Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Infection of some sort


  • This topic is locked This topic is locked
9 replies to this topic

#1 PipG

PipG

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 19 November 2009 - 08:43 AM

Malwarebytes has detected and removed an infection, but it continues to return. The effect on my system is that it is generally slower that usual, with frequest warnings/notices that one process or another has failed to initialize, or windows has encountered a problem. Now Malwarbytes is freezing and not running at all. I have disabled System Restore.
The following are the lines from the Malwarebytes log files that indicate the infection:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1tbl2m0s-oh7y-35hu-vbs6-p2uwsbd46iuj} (Generic.Bot.H) -> No action taken.

Files Infected:
C:\WINDOWS\system32\1526\WINNT32U.exe (Generic.Bot.H) -> No action taken.
C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\logs.dat (Bifrose.Trace) -> No action taken.
C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Temp\XxX.xXx (Malware.Trace) -> No action taken.

The DDS log file follows and is attached. Any assistance with helping to cleam this up is appreciated.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Owner at 9:25:04.03 on 19/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.381.41 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_CA&Sys=DTP&M=H5048
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_CA&Sys=DTP&M=H5048
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [CABINET] c:\windows\system32\1526\WINNT32U.exe
mExplorerRun: [CABINET] c:\windows\system32\1526\WINNT32U.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257798860279
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {1TBL2M0S-OH7Y-35HU-VBS6-P2UWSBD46IUJ} - c:\windows\system32\1526\WINNT32U.exe

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-11 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-11 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-11 285392]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2005-8-17 14336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-19 03:08:20 0 d-sha-r- C:\cmdcons
2009-11-19 03:00:16 98816 ----a-w- c:\windows\sed.exe
2009-11-19 03:00:16 77312 ----a-w- c:\windows\MBR.exe
2009-11-19 03:00:16 260608 ----a-w- c:\windows\PEV.exe
2009-11-19 03:00:16 161792 ----a-w- c:\windows\SWREG.exe
2009-11-18 05:20:15 0 d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2009-11-18 05:20:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 05:20:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-18 05:20:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 05:20:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 01:24:50 0 d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240BA.TMP
2009-11-18 00:39:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-17 23:10:37 28 ----a-w- c:\windows\DVDFab.INI
2009-11-17 01:51:56 0 d-----w- c:\docume~1\owner~1.you\applic~1\LimeWire
2009-11-17 01:50:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-17 01:50:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-17 01:49:07 0 d-----w- c:\program files\LimeWire
2009-11-17 01:32:59 0 d-----w- c:\docume~1\alluse~1\applic~1\vsosdk
2009-11-17 01:00:08 0 d-----w- c:\program files\DVDFab 6
2009-11-17 00:06:12 87608 ----a-w- c:\docume~1\owner~1.you\applic~1\inst.exe
2009-11-17 00:06:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-17 00:06:12 47360 ----a-w- c:\docume~1\owner~1.you\applic~1\pcouffin.sys
2009-11-17 00:05:54 0 d-----w- c:\program files\LG Software Innovations
2009-11-14 01:42:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-11-14 01:42:08 49664 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-11-14 01:21:16 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-13 03:29:58 0 d-----w- c:\program files\Hp
2009-11-13 03:14:16 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-13 03:14:05 7986 ----a-w- c:\windows\system32\drivers\WMP54GS.cat
2009-11-13 03:14:05 71520 ----a-w- c:\windows\system32\drivers\WMP54GS.inf
2009-11-13 03:14:05 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-11-13 03:14:05 369024 ----a-w- c:\windows\system32\drivers\bcmwl5.sys
2009-11-13 03:14:05 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-11-13 03:14:05 1396831 ----a-w- c:\windows\system32\AegisE5.dll
2009-11-13 03:13:59 0 d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2009-11-12 23:57:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-12 23:57:03 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 23:57:02 0 d-----w- c:\docume~1\owner~1.you\applic~1\SUPERAntiSpyware.com
2009-11-12 23:56:11 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-12 16:31:45 0 d-----w- c:\program files\CCleaner
2009-11-11 22:12:34 0 d-----w- c:\docume~1\owner~1.you\applic~1\Windows Search
2009-11-11 22:07:53 0 d-----w- c:\program files\Infogrames
2009-11-11 20:58:05 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca6311a9cc4b94.mof
2009-11-11 17:04:12 14916 ------w- c:\windows\hphmdl12.dat
2009-11-11 17:04:12 123795 ----a-w- c:\windows\HPHins12.dat
2009-11-11 17:03:43 77824 ----a-r- c:\windows\system32\hpzids01.dll
2009-11-11 17:03:19 48128 ----a-w- c:\windows\system32\hpz3l4pi.dll
2009-11-11 16:57:51 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-11 16:57:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-11 16:10:29 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.SYS
2009-11-11 16:10:25 69376 ----a-w- c:\windows\system32\drivers\LMOUKE.sys
2009-11-11 16:10:25 55424 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2009-11-11 16:10:18 122880 ----a-w- c:\windows\system32\BTCoreif.dll
2009-11-11 16:10:16 90112 ----a-w- c:\windows\system32\KemUtil.dll
2009-11-11 16:10:16 86016 ----a-w- c:\windows\system32\KemWnd.dll
2009-11-11 16:10:16 65536 ----a-w- c:\windows\system32\KemXML.dll
2009-11-11 16:10:16 258352 ----a-w- c:\windows\system32\unicows.dll
2009-11-11 16:10:16 143360 ----a-w- c:\windows\system32\kemutb.dll
2009-11-11 16:10:15 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-11 16:10:14 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-11-11 16:09:58 0 d-----w- c:\program files\common files\Logitech
2009-11-11 16:09:53 28160 ----a-w- c:\windows\KHALMNPR.Exe
2009-11-11 16:09:53 27008 ----a-w- c:\windows\system32\drivers\LHidKE.Sys
2009-11-11 16:09:52 0 d-----w- c:\program files\SetPoint
2009-11-11 15:10:42 0 d-----w- c:\windows\pss
2009-11-11 14:31:50 0 d--h--w- C:\$AVG
2009-11-11 14:31:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-11 14:31:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-11 14:31:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-11 14:31:23 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-11 14:31:10 0 d-----w- c:\program files\AVG
2009-11-11 14:31:09 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-11 13:46:43 94208 ----a-w- c:\windows\system32\GTW32N50.dll
2009-11-11 13:46:43 31930 ----a-w- c:\windows\system32\GTNDIS3.VXD
2009-11-11 13:46:43 17992 ----a-w- c:\windows\system32\bcm42rly.sys
2009-11-11 13:46:43 15872 ----a-w- c:\windows\system32\GTNDIS5.sys
2009-11-11 13:46:30 4254 ----a-w- c:\windows\system32\WLAN.INI
2009-11-10 19:29:29 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-11-10 19:29:18 0 d-----w- c:\program files\Acro Software
2009-11-10 19:13:55 168448 ----a-w- c:\windows\system32\unrar.dll
2009-11-10 19:13:54 839680 ----a-w- c:\windows\system32\lameACM.acm
2009-11-10 19:13:54 414 ----a-w- c:\windows\system32\lame_acm.xml
2009-11-10 19:13:53 795648 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-10 19:13:53 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-11-10 19:13:53 130048 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-10 19:13:53 118784 ----a-w- c:\windows\system32\ac3acm.acm
2009-11-10 19:13:52 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-11-10 19:13:52 684032 ----a-w- c:\windows\system32\divx.dll
2009-11-10 19:13:52 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-10 19:13:51 67584 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-10 19:13:51 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2009-11-10 19:13:50 0 d-----w- c:\program files\K-Lite Codec Pack
2009-11-10 19:08:55 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca62393fa4d84a.mof
2009-11-10 15:29:15 0 d-sh--w- c:\documents and settings\owner.your-f3da59c7c3\IECompatCache
2009-11-10 15:28:11 0 d-sh--w- c:\documents and settings\owner.your-f3da59c7c3\PrivacIE
2009-11-10 15:25:08 0 d-sh--w- c:\documents and settings\owner.your-f3da59c7c3\IETldCache
2009-11-10 15:15:11 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-11-10 15:14:54 0 d-----w- c:\windows\ie8updates
2009-11-10 15:14:38 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-10 15:14:37 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-10 15:14:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-10 15:14:37 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-10 15:14:37 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-10 15:14:36 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-10 15:13:12 0 dc-h--w- c:\windows\ie8
2009-11-10 15:07:58 0 d-----w- c:\program files\Microsoft
2009-11-10 15:06:32 0 d-----w- c:\docume~1\owner~1.you\applic~1\Windows Desktop Search
2009-11-10 15:05:56 0 d-----w- c:\windows\system32\GroupPolicy
2009-11-10 15:05:56 0 d-----w- c:\program files\Windows Desktop Search
2009-11-10 15:05:15 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-11-10 15:05:15 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-11-10 15:05:15 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-11-10 15:04:47 0 d-----w- c:\program files\Windows Media Connect 2
2009-11-10 15:03:31 0 d-----w- c:\windows\system32\LogFiles
2009-11-10 14:57:00 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2009-11-10 14:27:43 0 d-----w- c:\windows\system32\XPSViewer
2009-11-10 14:26:57 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-11-10 14:26:57 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-11-10 14:26:57 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-11-10 14:26:57 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-11-10 14:26:57 117760 ------w- c:\windows\system32\prntvpt.dll
2009-11-10 14:26:56 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-11-10 14:26:56 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-11-10 14:26:56 0 d-----w- C:\3b340980c92c9480b5945751
2009-11-10 14:03:32 0 d-----w- c:\windows\system32\scripting
2009-11-10 14:03:31 0 d-----w- c:\windows\l2schemas
2009-11-10 14:03:30 0 d-----w- c:\windows\system32\en
2009-11-10 14:03:30 0 d-----w- c:\windows\system32\bits
2009-11-10 13:59:45 0 d-----w- c:\windows\network diagnostic
2009-11-10 13:38:07 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-10 13:38:07 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-11-10 13:00:50 0 d-----w- c:\windows\ServicePackFiles
2009-11-09 20:34:01 0 d-sh--w- c:\documents and settings\owner.your-f3da59c7c3\UserData
2009-11-09 20:33:33 376 ----a-w- c:\windows\ODBC.INI
2009-11-09 20:33:22 28040 ----a-w- c:\windows\system32\mdimon.dll
2009-11-09 20:32:12 0 d-----w- c:\program files\common files\L&H
2009-11-09 20:31:55 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-09 20:31:08 0 d-----w- c:\windows\SHELLNEW
2009-11-09 19:17:14 0 d-----w- C:\oldhd
2009-11-09 16:35:58 0 d-----w- c:\windows\system32\appmgmt
2009-11-09 16:18:04 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-11-09 15:57:25 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-11-09 15:56:19 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-09 15:56:17 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-11-09 15:56:14 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-11-09 15:56:06 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-11-09 15:56:06 1203922 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2009-11-09 15:56:05 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-11-09 15:54:38 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-09 15:54:37 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-11-09 15:52:34 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-09 15:52:32 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-11-09 15:52:30 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-09 15:52:26 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-09 15:50:49 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-11-09 15:48:36 0 d-----w- c:\docume~1\owner~1.you\applic~1\McAfee.com Personal Firewall
2009-11-07 11:00:44 0 d-----w- c:\windows\system32\PreInstall
2009-11-06 17:29:33 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-06 16:49:15 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-11-06 16:49:15 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-06 16:49:07 129248 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-11-06 16:48:40 368736 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2009-11-06 16:45:45 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-04 20:10:30 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-04 20:10:26 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-04 20:10:23 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-04 20:10:09 24960 ----a-w- c:\windows\system32\drivers\hidparse.sys
2009-11-04 20:10:09 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-04 20:10:08 36864 ----a-w- c:\windows\system32\drivers\hidclass.sys
2009-11-04 20:10:00 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-04 20:09:29 4736 ----a-w- c:\windows\system32\drivers\usbd.sys
2009-11-04 20:08:41 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-11-04 20:08:40 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-11-04 20:08:40 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2009-11-04 20:08:26 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2009-11-04 20:08:24 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-11-04 20:08:23 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-11-04 20:08:22 17152 ----a-w- c:\windows\system32\drivers\usbohci.sys
2009-11-04 20:08:22 143872 ----a-w- c:\windows\system32\drivers\usbport.sys
2009-11-04 20:08:21 74240 ----a-w- c:\windows\system32\usbui.dll
2009-11-04 20:08:21 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys
2009-11-04 20:04:08 60 ----a-w- c:\windows\system32\SYSDRV.DAT
2009-11-04 20:04:06 0 d-----w- c:\windows\creator
2009-11-04 20:04:03 0 d-----w- c:\windows\SMINST
2009-11-04 20:03:38 0 d-----w- C:\Program Files
2009-11-04 20:03:29 0 d-----r- c:\documents and settings\all users\Documents
2009-11-04 20:02:20 0 d-----r- c:\windows\Offline Web Pages
2009-11-04 20:00:33 0 dcsh--r- c:\windows\system32\dllcache
2009-11-04 19:57:06 0 ----a-w- c:\windows\system32\EMACHINES_H5048__.MRK
2009-11-04 19:56:57 333 ----a-w- c:\windows\system32\$ncsp$.inf
2009-11-04 19:56:32 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-11-04 19:56:31 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-11-04 19:56:18 0 d-----w- c:\windows\system32\Lang
2009-11-04 19:53:37 28896 ----a-w- c:\windows\system32\Status.MPF
2009-11-04 19:46:28 28672 ----a-w- c:\windows\system32\verclsid.exe
2009-11-04 19:32:28 0 d-----w- c:\program files\McAfee
2009-11-04 19:32:21 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com Personal Firewall
2009-11-04 19:31:53 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee.com
2009-11-04 19:31:30 30056 ----a-w- c:\windows\system32\oemlogo.bmp
2009-11-04 19:31:30 0 d-----w- c:\program files\gtw_logo
2009-11-04 19:31:12 741376 ----a-w- c:\windows\system32\BigFixSuppress.exe
2009-11-04 19:31:12 741376 ----a-w- c:\windows\system32\BigFixShortcutInStartup.exe
2009-11-04 19:31:09 67072 ----a-w- c:\windows\POWERCFG.EXE
2009-11-04 19:30:58 80512 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2009-11-04 19:29:39 10280 ----a-w- c:\windows\BigFixClientOverride.dll
2009-11-04 19:29:38 0 d-----w- c:\program files\BigFix
2009-11-04 19:28:38 0 d-----w- c:\program files\MSN Encarta Plus
2009-11-04 19:28:20 4223 ----a-w- c:\windows\mHotkey.reg
2009-11-04 19:28:19 550912 ----a-w- c:\windows\zHotkey.exe
2009-11-04 19:28:19 532544 ----a-w- c:\windows\PIC.dll
2009-11-04 19:28:19 5280 ----a-w- c:\windows\hotbtnv.vxd
2009-11-04 19:28:19 42040 ----a-w- c:\windows\PatchWnd.exe
2009-11-04 19:28:19 36864 ----a-w- c:\windows\ShowWnd.exe
2009-11-04 19:28:19 24576 ----a-w- c:\windows\HKNTDLL.dll
2009-11-04 19:28:19 11776 ----a-w- c:\windows\HIDMNT.dll
2009-11-04 19:28:00 4 ----a-w- c:\windows\Pix11.dat
2009-11-04 19:27:36 0 d-----w- c:\program files\Microsoft Digital Image 2006
2009-11-04 19:26:59 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2009-11-04 19:26:16 0 d-----w- c:\program files\Realtek
2009-11-04 19:24:52 0 d-----w- c:\docume~1\alluse~1\applic~1\WildTangent
2009-11-04 19:24:47 0 d-----w- c:\program files\WildTangent
2009-11-04 19:24:44 0 d-----w- c:\program files\Gateway Games
2009-11-04 19:24:23 520192 ----a-w- c:\windows\system32\ati2sgag.exe
2009-11-04 19:23:49 20480 ----a-w- c:\windows\system32\Marker32.exe
2009-11-04 19:20:50 94208 ----a-w- c:\windows\system32\bae.dll
2009-11-04 19:19:59 0 d-----w- c:\program files\Digital Media Reader
2009-11-04 19:19:52 0 d-----w- c:\windows\Downloaded Installations
2009-11-04 19:19:04 2 ----a-w- C:\AUDIT_INSTALL_IN_PROGRESS
2009-11-04 19:17:33 0 d-----w- c:\windows\system32\ReinstallBackups
2009-11-04 19:13:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Prism Deploy
2009-11-04 19:13:16 0 d-----w- c:\program files\common files\New Boundary
2009-11-04 19:11:06 2 --sh--r- C:\USER
2009-11-04 19:11:06 0 ----a-w- C:\REQUEST_OEMRESET_ENDUSER

==================== Find3M ====================

2009-11-19 13:23:23 2302 ---ha-w- c:\docume~1\owner~1.you\applic~1\logs.dat
2009-10-08 22:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 22:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 22:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 02:39:52 286720 ----a-w- c:\windows\system32\HPZc3212.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-06-19 00:47:57 372736 --sh--r- c:\windows\system32\1526\WINNT32U.exe

============= FINISH: 9:27:02.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PipG

PipG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 22 November 2009 - 06:25 PM

After some further malware DIY I think this problem is solved. The ESET Online scanner detected and removed several nasty files and Malwarebytes finished it off. Thanks to this forum, I at least felt I had a fall back if I couldn't sort ths out.

#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 PM

Posted 27 November 2009 - 09:55 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you still want your PC checked out please let us knowIf so please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Please also provide a log from gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 PipG

PipG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 27 November 2009 - 04:10 PM

Thanks for looking at this for me. As I said in my last post, the computer seems to be running better. The scans I have done on my own are clean. The following are the logs for the scans you suggested:

OTL logfile created on: 27/11/2009 1:34:31 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

381.48 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 30.15% Memory free
1007.75 Mb Paging File | 361.78 Mb Available in Paging File | 35.90% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.16 Gb Total Space | 75.98 Gb Free Space | 53.44% Space Free | Partition Type: NTFS
Drive D: | 6.87 Gb Total Space | 3.94 Gb Free Space | 57.29% Space Free | Partition Type: FAT32
Drive E: | 542.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F3DA59C7C3
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/27 13:34:03 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\OTL.exe
PRC - [2009/11/12 08:25:03 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/11/12 08:25:00 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/11/11 10:31:18 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/11 10:31:17 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/11 10:31:16 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/11 10:31:16 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/11 10:31:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/11/04 15:15:19 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/30 05:15:52 | 00,065,024 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/08/05 10:37:58 | 12,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/23 01:23:38 | 00,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2009/06/09 19:12:08 | 00,096,088 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2009/03/30 20:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 20:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/08 18:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 18:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 08:01:56 | 00,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 06:55:26 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/09 20:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2006/04/04 17:44:58 | 16,120,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006/01/15 21:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/01/15 21:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/27 13:34:03 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\OTL.exe
MOD - [2008/04/13 20:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/11 10:31:11 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/04 15:15:19 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/30 05:15:52 | 00,065,024 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/09/23 20:36:06 | 00,051,168 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/30 20:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/09/14 08:01:56 | 00,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 06:55:26 | 00,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/19 00:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 20:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2006/01/26 11:57:00 | 00,520,192 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/01/15 21:41:52 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/08/05 23:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 23:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2003/07/28 16:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 03:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2009/11/16 21:00:43 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/11/12 23:14:16 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/11/11 10:31:35 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/11 10:31:29 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/11 10:31:28 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/06 12:49:15 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/11/06 12:49:15 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/11/06 12:49:07 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/06 12:48:40 | 00,368,736 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/09/30 05:15:52 | 00,116,736 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/08/26 22:40:06 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/05/16 02:17:22 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/05/16 02:17:22 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2006/04/06 14:20:44 | 04,258,816 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/01/18 18:41:00 | 00,080,512 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/01/15 21:48:08 | 01,477,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/12/20 17:54:34 | 00,027,008 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/12/20 17:54:28 | 00,069,376 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/05/13 04:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004/12/22 01:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2004/08/10 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 02:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/04 01:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 00:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 00:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 00:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 00:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 23:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 23:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 23:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 23:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 23:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 23:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 23:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 23:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 23:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 23:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:49:32 | 00,019,968 | ---- | M] (Macronix International Co., Ltd. ) -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=H5048


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=H5048
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=H5048
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...DTP&M=H5048
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...DTP&M=H5048
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=FW69157
IE - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-475967489-192028308-3137455487-1006\S-1-5-21-475967489-192028308-3137455487-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/10 11:07:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/16 21:50:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/11/16 21:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Mozilla\Extensions
[2009/11/16 21:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (686 bytes) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-475967489-192028308-3137455487-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-475967489-192028308-3137455487-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-475967489-192028308-3137455487-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-475967489-192028308-3137455487-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1257798860279 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 21:40:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 16:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2004/09/18 17:26:19 | 00,000,000 | R--D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002/09/09 18:01:35 | 00,151,552 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/08/28 20:14:48 | 00,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/27 13:33:38 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\OTL.exe
[2009/11/27 08:22:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Recent
[2009/11/26 18:38:26 | 00,000,000 | R--D | C] -- C:\Sandbox
[2009/11/26 18:37:04 | 00,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2009/11/24 21:41:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/22 21:25:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/11/22 20:28:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/22 20:28:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/22 20:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/22 20:06:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2009/11/22 08:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Media Player Classic
[2009/11/21 20:13:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\DoctorWeb
[2009/11/20 08:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\WinRAR
[2009/11/20 08:20:14 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/11/20 08:17:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/11/18 23:08:20 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/18 23:00:16 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/18 23:00:16 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/18 23:00:16 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/18 23:00:16 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/18 22:58:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/18 01:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Malwarebytes
[2009/11/18 01:20:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/17 21:24:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CD95F661A5C444F5A6AAECDD91C240BA.TMP
[2009/11/17 20:38:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/11/17 20:36:54 | 00,000,000 | ---D | C] -- C:\Program Files\WinZip
[2009/11/16 22:21:46 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/16 22:21:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/16 22:21:46 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/16 21:53:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\LimeWire
[2009/11/16 21:52:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Mozilla
[2009/11/16 21:51:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\LimeWire
[2009/11/16 21:50:46 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/16 21:50:46 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/16 21:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/11/16 21:32:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/11/16 21:00:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\DVDFab
[2009/11/16 21:00:08 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 6
[2009/11/16 20:06:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2009/11/16 20:06:12 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/11/16 20:06:12 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.sys
[2009/11/16 20:06:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Vso
[2009/11/16 20:05:54 | 00,000,000 | ---D | C] -- C:\Program Files\LG Software Innovations
[2009/11/16 20:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\CyberLink
[2009/11/16 20:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/11/13 21:42:13 | 00,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2009/11/13 21:42:08 | 00,049,664 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2009/11/13 21:21:16 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/11/12 23:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Hp
[2009/11/12 23:14:16 | 00,017,801 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/11/12 23:14:05 | 01,396,831 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\AegisE5.dll
[2009/11/12 23:14:05 | 00,369,024 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\bcmwl5.sys
[2009/11/12 23:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[2009/11/12 21:35:53 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/11/12 19:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/12 19:57:03 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/11/12 19:57:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\SUPERAntiSpyware.com
[2009/11/12 12:31:45 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/11/11 23:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/11/11 23:22:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Sun
[2009/11/11 18:12:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Windows Search
[2009/11/11 18:07:53 | 00,000,000 | ---D | C] -- C:\Program Files\Infogrames
[2009/11/11 13:03:19 | 00,048,128 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpz3l4pi.dll
[2009/11/11 12:57:51 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/11/11 12:14:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Logitech
[2009/11/11 12:10:29 | 00,013,440 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042Kbd.SYS
[2009/11/11 12:10:25 | 00,069,376 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LMOUKE.sys
[2009/11/11 12:10:25 | 00,055,424 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\L8042MOU.SYS
[2009/11/11 12:10:18 | 00,122,880 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\BTCoreif.dll
[2009/11/11 12:10:16 | 00,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2009/11/11 12:10:16 | 00,143,360 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2009/11/11 12:10:16 | 00,090,112 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2009/11/11 12:10:16 | 00,086,016 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2009/11/11 12:10:16 | 00,065,536 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2009/11/11 12:10:15 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/11/11 12:10:14 | 01,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2009/11/11 12:09:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2009/11/11 12:09:53 | 00,028,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\KHALMNPR.Exe
[2009/11/11 12:09:53 | 00,027,008 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LHidKE.Sys
[2009/11/11 12:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\SetPoint
[2009/11/11 11:10:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/11/11 10:31:50 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/11/11 10:31:36 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/11 10:31:35 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/11 10:31:29 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/11 10:31:28 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/11 10:31:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/11/11 10:31:10 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/11 10:31:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/11 09:46:43 | 00,017,992 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\bcm42rly.sys
[2009/11/11 09:46:43 | 00,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2009/11/10 15:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2009/11/10 15:21:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/10 15:16:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/10 15:16:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Macromedia
[2009/11/10 15:15:31 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/11/10 15:15:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/10 15:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\Adobe
[2009/11/10 15:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Adobe
[2009/11/10 15:13:54 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/11/10 15:13:53 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/11/10 15:13:53 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/11/10 15:13:52 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/11/10 15:13:52 | 00,086,016 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/11/10 15:13:50 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/10 11:29:15 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\IECompatCache
[2009/11/10 11:28:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\PrivacIE
[2009/11/10 11:25:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\IETldCache
[2009/11/10 11:14:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/10 11:14:37 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/11/10 11:14:37 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/11/10 11:14:37 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/11/10 11:14:36 | 11,069,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/11/10 11:14:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/11/10 11:13:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/10 11:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/11/10 11:07:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/11/10 11:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Windows Desktop Search
[2009/11/10 11:05:56 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/11/10 11:05:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/11/10 11:05:15 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/11/10 11:05:15 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/11/10 11:05:15 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/11/10 11:05:07 | 00,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/11/10 11:04:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/11/10 11:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/11/10 11:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/11/10 10:27:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/11/10 10:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/10 10:27:34 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/10 10:26:57 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/11/10 10:26:57 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/11/10 10:26:57 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/11/10 10:26:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/11/10 10:26:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/11/10 10:26:56 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/11/10 10:26:56 | 00,000,000 | ---D | C] -- C:\3b340980c92c9480b5945751
[2009/11/10 10:15:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/10 10:03:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/11/10 10:03:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/11/10 10:03:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/11/10 10:03:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/11/10 10:03:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/11/10 09:59:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/11/10 09:55:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/11/10 09:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/10 09:38:07 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/11/10 09:38:07 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/11/10 09:00:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/11/09 16:34:01 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\UserData
[2009/11/09 16:33:22 | 00,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2009/11/09 16:32:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2009/11/09 16:31:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/11/09 16:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/09 16:31:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/11/09 16:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/09 16:31:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/11/09 16:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/11/09 16:30:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/09 16:29:24 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/11/09 16:22:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\wsInspector
[2009/11/09 16:22:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Video Downloads
[2009/11/09 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\TomTom
[2009/11/09 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Sylvie files
[2009/11/09 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Poker Superstars II Documents
[2009/11/09 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Pinnacle Studio
[2009/11/09 16:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\PcSetup
[2009/11/09 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\New Folder
[2009/11/09 16:22:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Webs
[2009/11/09 15:40:11 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Stationery
[2009/11/09 15:40:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Videos
[2009/11/09 15:40:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Smilebox Creations
[2009/11/09 15:40:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Received Files
[2009/11/09 15:40:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Projects
[2009/11/09 15:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Games
[2009/11/09 15:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Albums
[2009/11/09 15:33:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\MumboJumbo
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\LDW
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\kudosrocklegend
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\kudos
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\InstantCDDVD
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Floodgate
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Drive Green
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Downloads
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\CyberLink
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Converted Videos
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Bus Driver
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Birdies
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\BarnyardInvasionSaveData
[2009/11/09 15:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\BabyLuv
[2009/11/09 15:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Alex
[2009/11/09 15:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\18 WoS American Long Haul
[2009/11/09 15:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\(pc games)command and conquer TIBERIAN SUN Fullgame
[2009/11/09 15:17:14 | 00,000,000 | ---D | C] -- C:\oldhd
[2009/11/09 12:35:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/11/09 12:19:36 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/11/09 12:19:36 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/11/09 12:19:36 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/11/09 12:19:36 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/11/09 12:19:36 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/11/09 12:19:36 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/11/09 12:19:31 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/11/09 12:19:31 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/11/09 12:19:31 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/11/09 12:19:31 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/11/09 12:19:30 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/11/09 12:19:30 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/11/09 12:19:29 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/11/09 12:19:27 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/11/09 12:19:27 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/11/09 12:19:27 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/11/09 12:19:24 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/11/09 12:19:19 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/11/09 12:19:19 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/11/09 12:19:19 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/11/09 12:18:04 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/11/09 12:18:04 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/11/09 12:18:04 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/11/09 12:18:04 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/11/09 12:18:03 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/11/09 12:18:03 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/11/09 12:18:03 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/11/09 12:18:03 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/11/09 12:18:03 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/11/09 12:18:03 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/11/09 12:18:03 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/11/09 12:18:03 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/11/09 12:18:03 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/11/09 12:18:03 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/11/09 12:18:03 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/11/09 12:18:03 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/11/09 12:18:03 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/11/09 12:18:03 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/11/09 12:18:03 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/11/09 12:18:03 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/11/09 12:18:03 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/11/09 11:57:25 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/11/09 11:56:19 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/09 11:56:17 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/11/09 11:56:14 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/11/09 11:54:38 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/11/09 11:53:36 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/11/09 11:53:35 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/11/09 11:53:34 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/11/09 11:53:34 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/11/09 11:53:07 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe
[2009/11/09 11:52:34 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/11/09 11:52:32 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/11/09 11:52:26 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/11/09 11:50:49 | 01,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/11/09 11:48:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\McAfee.com Personal Firewall
[2009/11/07 07:01:16 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/11/07 07:00:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/11/06 12:49:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/11/06 12:49:15 | 00,441,760 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2009/11/06 12:49:15 | 00,044,384 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2009/11/06 12:49:07 | 00,129,248 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2009/11/06 12:48:40 | 00,368,736 | ---- | C] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2009/11/06 12:47:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2009/11/06 12:47:13 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2009/11/06 12:45:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/11/04 16:10:09 | 00,024,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidparse.sys
[2009/11/04 16:10:08 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidclass.sys
[2009/11/04 16:09:29 | 00,004,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbd.sys
[2009/11/04 16:08:41 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009/11/04 16:08:40 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2009/11/04 16:08:26 | 00,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2009/11/04 16:08:23 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2009/11/04 16:08:22 | 00,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2009/11/04 16:08:21 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/11/04 16:07:11 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Microsoft
[2009/11/04 16:07:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\SendTo
[2009/11/04 16:07:11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data
[2009/11/04 16:07:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Start Menu
[2009/11/04 16:07:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Pictures
[2009/11/04 16:07:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Music
[2009/11/04 16:07:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents
[2009/11/04 16:07:11 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Favorites
[2009/11/04 16:07:11 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Cookies
[2009/11/04 16:07:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Templates
[2009/11/04 16:07:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\PrintHood
[2009/11/04 16:07:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\NetHood
[2009/11/04 16:07:11 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\WINDOWS
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\SampleView
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\Microsoft
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\Identities
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\Identities
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\Google
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\ApplicationHistory
[2009/11/04 16:07:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
[2009/11/04 16:06:23 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/11/04 16:04:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\creator
[2009/11/04 16:04:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2009/11/04 16:03:38 | 00,000,000 | ---D | C] -- C:\Program Files
[2009/11/04 16:03:30 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/11/04 16:03:30 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/11/04 16:03:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/11/04 16:03:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/11/04 16:03:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/11/04 16:03:29 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/11/04 16:02:28 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/11/04 16:02:20 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/11/04 16:00:33 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/11/04 15:58:40 | 00,860,320 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2009/11/04 15:58:40 | 00,860,320 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/11/04 15:58:40 | 00,077,824 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009/11/04 15:58:40 | 00,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2009/11/04 15:58:39 | 00,114,688 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009/11/04 15:58:39 | 00,017,408 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atitvo32.dll
[2009/11/04 15:58:36 | 05,111,808 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglxx.dll
[2009/11/04 15:58:33 | 06,684,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atioglx1.dll
[2009/11/04 15:58:33 | 00,307,200 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atiiiexx.dll
[2009/11/04 15:58:33 | 00,282,624 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2009/11/04 15:58:33 | 00,151,552 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\atikvmag.dll
[2009/11/04 15:58:33 | 00,053,248 | ---- | C] ( ATI Technologies Inc.) -- C:\WINDOWS\System32\ATIDDC.DLL
[2009/11/04 15:58:31 | 02,603,872 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2009/11/04 15:58:31 | 02,603,872 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/11/04 15:58:31 | 01,477,632 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/11/04 15:58:31 | 01,477,632 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2009/11/04 15:58:31 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009/11/04 15:58:30 | 00,405,504 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.exe
[2009/11/04 15:58:30 | 00,258,048 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2009/11/04 15:58:30 | 00,258,048 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/11/04 15:58:30 | 00,255,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2009/11/04 15:58:30 | 00,255,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/11/04 15:58:30 | 00,061,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2evxx.dll
[2009/11/04 15:58:30 | 00,040,960 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009/11/04 15:58:30 | 00,040,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2erec.dll
[2009/11/04 15:57:03 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/11/04 15:56:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/11/04 15:46:28 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/11/04 15:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/11/04 15:32:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/11/04 15:32:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
[2009/11/04 15:31:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2009/11/04 15:31:30 | 00,000,000 | ---D | C] -- C:\Program Files\gtw_logo
[2009/11/04 15:31:12 | 00,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixSuppress.exe
[2009/11/04 15:31:12 | 00,741,376 | ---- | C] (New Boundary Technologies, Inc.) -- C:\WINDOWS\System32\BigFixShortcutInStartup.exe
[2009/11/04 15:31:09 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2009/11/04 15:30:58 | 00,080,512 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009/11/04 15:29:39 | 00,010,280 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2009/11/04 15:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\BigFix
[2009/11/04 15:28:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2009/11/04 15:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
[2009/11/04 15:27:32 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2009/11/04 15:27:32 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009/11/04 15:27:32 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/11/04 15:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/04 15:27:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/04 15:26:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/11/04 15:26:52 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/11/04 15:26:52 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/11/04 15:26:52 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/11/04 15:26:21 | 00,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.Cpl
[2009/11/04 15:26:21 | 00,086,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2009/11/04 15:26:20 | 00,364,544 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2009/11/04 15:26:19 | 09,711,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2009/11/04 15:26:18 | 04,258,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.Sys
[2009/11/04 15:26:17 | 16,120,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2009/11/04 15:26:17 | 02,158,592 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2009/11/04 15:26:16 | 02,809,344 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2009/11/04 15:26:16 | 00,299,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.Cpl
[2009/11/04 15:26:16 | 00,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2009/11/04 15:26:16 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/11/04 15:26:12 | 00,487,424 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2009/11/04 15:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/11/04 15:24:47 | 00,000,000 | ---D | C] -- C:\Program Files\WildTangent
[2009/11/04 15:24:44 | 00,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2009/11/04 15:23:49 | 00,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2009/11/04 15:23:21 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/04 15:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2009/11/04 15:20:50 | 00,094,208 | ---- | C] (Gateway Inc.) -- C:\WINDOWS\System32\bae.dll
[2009/11/04 15:19:59 | 00,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2009/11/04 15:19:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/11/04 15:19:10 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/11/04 15:19:10 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/11/04 15:19:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/11/04 15:17:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/11/04 15:17:23 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/11/04 15:13:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2009/11/04 15:13:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/27 13:34:03 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\OTL.exe
[2009/11/27 08:49:16 | 45,814,706 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/27 08:48:41 | 00,105,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/26 22:24:58 | 00,001,538 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2009/11/26 18:37:04 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\Sandboxed Web Browser.lnk
[2009/11/25 15:30:16 | 02,621,440 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\NTUSER.DAT
[2009/11/24 21:53:01 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/24 21:45:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/24 21:45:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/24 21:45:43 | 40,008,9088 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 21:43:59 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\ntuser.ini
[2009/11/24 15:08:34 | 00,040,448 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Philip Gruchy and Sylvie Ouellette GruchyScotiabank Meeting.wpd
[2009/11/22 21:57:01 | 07,446,112 | -H-- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\IconCache.db
[2009/11/22 20:28:21 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/22 20:05:54 | 00,000,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\fusioncache.dat
[2009/11/22 19:57:11 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\Windows Media Player.lnk
[2009/11/22 19:56:03 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/22 08:30:25 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 21:02:50 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\setup_XP.ini
[2009/11/20 11:30:40 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/11/20 08:20:15 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/11/18 23:08:26 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/17 21:02:15 | 00,001,586 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\LimeWire PRO 5.3.6.lnk
[2009/11/17 20:51:49 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 20:44:33 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\DVDFab 6.lnk
[2009/11/17 19:10:37 | 00,000,028 | ---- | M] () -- C:\WINDOWS\DVDFab.INI
[2009/11/16 21:00:43 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\inst.exe
[2009/11/16 21:00:43 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/11/16 21:00:43 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.sys
[2009/11/16 21:00:43 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.cat
[2009/11/16 21:00:43 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.inf
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/12 23:35:16 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/12 23:35:16 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/12 23:35:16 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/11/12 23:14:16 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/11/12 23:13:54 | 00,004,254 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/12 12:31:48 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\CCleaner.lnk
[2009/11/12 03:19:06 | 00,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 18:12:02 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 2.lnk
[2009/11/11 16:58:04 | 00,551,606 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/11 16:58:04 | 00,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/11 16:58:04 | 00,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/11 13:04:18 | 00,123,795 | ---- | M] () -- C:\WINDOWS\HPHins12.dat
[2009/11/11 10:31:36 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/11/11 10:31:36 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/11 10:31:35 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/11/11 10:31:29 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/11/11 10:31:28 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/11 10:31:28 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/11/11 10:31:24 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/11 10:31:24 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/11 10:07:24 | 00,067,528 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/10 11:05:00 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/10 11:05:00 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/10 11:03:34 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/11/10 10:18:01 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/10 09:59:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/09 16:33:33 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/11/09 15:55:55 | 00,050,080 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Wallpaper-2_sm.jpg
[2009/11/09 14:13:15 | 00,000,579 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Sharing Folders.lnk
[2009/11/09 13:32:14 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Le Roi.doc
[2009/11/09 13:32:11 | 00,071,112 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Cottage directions.pdf
[2009/11/09 13:32:11 | 00,039,927 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\ImperialMarchStarWars.pdf
[2009/11/09 13:32:11 | 00,000,317 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\google ocean.kmz
[2009/11/09 13:32:10 | 00,062,443 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Cottage directions 2.pdf
[2009/11/09 13:32:10 | 00,021,894 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\cc_20091013_074600.reg
[2009/11/09 13:32:10 | 00,001,297 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Brownie recipe.rtf
[2009/11/09 12:48:34 | 01,607,526 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\tax credit.bmp
[2009/11/09 12:48:34 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Speech.doc
[2009/11/09 12:48:33 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Resumé.doc
[2009/11/09 12:48:33 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Professional Development Activities NSASW 2007.doc
[2009/11/09 12:48:30 | 00,092,672 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Performance Management Form 2008-09.wpd
[2009/11/09 12:33:43 | 00,028,896 | ---- | M] () -- C:\WINDOWS\System32\Status.MPF
[2009/11/06 12:49:15 | 00,441,760 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\timntr.sys
[2009/11/06 12:49:15 | 00,044,384 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tifsfilt.sys
[2009/11/06 12:49:07 | 00,129,248 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\snapman.sys
[2009/11/06 12:48:40 | 00,368,736 | ---- | M] (Acronis) -- C:\WINDOWS\System32\drivers\tdrpman.sys
[2009/11/06 12:48:29 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk
[2009/11/05 08:39:40 | 00,087,552 | ---- | M] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/11/04 16:06:51 | 00,000,097 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/11/04 16:06:48 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/04 16:04:08 | 00,000,060 | ---- | M] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/11/04 15:57:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\EMACHINES_H5048__.MRK
[2009/11/04 15:56:57 | 00,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/11/04 15:56:32 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/11/04 15:56:32 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/11/04 15:52:36 | 00,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
[2009/11/04 15:33:03 | 00,000,495 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2009/11/04 15:28:00 | 00,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2009/11/04 15:19:04 | 00,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2009/11/04 15:11:13 | 00,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2009/11/04 15:11:06 | 00,000,002 | RHS- | M] () -- C:\USER
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/26 18:37:55 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\Sandboxed Web Browser.lnk
[2009/11/26 18:37:36 | 00,001,538 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2009/11/24 21:53:00 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/11/24 15:02:00 | 00,040,448 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Philip Gruchy and Sylvie Ouellette GruchyScotiabank Meeting.wpd
[2009/11/22 20:28:21 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/22 20:05:54 | 00,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\fusioncache.dat
[2009/11/21 21:02:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\setup_XP.ini
[2009/11/20 11:39:05 | 40,008,9088 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/18 23:08:26 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/11/18 23:08:22 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/18 23:00:16 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/18 23:00:16 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/18 23:00:16 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/18 23:00:16 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/18 23:00:16 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/17 21:02:15 | 00,001,586 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\LimeWire PRO 5.3.6.lnk
[2009/11/17 20:39:05 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 19:10:37 | 00,000,028 | ---- | C] () -- C:\WINDOWS\DVDFab.INI
[2009/11/16 21:00:31 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\DVDFab 6.lnk
[2009/11/16 20:06:29 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.log
[2009/11/16 20:06:12 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\inst.exe
[2009/11/16 20:06:12 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.cat
[2009/11/16 20:06:12 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Application Data\pcouffin.inf
[2009/11/12 23:14:05 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/11/12 23:14:05 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/11/12 23:14:05 | 00,071,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMP54GS.inf
[2009/11/12 23:14:05 | 00,007,986 | ---- | C] () -- C:\WINDOWS\System32\drivers\WMP54GS.cat
[2009/11/12 20:12:31 | 01,607,526 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\tax credit.bmp
[2009/11/12 20:11:55 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Speech.doc
[2009/11/12 20:11:27 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Resumé.doc
[2009/11/12 20:10:41 | 00,023,040 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Professional Development Activities NSASW 2007.doc
[2009/11/12 20:08:37 | 00,092,672 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Performance Management Form 2008-09.wpd
[2009/11/12 12:31:48 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\CCleaner.lnk
[2009/11/11 18:12:02 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RollerCoaster Tycoon 2.lnk
[2009/11/11 13:04:15 | 00,000,275 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/11 13:04:12 | 00,123,795 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2009/11/11 13:04:12 | 00,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2009/11/11 13:03:43 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/11/11 12:37:59 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 10:31:36 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/11/11 10:31:27 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/11/11 10:31:24 | 45,814,706 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/11 10:31:24 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/11/11 10:31:24 | 00,105,755 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/11 10:31:23 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/11/11 09:46:43 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/11/11 09:46:43 | 00,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2009/11/11 09:46:30 | 00,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2009/11/10 15:29:29 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/11/10 15:13:55 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/10 15:13:54 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/11/10 15:13:53 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/11/10 15:13:53 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/11/10 15:13:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/11/10 15:13:51 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/10 15:13:51 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/10 11:03:34 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/11/09 16:33:33 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/09 15:24:41 | 00,071,112 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Cottage directions.pdf
[2009/11/09 15:24:41 | 00,062,443 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Cottage directions 2.pdf
[2009/11/09 15:24:41 | 00,050,080 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Wallpaper-2_sm.jpg
[2009/11/09 15:24:41 | 00,039,927 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\ImperialMarchStarWars.pdf
[2009/11/09 15:24:41 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Le Roi.doc
[2009/11/09 15:24:41 | 00,021,894 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\cc_20091013_074600.reg
[2009/11/09 15:24:41 | 00,001,297 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\Brownie recipe.rtf
[2009/11/09 15:24:41 | 00,000,579 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\My Sharing Folders.lnk
[2009/11/09 15:24:41 | 00,000,317 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\My Documents\google ocean.kmz
[2009/11/09 12:19:28 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/11/09 12:19:15 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/11/09 12:18:04 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/11/06 12:48:29 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis True Image Home 11.0.lnk
[2009/11/04 16:07:26 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop\Windows Media Player.lnk
[2009/11/04 16:07:11 | 02,621,440 | -H-- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\NTUSER.DAT
[2009/11/04 16:07:11 | 00,000,278 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\ntuser.ini
[2009/11/04 16:04:08 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2009/11/04 15:58:40 | 00,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2009/11/04 15:58:40 | 00,026,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2009/11/04 15:58:40 | 00,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2009/11/04 15:58:39 | 01,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2009/11/04 15:58:33 | 00,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/11/04 15:58:33 | 00,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/11/04 15:57:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\EMACHINES_H5048__.MRK
[2009/11/04 15:56:57 | 00,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2009/11/04 15:56:32 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/11/04 15:56:31 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/11/04 15:53:37 | 00,028,896 | ---- | C] () -- C:\WINDOWS\System32\Status.MPF
[2009/11/04 15:31:30 | 00,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2009/11/04 15:28:20 | 00,004,223 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2009/11/04 15:28:19 | 00,550,912 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2009/11/04 15:28:19 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2009/11/04 15:28:19 | 00,042,040 | ---- | C] () -- C:\WINDOWS\PatchWnd.exe
[2009/11/04 15:28:19 | 00,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2009/11/04 15:28:19 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2009/11/04 15:28:19 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2009/11/04 15:28:19 | 00,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2009/11/04 15:28:00 | 00,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2009/11/04 15:27:14 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/11/04 15:27:14 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/11/04 15:24:23 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/11/04 15:19:04 | 00,000,002 | ---- | C] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2009/11/04 15:17:32 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/11/04 15:11:06 | 00,000,002 | RHS- | C] () -- C:\USER
[2009/11/04 15:11:06 | 00,000,000 | ---- | C] () -- C:\REQUEST_OEMRESET_ENDUSER
[2007/09/27 14:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 14:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 14:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/19 15:13:08 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 21:17:08 | 00,001,478 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/17 21:17:08 | 00,000,495 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 19:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

OTL Extras logfile created on: 27/11/2009 1:34:41 PM - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\Owner.YOUR-F3DA59C7C3\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

381.48 Mb Total Physical Memory | 115.00 Mb Available Physical Memory | 30.15% Memory free
1007.75 Mb Paging File | 361.78 Mb Available in Paging File | 35.90% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.16 Gb Total Space | 75.98 Gb Free Space | 53.44% Space Free | Partition Type: NTFS
Drive D: | 6.87 Gb Total Space | 3.94 Gb Free Space | 57.29% Space Free | Partition Type: FAT32
Drive E: | 542.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F3DA59C7C3
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009)
"ie8" = Windows Internet Explorer 8
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"LimeWire" = LimeWire PRO 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Sandboxie" = Sandboxie 3.40
"Ulisess Seguridad 10C Rev1" = Ulisess Seguridad 10C Rev1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2009 1:53:08 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 9.0.0.701, fault address 0x0002c1f9.

Error - 13/11/2009 4:46:03 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgxpl.dll, version 9.0.0.701, fault address 0x00038e1b.

Error - 14/11/2009 12:00:39 AM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/11/2009 8:04:04 AM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 9.0.0.701, fault address 0x0002c1f9.

Error - 15/11/2009 12:42:19 AM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/11/2009 12:42:19 AM | Computer Name = YOUR-F3DA59C7C3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 20/11/2009 4:38:19 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 20/11/2009 4:38:21 PM | Computer Name = YOUR-F3DA59C7C3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-Embedding

Error - 20/11/2009 5:46:06 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt

Error - 20/11/2009 5:46:26 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 20/11/2009 6:31:17 PM | Computer Name = YOUR-F3DA59C7C3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {47750C42-706D-4EB4-8DF9-8D3289CA3173}.
The
error: "%5" Happened while starting this command: "C:\Program Files\Microsoft\Office
Live\OfficeLiveSignIn.exe" Object -Embedding

Error - 21/11/2009 10:16:56 AM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%5

Error - 21/11/2009 2:31:19 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%5

Error - 21/11/2009 7:50:53 PM | Computer Name = YOUR-F3DA59C7C3 | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 21/11/2009 10:03:13 PM | Computer Name = YOUR-F3DA59C7C3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 21/11/2009 11:28:42 PM | Computer Name = YOUR-F3DA59C7C3 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%5" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-27 17:02:26
Windows 5.1.2600 Service Pack 3
Running: 6inzey5r.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\axlyqfog.sys


---- System - GMER 1.0.15 ----

Code 823D7B0C ZwRequestPort
Code 823D7BAC ZwRequestWaitReplyPort
Code 823D7B0B NtRequestPort
Code 823D7BAB NtRequestWaitReplyPort

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!NtRequestPort 805A2A2E 5 Bytes JMP 823D7B10
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort 805A2D5A 5 Bytes JMP 823D7BB0
.text win32k.sys!EngAcquireSemaphore + 20E2 BF8082E1 5 Bytes JMP 823D74D0
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE68 5 Bytes JMP 823D7430
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E77A 5 Bytes JMP 823D79D0
.text win32k.sys!EngSetLastError + 768F BF8286CB 5 Bytes JMP 823D7610
.text win32k.sys!EngCreateBitmap + DDB2 BF845CCB 5 Bytes JMP 823D76B0
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF852C47 5 Bytes JMP 823D7890
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF86368D 5 Bytes JMP 823D7570
.text win32k.sys!FONTOBJ_pxoGetXform + CC3E BF8C31D6 5 Bytes JMP 823D7750
.text win32k.sys!PATHOBJ_vGetBounds + 74EE BF8F00FB 5 Bytes JMP 823D7930
.text win32k.sys!EngCreateClip + 19C1 BF91313E 5 Bytes JMP 823D7A70
.text win32k.sys!EngCreateClip + 2597 BF913D14 5 Bytes JMP 823D77F0

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2980] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 PM

Posted 28 November 2009 - 10:38 AM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

If present could you please provide the content of C:\combofix.txt

Your logs look clean. Could you please provide updated logs from Eset and Malwarebytes, to make sure that everything is clean.

Please also uninstall the following outdated java version: J2SE Runtime Environment 5.0 Update 2

You have the latest version of java installed as well.

Please post back the logs from Eset and Mbam if they aren't clean.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 PipG

PipG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 30 November 2009 - 01:06 PM

I have looked for the combofix log, but cannot find it. As best I can recall, combofix was not able to run, so perhaps there isn't a log.
I have completed the ESET on-line scan and a Malwarebytes scan, both of which were clean. The logs follow. Thanks again for looking this over.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f3849d39180c3047803e0b4b109a3d1c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-30 01:46:34
# local_time=2009-11-29 09:46:34 (-0400, Atlantic Standard Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777175 100 0 673122 673122 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88889
# found=0
# cleaned=0
# scan_time=4607


Malwarebytes' Anti-Malware 1.41
Database version: 3260
Windows 5.1.2600 Service Pack 3

30/11/2009 9:26:43 AM
mbam-log-2009-11-30 (09-26-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200031
Time elapsed: 1 hour(s), 35 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 PM

Posted 01 December 2009 - 08:57 AM

Hi,

Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.
  • J2SE Runtime Environment 5.0 Update 2
If you are unsure of how to use Add or Remove Programs, the please see this tutorial:
How To Remove An Installed Program From Your Computer
You have the latest version of java installed as well.

Your Adobe Reader is also out of date. Please uninstall it and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

Is your PC still having any odd symptoms?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 PipG

PipG
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:00 PM

Posted 01 December 2009 - 03:35 PM

Done and done. Everything seems fine now. Thanks for looking this over for me.

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 PM

Posted 02 December 2009 - 04:23 PM

Hi,

I believe we can finish things off by removing the programs we used then! :)

Read those last few lines, in order to keep your pc safe and clean:
Please do the following to clean up your PC:
  • Delete the tools used during the disinfection:
    • Download OTC from the following mirrors and save it to your desktop:
    • Double click on Posted Image
    • Push the large "Cleanup" button.
    • Allow your system to reboot.
  • If OTC faild to remove all programs from your Desktop, please delete the rest manually.
  • Disable and Enable System Restore.
    You can find instructions on how to disable and reenable system restore here:
    Windows ME System Restore Guide
    Windows XP System Restore Guide
    Windows Vista System Restore Guide

    Note: You should only do this once, not on a regular basis!
    You will not be able to restore computer to any earlier than today!
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:00 PM

Posted 21 December 2009 - 08:33 AM

Since the issue seems resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users