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-10-26 06:06 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-10-26 06:04 . 2008-04-14 00:11 15423 ----a-w- c:\windows\system32\drivers\ch7xxnt5.dll
2009-10-26 05:44 . 2009-10-26 05:44 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-10-26 05:24 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 05:24 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-26 05:24 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-26 05:24 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-26 05:24 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 05:24 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-26 05:24 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 05:20 . 2009-10-30 20:56 -------- dc-h--w- c:\windows\ie8
2009-10-26 05:16 . 2009-10-30 20:27 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-10-26 04:51 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-26 04:51 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-25 23:00 . 2009-10-25 23:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Template
2009-10-25 22:49 . 2009-10-25 22:49 -------- d-----w- c:\windows\Sun
2009-10-25 21:02 . 2009-10-28 23:48 -------- d-----w- C:\$AVG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-08 01:24 . 2009-10-25 23:00 516 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-11-05 17:08 . 2007-07-04 06:15 -------- d-----w- c:\program files\Common Files\PC Camera
2009-11-01 06:57 . 2006-12-12 15:54 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-01 06:44 . 2003-03-31 12:00 138752 ----a-w- c:\windows\system32\sndvol32.exe
2009-10-31 09:21 . 2009-10-25 06:38 153088 ----a-w- c:\windows\pchealth\UploadLB\Binaries\uploadm.exe
2009-10-31 09:20 . 2009-10-25 06:37 172544 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-10-31 09:20 . 2009-10-25 06:36 20992 ----a-w- c:\windows\pchealth\helpctr\binaries\hscupd.exe
2009-10-31 09:20 . 2009-10-25 06:36 747008 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2009-10-31 09:20 . 2009-10-25 06:36 102400 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpHost.exe
2009-10-31 09:20 . 2009-10-25 06:36 771584 ----a-w- c:\windows\pchealth\helpctr\binaries\helpctr.exe
2009-10-31 08:04 . 2009-10-25 06:38 286208 ----a-w- c:\windows\winhlp32.exe
2009-10-31 08:04 . 2009-10-25 07:26 90112 ----a-w- c:\windows\unvise32qt.exe
2009-10-31 08:04 . 2005-11-06 21:23 109568 ----a-w- c:\windows\UninstallFirefox.exe
2009-10-31 08:04 . 2009-10-25 06:38 28160 ----a-w- c:\windows\twunk_32.exe
2009-10-31 08:04 . 2009-10-25 06:38 17920 ----a-w- c:\windows\TASKMAN.EXE
2009-10-31 08:04 . 2008-08-02 00:37 36864 ----a-w- c:\windows\slrundll.exe
2009-10-31 08:04 . 2009-10-25 06:38 148992 ----a-w- c:\windows\regedit.exe
2009-10-31 08:04 . 2009-10-25 07:30 69632 ----a-w- c:\windows\POWERCFG.EXE
2009-10-31 08:04 . 2009-10-25 06:37 71680 ----a-w- c:\windows\notepad.exe
2009-10-31 08:03 . 2004-08-27 09:54 309248 ----a-w- c:\windows\IsUninst.exe
2009-10-31 08:03 . 2006-11-17 05:45 309248 ----a-w- c:\windows\IsUn0411.exe
2009-10-31 08:03 . 2009-10-25 06:36 13312 ----a-w- c:\windows\hh.exe
2009-10-31 08:03 . 2009-10-25 07:29 311296 ----a-w- c:\windows\alcupd.exe
2009-10-31 08:03 . 2009-10-25 07:29 221184 ----a-w- c:\windows\Alcrmv.exe
2009-10-31 05:36 . 2009-10-29 01:51 143360 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\Haali media splitter\mkv2vfr.exe
2009-10-31 05:36 . 2009-10-29 01:51 338432 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\Haali media splitter\gdsmux.exe
2009-10-31 05:36 . 2009-10-29 01:51 113152 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\Haali media splitter\dsmux.exe
2009-10-31 05:36 . 2009-10-29 01:51 20480 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\AC3 Filter\dialog_patch.exe
2009-10-31 05:36 . 2009-10-29 01:51 24576 ----a-w- c:\documents and settings\Owner\Application Data\BSplayer\AC3 Filter\ac3config.exe
2009-10-31 05:26 . 2009-10-25 07:29 87552 ----a-w- c:\windows\SOUNDMAN.EXE
2009-10-31 05:26 . 2009-10-25 06:36 1053696 ----a-w- c:\windows\explorer.exe
2009-10-31 05:22 . 2009-10-25 06:38 230400 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2009-10-31 05:22 . 2009-10-25 06:38 199168 ----a-w- c:\windows\system32\wbem\wmiadap.exe
2009-10-31 05:22 . 2009-10-25 06:38 129024 ----a-w- c:\windows\system32\wbem\wmiapsrv.exe
2009-10-31 05:22 . 2009-10-25 06:38 15872 ----a-w- c:\windows\system32\wbem\winmgmt.exe
2009-10-31 05:22 . 2009-10-25 06:38 118784 ----a-w- c:\windows\system32\wbem\wbemtest.exe
2009-10-31 05:22 . 2009-10-25 06:38 19456 ----a-w- c:\windows\system32\wbem\unsecapp.exe
2009-10-31 05:22 . 2009-10-25 06:38 38912 ----a-w- c:\windows\system32\wbem\scrcons.exe
2009-10-31 05:22 . 2009-10-25 06:37 18944 ----a-w- c:\windows\system32\wbem\mofcomp.exe
2009-10-31 05:17 . 2009-10-25 06:38 34816 ----a-w- c:\windows\system32\wupdmgr.exe
2009-10-31 05:17 . 2006-09-28 23:56 148992 ----a-w- c:\windows\system32\WudfHost.exe
2009-10-31 05:17 . 2009-10-25 06:38 168448 ----a-w- c:\windows\system32\wuauclt1.exe
2009-10-31 05:17 . 2009-10-25 06:38 16384 ----a-w- c:\windows\system32\wscntfy.exe
2009-10-31 05:17 . 2009-10-25 06:38 159744 ----a-w- c:\windows\system32\wscript.exe
2009-10-31 05:17 . 2009-10-25 06:38 8192 ----a-w- c:\windows\system32\write.exe
2009-10-31 05:17 . 2009-10-25 06:38 13824 ----a-w- c:\windows\system32\wpnpinst.exe
2009-10-31 05:17 . 2009-10-25 06:38 34816 ----a-w- c:\windows\system32\wpabaln.exe
2009-10-31 05:17 . 2002-08-21 12:13 192512 ----a-w- c:\windows\system32\WISPTIS.EXE
2009-10-31 05:17 . 2009-10-25 06:38 8192 ----a-w- c:\windows\system32\winver.exe
2009-10-31 05:17 . 2009-10-25 06:38 436224 ----a-w- c:\windows\system32\wiaacmgr.exe
2009-10-31 05:17 . 2009-10-25 06:38 67584 ----a-w- c:\windows\system32\wextract.exe
2009-10-31 05:15 . 2009-10-26 06:08 36864 ----a-w- c:\windows\system32\slrundll.exe
2009-10-31 05:14 . 2009-10-25 06:37 73728 ----a-w- c:\windows\system32\odbcconf.exe
2009-10-31 05:13 . 2009-10-25 06:37 1417216 ----a-w- c:\windows\system32\mmc.exe
2009-10-31 05:12 . 2009-10-25 06:36 45056 ----a-w- c:\windows\system32\ftp.exe
2009-10-31 05:11 . 2009-10-25 06:36 1302528 ----a-w- c:\windows\system32\dxdiag.exe
2009-10-31 05:10 . 2009-10-25 06:35 139264 ----a-w- c:\windows\system32\cscript.exe
2009-10-31 05:09 . 2009-10-25 06:35 64512 ----a-w- c:\windows\system32\alg.exe
2009-10-31 05:09 . 2009-10-25 06:35 100864 ----a-w- c:\windows\system32\ahui.exe
2009-10-31 05:09 . 2009-10-25 06:35 6656 ----a-w- c:\windows\system32\actmovie.exe
2009-10-31 05:09 . 2009-10-25 06:35 186880 ----a-w- c:\windows\system32\accwiz.exe
2009-10-31 01:44 . 2009-10-31 01:44 52 ----a-w- c:\windows\system32\1C.tmp
2009-10-31 01:35 . 2008-05-17 07:21 -------- d-----w- c:\program files\Xvid
2009-10-30 23:39 . 2009-10-30 23:39 52 ----a-w- c:\windows\system32\1E.tmp
2009-10-30 23:33 . 2009-10-30 23:33 52 ----a-w- c:\windows\system32\1A.tmp
2009-10-30 23:26 . 2009-10-30 23:26 52 ----a-w- c:\windows\system32\1B.tmp
2009-10-30 23:22 . 2009-10-25 06:38 32768 ----a-w- c:\windows\system32\replace.exe
2009-10-30 22:48 . 2009-10-30 22:48 52 ----a-w- c:\windows\system32\16.tmp
2009-10-30 20:26 . 2009-10-25 07:29 -------- d-----w- c:\program files\AvRack
2009-10-30 19:39 . 2009-10-30 19:39 52 ----a-w- c:\windows\system32\12.tmp
2009-10-30 17:25 . 2009-10-30 17:25 52 ----a-w- c:\windows\system32\13.tmp
2009-10-30 17:03 . 2007-11-22 04:46 -------- d-----w- c:\program files\Webroot
2009-10-30 16:29 . 2009-10-30 16:29 52 ----a-w- c:\windows\system32\C.tmp
2009-10-30 08:34 . 2009-10-30 08:34 52 ----a-w- c:\windows\system32\86.tmp
2009-10-30 08:08 . 2009-10-30 08:08 52 ----a-w- c:\windows\system32\73.tmp
2009-10-30 07:45 . 2009-10-30 07:45 52 ----a-w- c:\windows\system32\19.tmp
2009-10-30 07:20 . 2009-10-30 07:20 52 ----a-w- c:\windows\system32\7.tmp
2009-10-29 20:29 . 2009-10-25 07:08 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-29 15:30 . 2009-10-29 15:30 52 ----a-w- c:\windows\system32\4.tmp
2009-10-29 01:57 . 2009-10-29 01:50 -------- d-----w- c:\documents and settings\Owner\Application Data\BSplayer
2009-10-29 01:50 . 2009-10-29 01:50 -------- d-----w- c:\documents and settings\Owner\Application Data\BSplayer Pro
2009-10-29 01:50 . 2009-10-29 01:50 -------- d-----w- c:\program files\Webteh
2009-10-29 01:31 . 2009-10-29 01:31 1 ----a-w- c:\windows\system32\3.tmp
2009-10-29 01:31 . 2009-10-29 01:31 52 ----a-w- c:\windows\system32\2.tmp
2009-10-29 00:08 . 2009-10-29 00:08 0 ----a-w- c:\documents and settings\Owner\206.tmp
2009-10-26 18:29 . 2004-08-26 18:03 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 05:43 . 2009-10-25 07:26 -------- d-----w- c:\program files\Pure Networks
2009-10-25 08:30 . 2009-10-25 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-25 08:26 . 2009-10-25 07:26 -------- d-----w- c:\program files\QuickTime
2009-10-25 07:29 . 2009-10-25 07:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-25 07:26 . 2009-10-25 07:26 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-10-25 07:26 . 2009-10-25 07:26 -------- d-----w- c:\program files\Common Files\Real
2009-10-25 07:26 . 2009-10-25 07:26 -------- d-----w- c:\program files\Real
2009-10-25 07:26 . 2009-10-25 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-25 07:26 . 2009-10-25 07:26 -------- d-----w- c:\program files\Viewpoint
2009-10-25 07:26 . 2009-10-25 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-10-25 07:08 . 2009-10-25 07:08 -------- d-----w- c:\program files\Digital Media Reader
2009-10-25 06:41 . 2004-08-26 18:04 -------- d-----w- c:\program files\microsoft frontpage
2009-09-25 05:56 . 2009-09-25 05:56 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2009-10-25 06:37 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-10-31 . 55173C92D10B3BBEA08BC4B9D4F08F52 . 28672 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2009-10-31 . D917BA14B4525D3451E09DAFA7FFD95F . 27136 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2009-10-31 . 36E9FFBBE3895466A82A7DCDD6745959 . 28672 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe

[-] 2009-10-31 . 33E5C066515E31E92D53D42612300AEA . 1035776 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
[-] 2009-10-31 . 778C0751185A634F6C461852383A3536 . 1035776 . . [6.00.2900.3156] . . c:\windows\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
[-] 2009-10-31 . 617A8DEBE13D105C2EA26FD42A26592A . 1036288 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2009-10-31 . 550EE80A45895380E3C1207B21128178 . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2009-10-31 . 8372317293F4FBD38E7E403D36C08F70 . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2009-10-31 . 47FAFED9D68E7E998D1E666EE419E07F . 1053696 . . [6.00.2900.5512] . . c:\windows\explorer.exe

[-] 2009-10-31 . 4C8D2657E0586026200025F30717DAB9 . 16384 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2009-10-31 . 4227836CADE71F691BC16B3E3E76F7B4 . 16384 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
[-] 2009-10-31 . 474738FFEB8E6F12365D63917BD493B8 . 16384 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe

[-] 2009-10-31 . BE3B893E9F5032D62977B82E64EE2E9E . 17920 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-10-31 . 55E331BB8B301801E81E246FBB4B11A6 . 17920 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

c:\windows\system32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2009-10-31 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2009-10-31 53248]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2009-10-31 217088]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2009-10-31 970752]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-10-31 434176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-10-31 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2009-10-31 73728]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2009-10-31 167936]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2009-10-31 87552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 32256]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 278528]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-01 01:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Azureus\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/28/2009 6:33 PM 206256]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 5:27 PM 29808]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/31/2009 7:25 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/31/2009 7:25 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 7:24 PM 285392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/28/2009 6:32 PM 348752]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [10/30/2009 11:11 AM 1205760]
S2 .1256457225SsTR;1256457225SsTR;c:\documents and settings\All Users\Application Data\Webroot\ 6563812.exe [6/1/2009 7:54 PM 343435]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - mchInjDrv
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\WebReg psc 1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-11-05 05:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.emachines.com/
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-12 13:51
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3540)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-12 13:55
ComboFix-quarantined-files.txt 2009-11-12 19:55
ComboFix2.txt 2009-11-01 01:08

Pre-Run: 8,087,085,056 bytes free
Post-Run: 8,335,368,192 bytes free

- - End Of File - - 5E8E8355641ECEEBDFEA639F543323D0



As for the antivirus programs, false alarms/lockups aren't problems I've ever had, and I've been running this way for years now. I'm not trying to argue with you and am grateful for the help, it's just that one program will catch things that another won't, so I just feel more secure with more than one program (not to mention I'm afraid to find out what will happen to everything in quarantine if I remove the program. Is it just released back into my computer or is it deleted? Either way I don't want it to happen). If you insist I'll take out PCTools, as I only got that one recently to try to help clean up my machine before coming here to ask if it looked like things were taken care of. I'm not sure how to choose between AVG and Spysweeper though, both are great and both catch things that the other doesn't. But my main objective here is to make sure it's safe to use my credit card on this computer again, so if that can be determined I'll be happy. Thank you for reading.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 02 December 2009 - 05:02 PM

Hi,

I would definitely advise against using your credit card on that PC right now.

I can't force you to choose one anti virus, however I highly advise it.

Would you please upload the following files to virustotal:
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\windows\explorer.exe
c:\windows\system32\wiaacmgr.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 02 December 2009 - 05:24 PM

Thank you. I wasn't sure if you wanted me to post the permalink or just C&P the results so I'll do both.

For explorer.exe:
http://virusscan.jotti.org/en/scanresult/2...9d43e28bc0378cc

2009-12-02 Found nothing
[G DATA]
2009-12-02 Found nothing
[A-Squared]
2009-12-02 Trojan.Win32.Patched!IK
[Ikarus]
2009-12-02 Trojan.Win32.Patched
[Avast! antivirus]
2009-12-02 Found nothing
[Kaspersky Anti-Virus]
2009-12-02 Found nothing
[Grisoft AVG Anti-Virus]
2009-12-02 Win32/Virut
[ESET NOD32]
2009-12-02 Found nothing
[Avira AntiVir]
2009-12-02 TR/Patched.Gen
[Norman Virus Control]
2009-12-02 Found nothing
[Softwin BitDefender]
2009-12-02 Found nothing
[Panda Antivirus]
2009-12-02 Found nothing
[ClamAV]
2009-12-02 Found nothing
[Quick Heal]
2009-12-02 Found nothing
[CPsecure]
2009-12-02 Found nothing
[Sophos]
2009-12-02 Found nothing
[Dr.Web]
2009-12-02 Found nothing
[VirusBlokAda VBA32]
2009-12-01 Found nothing
[Frisk F-Prot Antivirus]
2009-12-02 Found nothing
[VirusBuster]
2009-12-02 Found nothing

for wiaacmgr.exe
http://virusscan.jotti.org/en/scanresult/d...225ce159ea8ea79
[ArcaVir]
2009-12-02 Found nothing
[G DATA]
2009-12-02 Found nothing
[A-Squared]
2009-12-02 Trojan-Downloader.Win32.Banload!IK
[Ikarus]
2009-12-02 Trojan-Downloader.Win32.Banload
[Avast! antivirus]
2009-12-02 Found nothing
[Kaspersky Anti-Virus]
2009-12-02 Found nothing
[Grisoft AVG Anti-Virus]
2009-12-02 Found nothing
[ESET NOD32]
2009-12-02 Found nothing
[Avira AntiVir]
2009-12-02 TR/Patched.Gen2
[Norman Virus Control]
2009-12-02 Found nothing
[Softwin BitDefender]
2009-12-02 Found nothing
[Panda Antivirus]
2009-12-02 Found nothing
[ClamAV]
2009-12-02 Found nothing
[Quick Heal]
2009-12-02 Found nothing
[CPsecure]
2009-12-02 Found nothing
[Sophos]
2009-12-02 Found nothing
[Dr.Web]
2009-12-02 Found nothing
[VirusBlokAda VBA32]
2009-12-01 Found nothing
[Frisk F-Prot Antivirus]
2009-12-02 Found nothing
[VirusBuster]
2009-12-02 Found nothing
[F-Secure Anti-Virus]
2009-12-02 Found nothing

Pretty neat service. Thanks as always for reading.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 02 December 2009 - 06:54 PM

Hi,

do you recall what you did on the evening before halloween with your PC? Because something replaced most of your system files with non original copies.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2009 - 12:19 PM

Hi,

do you recall what you did on the evening before halloween with your PC? Because something replaced most of your system files with non original copies.


Oh, I know exactly what that was. I had to do a system restore on my computer for unrelated reasons. My files were all saved in a backup folder as part of that process, but there wasn't any easy way I knew of to reintegrate them into my comp. I moved what I could back into the folders they belonged in and selected yes to replace so I'd only have one copy of each file. It's still kind of a mess though-- I have 1.22 GB of space being wasted on files it wouldn't let me move or delete from the backup folder =/

The Kaspersky scan was interrupted after 16.5 hours, but it was 97-98% done and I'm gonna hope that was good enough.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 3, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 03, 2009 00:20:09
Records in database: 3324249
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 102104
Threats found: 4
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 16:37:00


File name / Threat / Threats count
C:\Documents and Settings\Owner\Desktop\Ins\daemon403-x86.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-396c70dc-7a536aa6.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-5c064bf7.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-10a3de12.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-4ac9e3e7.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-585f7d68.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Owner\Desktop\Ins\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\8nidqnj4.default\Cache\11098B64d01 Infected: Exploit.JS.Pdfka.aka 1
D:\i386\Apps\App03130\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

Selected area has been scanned.

Thank you for reading.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 03 December 2009 - 01:32 PM

Hi,

ok, that clears that up. :( I was suspecting the worst, if you did that yourself then it shold be fine. However by replacing those files you restored wrong versions of the system files, so you may run into trouble there.


You also have a couple of left overs from the infection present:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {B31F54A0-560A-496A-9928-EB43789BA130} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {B31F54A0-560A-496A-9928-EB43789BA130} - No CLSID value found.
    O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1150626451-20114053-460562092-1003\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
    [2009/10/28 18:08:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\efd1e44
    [2009/10/31 21:21:02 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat
    [2009/10/29 14:15:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Tbovewipezupew.bin
    [2009/10/29 14:15:34 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Fqureh.dat
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2009 - 02:50 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B31F54A0-560A-496A-9928-EB43789BA130} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B31F54A0-560A-496A-9928-EB43789BA130}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B31F54A0-560A-496A-9928-EB43789BA130} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B31F54A0-560A-496A-9928-EB43789BA130}\ not found.
Registry value HKEY_USERS\S-1-5-21-1150626451-20114053-460562092-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1150626451-20114053-460562092-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1150626451-20114053-460562092-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1150626451-20114053-460562092-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
C:\Documents and Settings\All Users\Application Data\efd1e44 folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\prvlcl.dat moved successfully.
C:\WINDOWS\Tbovewipezupew.bin moved successfully.
C:\WINDOWS\Fqureh.dat moved successfully.

OTL by OldTimer - Version 3.1.10.1 log created on 12032009_130549



And the follow-up scan....


OTL logfile created on: 12/3/2009 1:34:33 PM - Run 3
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

702.48 Mb Total Physical Memory | 229.15 Mb Available Physical Memory | 32.62% Memory free
1.68 Gb Paging File | 1.25 Gb Available in Paging File | 74.70% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 89.17 Gb Total Space | 4.65 Gb Free Space | 5.21% Space Free | Partition Type: NTFS
Drive D: | 3.98 Gb Total Space | 2.07 Gb Free Space | 52.00% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALF
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
PRC - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SCardSvr) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (.1256457225SsTR) -- C:\Documents and Settings\All Users\Application Data\Webroot\ 6563812.exe ()
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (viagfx) -- C:\WINDOWS\system32\drivers\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1
FF - prefs.js..extensions.enabledItems: {77ACC793-F7F3-463B-B5F2-A70799838EB4}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.52

FF - HKLM\software\mozilla\Firefox\Extensions\\{77ACC793-F7F3-463B-B5F2-A70799838EB4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{77ACC793-F7F3-463B-B5F2-A70799838EB4} [2009/10/28 18:12:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/11/09 16:34:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 23:34:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 15:02:15 | 00,000,000 | ---D | M]

[2009/10/25 02:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/10/25 02:36:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/03 13:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions
[2009/12/03 13:00:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/02 15:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/10/25 03:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\qzmovqk1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2008/08/26 11:16:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 23:34:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/06 23:34:29 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 23:34:31 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 15:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007/08/07 12:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/05/12 12:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/11/06 23:34:42 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2006/12/18 03:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2006/01/28 01:57:22 | 00,139,305 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/04/18 21:53:16 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/01/28 01:56:18 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/09/23 16:37:30 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/05/01 15:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/09/10 21:43:47 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/10 21:43:47 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/10 21:43:47 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/10 21:43:47 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/10 21:43:47 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/10 21:43:48 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/10 21:43:48 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Recguard] File not found
O4 - HKLM..\Run: [Reminder] File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (ecurity) - File not found
O30 - LSA: Security Packages - (Packages) - File not found
O30 - LSA: Security Packages - (settings...) - File not found
O30 - LSA: Security Packages - (ys) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/12/03 13:05:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/27 18:19:44 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/11/27 18:14:41 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools
[2009/11/26 09:47:49 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/16 20:36:12 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2009/11/16 20:35:01 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Owner\Desktop\cbSetup.exe
[2009/11/16 20:32:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/11/15 16:26:49 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/15 11:42:53 | 00,244,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MsFlxGrd.ocx
[2009/11/15 11:42:24 | 00,126,976 | ---- | C] (Oceanview Software Limited) -- C:\WINDOWS\System32\ovsBooleanControls.ocx
[2009/11/15 11:41:50 | 00,000,000 | ---D | C] -- C:\Program Files\GDS
[2009/11/12 13:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/12 13:34:48 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/12 13:34:48 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/12 13:34:48 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/12 13:34:48 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/12 13:34:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/11/12 11:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\My Games
[2009/11/11 17:35:23 | 21,906,744 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\64wlsq5x.exe
[2009/11/07 15:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/11/07 15:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/03 13:31:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/03 13:31:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/03 13:31:37 | 73,667,7888 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/03 13:30:28 | 03,145,728 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/03 13:30:28 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/03 11:40:11 | 00,000,292 | ---- | M] () -- C:\WINDOWS\tasks\WebReg psc 1500 series.job
[2009/12/03 09:14:59 | 46,090,958 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/12/02 15:24:14 | 00,111,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/30 18:48:40 | 00,053,248 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Grade Book F09 TH.xls
[2009/11/30 18:44:57 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Grade Book F09 ST.xls
[2009/11/27 19:49:43 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/27 18:14:42 | 00,223,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/11/27 18:03:57 | 00,642,560 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/27 18:03:56 | 00,096,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd9677.sys
[2009/11/26 09:47:52 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/25 03:04:21 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 09:17:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/17 15:48:19 | 00,002,735 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/11/17 15:15:48 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/16 20:35:26 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Owner\Desktop\cbSetup.exe
[2009/11/15 16:29:33 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/11/15 16:27:24 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/15 16:26:51 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 13:51:25 | 00,001,288 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/12 13:27:12 | 03,559,202 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/11/11 17:36:34 | 21,906,744 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Owner\Desktop\64wlsq5x.exe
[2009/11/11 07:28:44 | 00,177,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 03:47:13 | 00,001,288 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/09 13:15:32 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/08 22:59:40 | 00,058,880 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\I am a geek.doc
[2009/11/07 19:24:36 | 00,088,064 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\kitcom.wps
[2009/11/07 19:24:36 | 00,000,516 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/11/07 18:54:03 | 00,037,592 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/05 11:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 10:45:43 | 00,001,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2009/11/03 15:10:58 | 00,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 15:10:57 | 00,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 15:10:53 | 00,439,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/27 18:14:42 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/11/27 18:03:57 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/11/27 18:03:56 | 00,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd9677.sys
[2009/11/26 11:40:17 | 00,000,292 | ---- | C] () -- C:\WINDOWS\tasks\WebReg psc 1500 series.job
[2009/11/17 15:48:19 | 00,002,735 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Attach.zip
[2009/11/17 15:15:27 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2009/11/15 16:29:32 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe
[2009/11/15 16:27:24 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/12 13:34:48 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/12 13:34:48 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/12 13:34:48 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/12 13:34:48 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/12 13:34:48 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/08 22:33:42 | 00,058,880 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\I am a geek.doc
[2009/10/25 17:00:17 | 00,000,516 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2009/10/25 14:44:34 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/10/25 03:55:14 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/10/25 02:08:45 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 02:06:26 | 00,037,592 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/25 01:56:49 | 00,000,071 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/10/25 01:29:55 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/25 01:29:51 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/10/25 01:19:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/25 00:45:39 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2009/10/25 00:38:44 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2009/10/25 00:38:33 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2009/10/25 00:38:33 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2009/10/25 00:38:29 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2009/10/25 00:38:14 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2009/10/25 00:38:12 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2009/10/25 00:38:09 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2009/10/25 00:38:08 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2009/10/25 00:38:07 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2009/10/25 00:38:07 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2009/10/25 00:38:07 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2009/10/25 00:38:07 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2009/10/25 00:38:07 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2009/10/25 00:38:07 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2009/10/25 00:38:07 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2009/10/25 00:38:01 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2009/10/25 00:38:01 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2009/10/25 00:38:01 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2009/10/25 00:37:48 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2009/10/25 00:37:48 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2009/10/25 00:37:48 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2009/10/25 00:37:48 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2009/10/25 00:37:48 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2009/10/25 00:37:47 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2009/10/25 00:37:47 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2009/10/25 00:37:47 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2009/10/25 00:37:47 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2009/10/25 00:37:47 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2009/10/25 00:37:27 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2009/10/25 00:37:24 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2009/10/25 00:37:24 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2009/10/25 00:37:24 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2009/10/25 00:37:24 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2009/10/25 00:37:24 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2009/10/25 00:37:13 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2009/10/25 00:36:31 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2009/10/25 00:36:31 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2009/10/25 00:36:28 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2009/10/25 00:36:21 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2009/10/25 00:36:13 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2009/10/25 00:36:12 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2009/10/25 00:36:11 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2009/10/25 00:35:44 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2009/10/25 00:35:40 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2009/10/25 00:35:32 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2009/10/25 00:35:13 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2009/10/25 00:35:12 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2009/04/21 17:26:56 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/10/31 03:48:28 | 00,000,227 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/09/20 23:02:58 | 00,000,089 | ---- | C] () -- C:\WINDOWS\WSIMFARM.INI
[2006/09/04 18:29:03 | 00,001,640 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/21 20:36:47 | 00,000,073 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2006/06/21 18:56:14 | 00,000,082 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2006/05/11 16:48:56 | 00,000,465 | ---- | C] () -- C:\WINDOWS\asr.INI
[2006/05/11 16:45:03 | 00,000,128 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2005/11/19 18:03:51 | 00,000,485 | ---- | C] () -- C:\WINDOWS\MugE.ini
[2005/11/18 07:45:52 | 00,000,017 | ---- | C] () -- C:\WINDOWS\adm.ini
[2005/11/17 12:35:57 | 00,000,187 | ---- | C] () -- C:\WINDOWS\RELATION.INI
[2004/08/27 04:50:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 13:53:58 | 04,836,516 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2004/08/26 12:09:27 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2004/08/26 12:04:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2004/08/26 12:01:25 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2004/08/26 12:01:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2004/08/26 10:12:43 | 00,001,440 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 00,000,497 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 10:12:21 | 00,001,288 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/26 10:12:17 | 00,001,288 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/26 04:54:57 | 00,439,376 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2004/08/26 04:54:56 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 04:54:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

During the follow-up scan I was gently reminded by AVG that I have a virut stuck to system32\replace.exe, but I'm guessing I have bigger problems anyway. Thank you for reading.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 03 December 2009 - 03:02 PM

Hi,

could you please upload that file:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\windows\system32\replace.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

It could be a false positive from AVG.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 03 December 2009 - 03:15 PM

Here you are:

http://virusscan.jotti.org/en/scanresult/d...a109b85156dec81
[ArcaVir]
2009-12-03 Found nothing
[G DATA]
2009-12-03 Win32:Vitro
[A-Squared]
2009-12-03 Found nothing
[Ikarus]
2009-12-03 Found nothing
[Avast! antivirus]
2009-12-03 Win32:Vitro
[Kaspersky Anti-Virus]
2009-12-03 Found nothing
[Grisoft AVG Anti-Virus]
2009-12-03 Win32/Virut
[ESET NOD32]
2009-12-03 Found nothing
[Avira AntiVir]
2009-12-03 TR/Patched.Gen2
[Norman Virus Control]
Operation timed out
[Softwin BitDefender]
2009-12-03 Found nothing
[Panda Antivirus]
2009-12-03 Found nothing
[ClamAV]
2009-12-03 Found nothing
[Quick Heal]
2009-12-03 Found nothing
[CPsecure]
2009-12-03 Found nothing
[Sophos]
2009-12-03 Found nothing
[Dr.Web]
2009-12-03 Found nothing
[VirusBlokAda VBA32]
2009-12-02 Found nothing
[Frisk F-Prot Antivirus]
2009-12-03 Found nothing
[VirusBuster]
2009-12-03 Found nothing
[F-Secure Anti-Virus]
2009-12-03 Found nothing

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:24 AM

Posted 11 December 2009 - 08:46 AM

Hi,

I'm terribly sorry for the delay. :( I had unexpected family issues to deal with, which left me without internet access for most of the week, but I'm back in the internet connected world now and I hope there won't be any more delays.

Your current logs indicate that you might have contracted virut. This kind of is the worst case scenario for your PC and I would like to make sure this is what we are dealing with before proceeding any further.
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->virustotal

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\system32\userinit.exe
c:\windows\system32\wscntfy.exe
c:\windows\ServicePackFiles\i386\ctfmon.exe
C:\WINDOWS\system32\svchost.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at jotti: http://www.virusscan.jotti.org/

Sorry once more,
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 cccv

cccv
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:24 PM

Posted 11 December 2009 - 10:11 AM

No worries regarding the delay. As for the virut, there's no "might have" about it. It most definitely was on my comp, infecting pretty much everything. I used dr web to mop up most of it, so my computer actually runs now. What's left of it is stuck on just a few files and it isn't spreading anymore. I don't know if this is the thing that allowed someone to get my credit card number, or if it's the thing that redirects my google searches occasionally (I can confirm that that is still happening now), or if it just lowers the performance of my machine in a way I don't even notice.

Here's userinit.exe:

File userinit.exe received on 2009.12.11 14:57:40 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 4/41 (9.76%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 Gen.Malware!IK
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 TR/Patched.Gen2
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.11 -
BitDefender 7.2 2009.12.11 -
CAT-QuickHeal 10.00 2009.12.11 -
ClamAV 0.94.1 2009.12.11 -
Comodo 3206 2009.12.11 -
DrWeb 5.0.0.12182 2009.12.11 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7170 2009.12.11 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.11 -
Fortinet 4.0.14.0 2009.12.11 -
GData 19 2009.12.11 -
Ikarus T3.1.1.74.0 2009.12.11 Gen.Malware
Jiangmin 13.0.900 2009.12.11 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.11 -
McAfee 5828 2009.12.10 -
McAfee+Artemis 5828 2009.12.10 -
McAfee-GW-Edition 6.8.5 2009.12.11 Heuristic.LooksLike.Win32.Suspicious.L!85
Microsoft 1.5302 2009.12.10 -
NOD32 4679 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.11 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.11 -
Prevx 3.0 2009.12.11 -
Rising 22.25.04.07 2009.12.11 -
Sophos 4.48.0 2009.12.11 -
Sunbelt 3.2.1858.2 2009.12.11 -
Symantec 1.4.4.12 2009.12.11 -
TheHacker 6.5.0.2.090 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.11 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.11.2083 2009.12.11 -
VirusBuster 5.0.21.0 2009.12.10 -
Additional information
File size: 28672 bytes
MD5...: 36e9ffbbe3895466a82a7dcdd6745959
SHA1..: a20eeb68bbd94cf83d41eb9bd96981982dd35123
SHA256: 140095eaf29c21cf89243c2a1c699e00ccff48965751372a8fb12a44938ca491
ssdeep: 768:sRMJi8jDLIDSAaQFxfftjaLacmkLGKOqYsaaeB:sRMJbDMDSA7FxffJaLaSL
G9qYPaeB
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54ad
timedatestamp.....: 0x3b46a1d3 (Sat Jul 07 05:44:51 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x520e 0x5400 5.95 099b53205ad3f1c3b853a5310d08a9b1
.data 0x7000 0x14c 0x200 1.86 0bb948f267e82975313a03d8c0e8a1cf
.rsrc 0x8000 0x5c00 0x1600 6.07 951303da64d3cb2986746406687c3cf8

( 9 imports )
> USER32.dll: CreateWindowExW, DestroyWindow, RegisterClassExW, DefWindowProcW, LoadRemoteFonts, wsprintfW, GetSystemMetrics, GetKeyboardLayout, SystemParametersInfoW, GetDesktopWindow, LoadStringW, MessageBoxW, ExitWindowsEx, CharNextW
> ADVAPI32.dll: RegOpenKeyExA, ReportEventW, RegisterEventSourceW, DeregisterEventSource, OpenProcessToken, RegCreateKeyExW, RegSetValueExW, GetUserNameW, RegQueryValueExW, RegOpenKeyExW, RegQueryInfoKeyW, RegCloseKey, RegQueryValueExA
> CRYPT32.dll: CryptProtectData
> WINSPOOL.DRV: SpoolerInit
> ntdll.dll: RtlLengthSid, RtlCopySid, _itow, RtlFreeUnicodeString, DbgPrint, wcslen, wcscpy, wcscat, wcscmp, RtlInitUnicodeString, NtOpenKey, NtClose, _wcsicmp, memmove, RtlConvertSidToUnicodeString, NtQueryInformationToken
> NETAPI32.dll: DsGetDcNameW, NetApiBufferFree
> WLDAP32.dll: -, -, -, -, -, -
> msvcrt.dll: __setusermatherr, _initterm, __getmainargs, _acmdln, _adjust_fdiv, _XcptFilter, _exit, _c_exit, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _cexit, exit
> KERNEL32.dll: CompareFileTime, LoadLibraryW, GetProcAddress, FreeLibrary, lstrcpyW, CreateProcessW, lstrlenW, GetVersionExW, LocalFree, LocalAlloc, GetEnvironmentVariableW, CloseHandle, lstrcatW, WaitForSingleObject, DelayLoadFailureHook, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LoadLibraryA, InterlockedCompareExchange, LocalReAlloc, GetSystemTime, lstrcmpW, GetCurrentThread, SetThreadPriority, ExpandEnvironmentStringsW, SearchPathW, GetLastError, CreateThread, GetFileAttributesExW, GetSystemDirectoryW, SetCurrentDirectoryW, FormatMessageW, lstrcmpiW, GetCurrentProcess, GetUserDefaultLangID, GetCurrentProcessId, SetEvent, OpenEventW, Sleep, SetEnvironmentVariableW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Userinit Logon Application
original name: USERINIT.EXE
internal name: userinit
file version.: 5.1.2600.5512 (xpsp.080413-2113)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned




wscntfy.exe:


Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 TR/Patched.Gen2
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.11 -
BitDefender 7.2 2009.12.11 -
CAT-QuickHeal 10.00 2009.12.11 -
ClamAV 0.94.1 2009.12.11 -
Comodo 3206 2009.12.11 -
DrWeb 5.0.0.12182 2009.12.11 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7170 2009.12.11 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.11 -
Fortinet 4.0.14.0 2009.12.11 -
GData 19 2009.12.11 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.11 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.11 -
McAfee 5828 2009.12.10 -
McAfee+Artemis 5828 2009.12.10 -
McAfee-GW-Edition 6.8.5 2009.12.11 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5302 2009.12.10 -
NOD32 4679 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.11 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.11 -
Prevx 3.0 2009.12.11 -
Rising 22.25.04.07 2009.12.11 -
Sophos 4.48.0 2009.12.11 -
Sunbelt 3.2.1858.2 2009.12.11 -
Symantec 1.4.4.12 2009.12.11 -
TheHacker 6.5.0.2.090 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.11 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.11.2083 2009.12.11 -
VirusBuster 5.0.21.0 2009.12.10 -
Additional information
File size: 16384 bytes
MD5...: 474738ffeb8e6f12365d63917bd493b8
SHA1..: 5a3a4455adb7dab2f2a13e802873c0bfe807fe65
SHA256: 53df6d77dd56c29e75b790e19236c6f72ff3c5152a8aafa1c9ed6a48d509e1f2
ssdeep: 384:zd8NQWzk5ELt7P/hkQqLde7WT1PWS9v7WvpfI6:zqeabhxueG1p9DQpw6
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x27f2
timedatestamp.....: 0x3b46a1d3 (Sat Jul 07 05:44:51 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x27e0 0x2800 6.16 6b938c455457f7d1b5c5a674b8ebf6f1
.data 0x4000 0x6c 0x200 0.62 a46ea3afddd245a4720f45eb859ddfbf
.rsrc 0x5000 0x5800 0x1200 6.81 f7ada07627d3855471d0c143df3e6cc6

( 5 imports )
> msvcrt.dll: __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetUserDefaultUILanguage, GetLocaleInfoW, CreateProcessW, GetProcessHeap, HeapFree, HeapAlloc, LoadLibraryExW, GetStartupInfoW, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetLastError, CreateMutexW, CloseHandle, FormatMessageW, CreateEventW, GetCurrentProcessId
> USER32.dll: PeekMessageW, DispatchMessageW, MsgWaitForMultipleObjects, RegisterWindowMessageW, LoadStringW, LoadImageW, PostQuitMessage, PostMessageW, DestroyMenu, TrackPopupMenu, SetMenuDefaultItem, SetMenuItemInfoW, AppendMenuW, CreatePopupMenu, SetForegroundWindow, GetCursorPos, DefWindowProcW, CreateWindowExW, LoadCursorW, LoadIconW, ShowWindow, RegisterClassExW
> SHELL32.dll: SHGetFolderPathW, ShellExecuteW, Shell_NotifyIconW
> RPCRT4.dll: RpcBindingFromStringBindingW, RpcStringBindingComposeW, RpcBindingFree, RpcSsDestroyClientContext, NdrClientCall2, RpcStringFreeW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Security Center Notification App
original name: wscntfy.exe
internal name: wscntfy.exe
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


here's svchost.exe:


Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 -
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.426 2009.12.10 -
BitDefender 7.2 2009.12.11 -
CAT-QuickHeal 10.00 2009.12.11 -
ClamAV 0.94.1 2009.12.11 -
Comodo 3205 2009.12.11 -
DrWeb 5.0.0.12182 2009.12.11 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7170 2009.12.11 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.11 -
Fortinet 4.0.14.0 2009.12.11 -
GData 19 2009.12.11 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.11 -
K7AntiVirus 7.10.917 2009.12.10 -
Kaspersky 7.0.0.125 2009.12.11 -
McAfee 5828 2009.12.10 -
McAfee+Artemis 5828 2009.12.10 -
McAfee-GW-Edition 6.8.5 2009.12.11 -
Microsoft 1.5302 2009.12.10 -
NOD32 4679 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.11 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.11 -
Prevx 3.0 2009.12.11 -
Rising 22.25.04.07 2009.12.11 -
Sophos 4.48.0 2009.12.11 -
Sunbelt 3.2.1858.2 2009.12.11 -
Symantec 1.4.4.12 2009.12.11 -
TheHacker 6.5.0.2.090 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.11 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.11.2083 2009.12.11 -
VirusBuster 5.0.21.0 2009.12.10 -
Additional information
File size: 14336 bytes
MD5 : 27c6d03bcdb8cfeb96b716f3d8be3e18
SHA1 : 49083ae3725a0488e0a8fbbe1335c745f70c4667
SHA256: 2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2509
timedatestamp.....: 0x48025BC0 (Sun Apr 13 21:15:12 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2C00 0x2C00 6.29 f6589e1ed3da6afefb0b4294d9ff7f2e
.data 0x4000 0x210 0x200 1.62 cbd504e46c836e09e8faabdcfbabaec2
.rsrc 0x5000 0x408 0x600 2.51 dcede0c303bbb48c6875eb64477e5882

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md...6b716f3d8be3e18
ssdeep: 384:IDvi+JmG6yqlCRaJt4RHS5LutGJae7g9VJnpWCNJbW:INcG6xlCRaJKGOA7SHJ
PEiD : -
PDFiD : ['-', None, None]
RDS : NSRL Reference Data Set



And ctfmon.exe:


Antivirus Version Last Update Result
a-squared 4.5.0.43 2009.12.11 -
AhnLab-V3 5.0.0.2 2009.12.11 -
AntiVir 7.9.1.108 2009.12.11 TR/Patched.Gen2
Antiy-AVL 2.0.3.7 2009.12.11 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.11 -
AVG 8.5.0.427 2009.12.11 -
BitDefender 7.2 2009.12.11 -
CAT-QuickHeal 10.00 2009.12.11 -
ClamAV 0.94.1 2009.12.11 -
Comodo 3206 2009.12.11 -
DrWeb 5.0.0.12182 2009.12.11 -
eSafe 7.0.17.0 2009.12.10 -
eTrust-Vet 35.1.7170 2009.12.11 -
F-Prot 4.5.1.85 2009.12.10 -
F-Secure 9.0.15370.0 2009.12.11 -
Fortinet 4.0.14.0 2009.12.11 -
GData 19 2009.12.11 -
Ikarus T3.1.1.74.0 2009.12.11 -
Jiangmin 13.0.900 2009.12.11 -
K7AntiVirus 7.10.918 2009.12.11 -
Kaspersky 7.0.0.125 2009.12.11 -
McAfee 5828 2009.12.10 -
McAfee+Artemis 5828 2009.12.10 -
McAfee-GW-Edition 6.8.5 2009.12.11 Heuristic.LooksLike.Win32.Suspicious.H!85
Microsoft 1.5302 2009.12.10 -
NOD32 4679 2009.12.11 -
Norman 6.04.03 2009.12.11 -
nProtect 2009.1.8.0 2009.12.11 -
Panda 10.0.2.2 2009.12.11 -
PCTools 7.0.3.5 2009.12.11 -
Prevx 3.0 2009.12.11 -
Rising 22.25.04.07 2009.12.11 -
Sophos 4.48.0 2009.12.11 -
Sunbelt 3.2.1858.2 2009.12.11 -
Symantec 1.4.4.12 2009.12.11 -
TheHacker 6.5.0.2.090 2009.12.10 -
TrendMicro 9.100.0.1001 2009.12.11 -
VBA32 3.12.12.0 2009.12.10 -
ViRobot 2009.12.11.2083 2009.12.11 -
VirusBuster 5.0.21.0 2009.12.10 -
Additional information
File size: 17920 bytes
MD5...: be3b893e9f5032d62977b82e64ee2e9e
SHA1..: 7e915de7460e496650611c827f7cd3702ffed32b
SHA256: d6fc48b1a6a31201cb697b12f4995b7fb439ae43fe953066f11f11cef0e36068
ssdeep: 384:dA1Eo7NY8MPTIaW7/lumxlJlWDlgWEhV4pfIZ:d3opITIaWhuoOlyV4pwZ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x3b46a1d3 (Sat Jul 07 05:44:51 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 414ce647d4328e7513d4155b1a2c9499
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x5a00 0x1400 6.53 a52ad91d8356669b179f1177c9cc5b94

( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Thank you for reading.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users