Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redirect


  • This topic is locked This topic is locked
20 replies to this topic

#1 bearbear

bearbear

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 09 January 2010 - 05:55 PM

Links in a Google search results page are redirected to other search engines and shopping pages. STOPzilla detects nothing. GMER came up with a suspicious modification of atapi.sys

I am running Vista and IE 8.

I successfully downloaded and saved DDS but could not run it because the .scr file extension is associated with "AutoCAD script" and Notepad on my machine. It is not clear to me how to set it back to its default association.

Here is my RootRepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/09 17:13
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: awlyqkoc.sys
Image Path: C:\Users\SWANDU~1\AppData\Local\Temp\awlyqkoc.sys
Address: 0xA6658000 Size: 93056 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D3E7000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D3DC000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA666F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e0fa96f-f871-11de-9465-00407b75e9d1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e0fa9b0-f871-11de-9465-00407b75e9d1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e0fa9b4-f871-11de-9465-00407b75e9d1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0e0fa9f0-f871-11de-9465-00407b75e9d1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5e427222-fae4-11de-87b7-00407b75e9d1}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5E427~2
Status: Locked to the Windows API!

Path: c:\windows\microsoft.net\framework\netfxsbs12.hkf
Status: Allocation size mismatch (API: 36864, Raw: 45056)

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f63b3c292618dec.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1572 Status: Locked to the Windows API!

SSDT
-------------------
#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\drivers\szkgfs.sys" at address 0x805d64b0

Stealth Objects
-------------------
Object: Hidden Module [Name: default.dll]
Process: chrome.exe (PID: 5488) Address: 0x68a50000 Size: 450560

Object: Hidden Module [Name: en-US.dll]
Process: chrome.exe (PID: 5488) Address: 0x6bf30000 Size: 114688

Object: Hidden Module [Name: en-US.dll]
Process: chrome.exe (PID: 4880) Address: 0x6bf30000 Size: 114688

==EOF==

Thank you.

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 15 January 2010 - 05:43 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 20 January 2010 - 04:15 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 20 January 2010 - 05:06 PM

Hi,

topic reopened please post your logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 21 January 2010 - 09:23 AM

Thank you myrti.

OTL logfile created on: 1/20/2010 4:30:44 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Swan Duncan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 29.44 Gb Free Space | 30.15% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 135.13 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 616.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 319.10 Gb Free Space | 68.51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWAINDUNCAN-PC
Current User Name: Swan Duncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
PRC - [2010/01/09 08:41:11 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/08 18:25:47 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/08 18:25:46 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/08 18:25:46 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/08 18:25:46 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/08 18:25:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/08 18:25:43 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/24 19:12:15 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 09:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/21 11:49:17 | 00,536,580 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\Fling\fling.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/03 22:38:28 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/03/02 22:40:08 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/18 13:36:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 13:36:04 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:23:32 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/06/12 11:30:52 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/03/14 20:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/10/11 11:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/20 07:35:26 | 00,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 15:05:32 | 00,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)
SRV - [2010/01/14 17:41:34 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010/01/08 18:25:44 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/08 18:25:43 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/21 11:49:17 | 00,536,580 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\Fling\fling.exe -- (FlingService)
SRV - [2009/02/11 21:45:15 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c95c02521efa11) Google Update Service (gupdate1c95c02521efa11)
SRV - [2009/01/30 19:31:38 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/04 13:32:15 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/06/05 23:41:12 | 01,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/02/18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/06/12 11:30:52 | 00,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/08 18:26:03 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/08 18:25:59 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/08 18:25:58 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/31 15:25:20 | 00,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/02 22:41:55 | 00,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/03/02 22:40:10 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/18 13:36:14 | 00,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 13:36:14 | 00,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 13:36:04 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/16 16:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2001/10/09 12:11:52 | 00,015,873 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WebSTAR.sys -- (WebSTARNdis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\SWAINDUNCAN-PC_Guest\SWAINDUNCAN-PC_Guest\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/08 18:25:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/08 18:25:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 20:26:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 20:26:28 | 00,000,000 | ---D | M]

[2008/10/08 09:13:41 | 00,000,000 | ---D | M] -- C:\Users\Swan Duncan\AppData\Roaming\mozilla\Extensions
[2008/10/08 09:13:41 | 00,000,000 | ---D | M] -- C:\Users\Swan Duncan\AppData\Roaming\mozilla\Firefox\Profiles\u9jhpj5v.default\extensions
[2010/01/08 17:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/09 11:55:36 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/01/15 11:41:29 | 00,000,751 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wellnomics WorkPace 3.7.1] C:\Program Files\Wellnomics WorkPace\workpace.exe (Wellnomics Ltd)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\SWAINDUNCAN-PC_Guest..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Swan Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Swan Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\SWAINDUNCAN-PC_Guest\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 13:11:31 | 00,000,000 | ---D | M] - C:\Autocad install -- [ NTFS ]
O32 - AutoRun File - [2010/01/16 11:33:19 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/20 16:26:14 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
[2010/01/19 11:22:42 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\Ahead
[2010/01/18 10:54:21 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\NewSoft
[2010/01/17 08:18:39 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Patch-ismail
[2010/01/16 16:50:31 | 00,000,000 | R--D | C] -- C:\Users\Swan Duncan\portraits
[2010/01/16 11:45:16 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Documents\Autodesk Revit Architecture 2010
[2010/01/16 11:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk Revit Architecture 2010
[2010/01/16 11:42:10 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Documents\Visual Studio 2008
[2010/01/16 11:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/01/16 11:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/01/16 11:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/01/16 11:38:57 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/01/16 11:38:52 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/16 11:33:19 | 00,000,000 | ---D | C] -- C:\Autodesk
[2010/01/15 17:26:16 | 00,000,000 | -HSD | C] -- C:\Windows\System32\lowsec
[2010/01/15 14:31:57 | 00,000,000 | --SD | C] -- C:\ComboFix
[2010/01/15 14:31:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/15 14:31:30 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/15 13:55:05 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/15 13:55:02 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/15 13:55:02 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\temp
[2010/01/15 13:41:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/15 13:41:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/15 13:41:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/15 13:41:14 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/15 13:33:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/14 17:36:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/01/14 17:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/14 17:35:52 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\Downloaded Installations
[2010/01/13 11:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/13 10:35:07 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\Malwarebytes
[2010/01/13 10:35:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/13 10:35:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/13 10:35:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/13 10:35:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 10:18:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/13 10:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/13 09:33:26 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 09:33:26 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/09 19:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/01/09 16:19:15 | 00,472,064 | ---- | C] ( ) -- C:\Users\Swan Duncan\Desktop\RootRepeal.exe
[2010/01/09 15:51:06 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\Apps
[2010/01/09 13:25:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Cobian
[2010/01/09 13:24:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/01/09 09:07:32 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/01/09 09:06:54 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/01/09 09:06:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/01/08 18:26:08 | 00,000,000 | ---D | C] -- C:\$AVG
[2010/01/08 18:26:04 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/08 18:26:03 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/08 18:25:59 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/08 18:25:58 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/08 18:25:54 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/08 18:25:53 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/01/08 18:25:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/08 18:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/08 17:41:31 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Laser
[2010/01/02 20:28:01 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/02 20:28:01 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/02 20:27:27 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/02 20:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/02 20:27:24 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/02 20:25:59 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/24 07:24:39 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2008/11/09 11:55:38 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Swan Duncan\Documents\*.tmp files -> C:\Users\Swan Duncan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/20 16:29:29 | 03,407,872 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT
[2010/01/20 16:28:26 | 00,207,360 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
[2010/01/20 16:10:01 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 14:49:46 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 14:49:46 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/20 13:04:11 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 12:54:40 | 54,376,428 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/20 12:50:36 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/20 12:49:21 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6947E0F-F7A0-4449-85E5-C0A8A4A90267}.job
[2010/01/20 12:49:14 | 00,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/20 12:49:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/19 18:49:48 | 00,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/19 11:19:05 | 00,011,536 | ---- | M] () -- C:\Users\Swan Duncan\Documents\Goals - winter 2009 - 2010.xlsx
[2010/01/19 09:39:20 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/19 09:39:20 | 00,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/19 09:39:20 | 00,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/19 09:34:29 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/19 09:34:15 | 21,428,75648 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/19 09:19:14 | 00,524,288 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/19 09:19:14 | 00,065,536 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/19 09:18:49 | 03,347,792 | -H-- | M] () -- C:\Users\Swan Duncan\AppData\Local\IconCache.db
[2010/01/18 10:55:14 | 00,000,370 | ---- | M] () -- C:\Users\Swan Duncan\Documents\NEWSOFT
[2010/01/18 10:52:48 | 00,006,520 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Roaming\PrimoPDFSet.xml
[2010/01/16 11:44:45 | 00,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Revit Architecture 2010.lnk
[2010/01/16 11:39:10 | 00,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2010/01/15 13:52:15 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/15 13:40:43 | 03,825,836 | R--- | M] () -- C:\Users\Swan Duncan\Desktop\ComboFix.exe
[2010/01/15 12:56:44 | 00,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/01/15 11:41:29 | 00,000,751 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/15 10:29:59 | 08,698,400 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/15 10:29:59 | 00,118,616 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/15 10:29:07 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2010/01/15 09:47:39 | 00,000,795 | ---- | M] () -- C:\rollback.ini
[2010/01/13 11:23:01 | 00,035,970 | ---- | M] () -- C:\Users\Swan Duncan\Documents\cc_20100113_112256.reg
[2010/01/13 11:10:05 | 00,001,670 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\CCleaner.lnk
[2010/01/13 10:35:05 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 10:18:36 | 00,001,055 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\Spybot - Search & Destroy.lnk
[2010/01/10 16:30:57 | 00,524,288 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\dds.pif
[2010/01/10 10:15:16 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/10 10:13:38 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/09 16:19:19 | 00,472,064 | ---- | M] ( ) -- C:\Users\Swan Duncan\Desktop\RootRepeal.exe
[2010/01/08 18:26:04 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/08 18:26:03 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/08 18:25:59 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/08 18:25:58 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/08 18:25:58 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/08 18:25:54 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/08 18:25:54 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/08 10:37:50 | 00,000,099 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Local\fusioncache.dat
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Swan Duncan\Documents\*.tmp files -> C:\Users\Swan Duncan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 10:54:21 | 00,000,370 | ---- | C] () -- C:\Users\Swan Duncan\Documents\NEWSOFT
[2010/01/16 11:44:45 | 00,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Revit Architecture 2010.lnk
[2010/01/16 11:39:10 | 00,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2010/01/15 14:38:22 | 21,428,75648 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/15 13:41:23 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/15 13:41:23 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/15 13:41:23 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/15 13:41:23 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/15 13:41:23 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/15 13:40:42 | 03,825,836 | R--- | C] () -- C:\Users\Swan Duncan\Desktop\ComboFix.exe
[2010/01/15 12:56:44 | 00,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/01/15 10:29:07 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2010/01/14 17:41:11 | 08,698,400 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/14 17:41:11 | 00,118,616 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/14 17:41:02 | 00,000,795 | ---- | C] () -- C:\rollback.ini
[2010/01/13 11:23:00 | 00,035,970 | ---- | C] () -- C:\Users\Swan Duncan\Documents\cc_20100113_112256.reg
[2010/01/13 11:10:05 | 00,001,670 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\CCleaner.lnk
[2010/01/13 10:35:05 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 10:18:36 | 00,001,055 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\Spybot - Search & Destroy.lnk
[2010/01/10 16:30:50 | 00,524,288 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\dds.pif
[2010/01/10 10:15:16 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/10 08:55:27 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/08 18:25:58 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/08 18:25:54 | 54,376,428 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/08 18:25:54 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/08 18:25:54 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/08 18:25:54 | 00,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/08 10:37:50 | 00,000,099 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\fusioncache.dat
[2009/09/11 06:38:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/15 11:39:38 | 00,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/04/15 11:37:46 | 00,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/04/15 11:34:09 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/15 11:18:05 | 00,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLaNL.DLL
[2009/04/01 08:32:38 | 00,000,663 | ---- | C] () -- C:\ProgramData\tmp99E3.log
[2009/02/24 10:43:13 | 00,000,000 | ---- | C] () -- C:\Windows\mixer.INI
[2009/02/22 00:25:37 | 00,000,648 | ---- | C] () -- C:\ProgramData\tmp8F4A.log
[2009/02/11 11:10:03 | 00,000,715 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempTest 41 3
[2009/02/09 13:53:52 | 00,120,495 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempReflector 15724 52
[2009/02/09 13:48:30 | 00,000,491 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempReflector 19169 30
[2009/02/09 10:25:47 | 00,000,318 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\Tempuntitled 41 47
[2009/02/06 20:46:28 | 00,000,490 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\Tempuntitled 41 28
[2008/11/30 10:06:13 | 00,005,087 | ---- | C] () -- C:\ProgramData\kcmqrovh.dlh
[2008/11/09 17:19:40 | 00,000,098 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\DownloadLog.txt
[2008/10/20 10:16:05 | 00,001,032 | ---- | C] () -- C:\ProgramData\tmpD78A.log
[2008/10/08 20:30:57 | 00,432,128 | ---- | C] () -- C:\Windows\sqlite3.dll
[2008/10/08 14:43:22 | 00,001,032 | ---- | C] () -- C:\ProgramData\tmp86CD.log
[2008/10/07 11:42:54 | 00,000,400 | ---- | C] () -- C:\Windows\g_iclink343.ini
[2008/10/05 19:53:18 | 00,006,520 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Roaming\PrimoPDFSet.xml
[2008/10/05 19:50:03 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/10/04 16:56:58 | 00,207,360 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/04 09:43:17 | 00,024,206 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Roaming\UserTile.png
[2008/10/02 15:49:04 | 00,000,680 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\d3d9caps.dat
[2008/04/28 11:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 836 bytes -> C:\Users\Swan Duncan\Documents\Material proposal.eml:OECustomProperty
@Alternate Data Stream - 744 bytes -> C:\Users\Swan Duncan\Documents\Re_ Looking for work.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> C:\Users\Swan Duncan\Documents\James.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> C:\Users\Swan Duncan\Documents\Acier Lachine columns.eml:OECustomProperty
< End of report >



OTL Extras logfile created on: 1/20/2010 4:30:46 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Swan Duncan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 29.44 Gb Free Space | 30.15% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 135.13 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Drive E: | 616.30 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 319.10 Gb Free Space | 68.51% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWAINDUNCAN-PC
Current User Name: Swan Duncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02772365-31C1-4B4E-ACEF-4CE47E19F5FA}" = lport=5379 | protocol=6 | dir=in | name=jaxer |
"{08413760-829E-482E-9237-AAA8E3F1E45D}" = lport=5382 | protocol=6 | dir=in | name=jaxer |
"{0AB4DC74-1AB4-40F8-BFEA-B18BED7AE3D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1830D805-E721-4717-B931-9BB205B4EB4D}" = lport=5371 | protocol=6 | dir=in | name=jaxer |
"{1A035E74-E03B-46CE-90E0-CFE4BAE54890}" = rport=445 | protocol=6 | dir=out | app=system |
"{2006EFED-21B7-46AE-A19A-FE19386F038D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2AD1C68A-B675-40E8-A711-E8BB414BFF54}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B21C194-C7E2-438A-83DA-E9645CE415E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3119B30C-D88D-4D46-8682-BABDD47152DD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3729FB40-7168-4318-926F-6BF668C9FF4C}" = lport=8081 | protocol=6 | dir=in | name=apache |
"{37F44ECF-AD1F-4449-8A55-89B27ADD4F11}" = lport=5374 | protocol=6 | dir=in | name=jaxer |
"{384A6BA2-C46B-4FEB-B9EA-F54E33B9E26C}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3AB352A9-DC18-41D3-A744-7CD2AFBA0E08}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47EF0636-3607-42E7-BF02-83991476A8AF}" = lport=5377 | protocol=6 | dir=in | name=jaxer |
"{4C37CB09-C08C-4102-9762-AD6FD73D021E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5178ADC8-1064-4DCC-8FDB-77FF81D74FB2}" = lport=5381 | protocol=6 | dir=in | name=jaxer |
"{519B29E7-CB7B-4D0F-9A73-6BF1E4A4B9FD}" = lport=5380 | protocol=6 | dir=in | name=jaxer |
"{5A44CB01-995C-46B1-825C-350C20267B33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{619599B5-FBD6-4810-8FE1-B3471AD2FA97}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{825F09F9-013F-40E9-B1FD-82109F40EFB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{83586538-748A-46B9-8653-2211247CD3FB}" = rport=139 | protocol=6 | dir=out | app=system |
"{84C4EB50-A451-4425-83EF-8FC802935372}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{87B0E65C-988B-449E-88D5-B9BC36962FC7}" = lport=5370 | protocol=6 | dir=in | name=jaxer |
"{973F1856-7D0B-4607-A31A-54F68998D019}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9EFEAA36-C2A2-4BD2-971C-7E7C688F7564}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A314244C-B3AF-43CF-9D00-68C215C5B6DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFD02E0E-E6B7-42B4-8C3D-BDA63E46495F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B04A15C1-E054-4ABD-883C-2E8B54A96CDF}" = lport=5383 | protocol=6 | dir=in | name=jaxer |
"{B3689929-895F-4BDD-A74D-14269D0126F3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3A5AF2F-6604-4FE7-8110-9A6EE803F069}" = rport=138 | protocol=17 | dir=out | app=system |
"{C773E6D3-36E1-4208-80C9-56875A4CCF2B}" = rport=137 | protocol=17 | dir=out | app=system |
"{CFB3F5B2-AAC1-4FCA-8479-6442D4F1854A}" = lport=5375 | protocol=6 | dir=in | name=jaxer |
"{DED650EE-12C4-44F9-A375-DC8FB3A19E71}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DF5492DD-EEDE-4D71-89EA-E3B19D780A9E}" = lport=139 | protocol=6 | dir=in | app=system |
"{E180A34F-6D50-415A-BEFF-ED03802DB9D8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{E833DA66-93E6-4712-AA48-C61707E86EC6}" = lport=5376 | protocol=6 | dir=in | name=jaxer |
"{F1E3D82B-60AC-4D97-BA80-C6FDBDA2A883}" = lport=138 | protocol=17 | dir=in | app=system |
"{F1EE3158-2406-447E-B0BC-2E78BFCCC482}" = lport=5378 | protocol=6 | dir=in | name=jaxer |
"{FD19FF3E-8DFC-4E7D-B4ED-47FB99663EE7}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FDA32CBA-6BD3-4084-80AD-9E7DDD34EED1}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B35CC4-62E7-4B29-90BA-79E2118D4C1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08966AF7-1043-4B80-98B6-94AE43E46E72}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0A479E2E-4F31-4D22-8C06-B30E77E5754B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0F7873BF-1E6A-484D-B28C-9E3A1F8BA002}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{115699BF-AB98-4ACB-8D46-82E9A1D899FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11F8A299-2305-4E0A-985F-1CFDD37CD4CE}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{20EE2EBF-B692-433F-BED2-98E21D78B9B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2FF5ED9B-30CC-4319-AB7F-1347C27E9E91}" = protocol=58 | dir=in | app=system |
"{346A9FF0-2D67-4DCB-B728-0A65309D0B39}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{39F17297-812E-4516-A635-02638D5138C2}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{4AA3FB39-7E3D-49CD-B814-3E7BF5902785}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{7172C361-7B21-4AAA-AA47-F8E2DFD9FD00}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74312B90-7F9E-4A83-9B64-C22AC810F1A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{7BD84316-0BA8-4811-9674-83F140EE47EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7CD8CBB5-9CE7-4229-B055-7139EF981949}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82A13143-2529-40A2-B1A8-EEDDA18FA61A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8BA0C351-9F12-4189-B7C5-1541DD1A75EB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{9763FC82-8DB8-41E8-A810-479BBC8F6A90}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BAB9E2F-1104-4306-8C2D-FA02980ACDF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B1C21963-5B4D-40A7-A1B5-6971233B3675}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{BD8C2385-D298-43AF-A99E-2CE15E8AAB2F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{CDDC069C-507A-48FF-9249-982467E10F12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE208567-BDB5-4F32-8280-E8FA0077A6E1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E4CDC7C4-7820-494B-BAF6-97CDBBA86FDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{0D8E9A15-0599-408A-AECF-551E70E0896B}C:\program files\aptana\aptana studio\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\aptana\aptana studio\jre\bin\javaw.exe |
"TCP Query User{17CC2F8D-4560-4339-B4EA-42C6BF5D989D}C:\program files\modo pc version\luxology\modo 401\modo.exe" = protocol=6 | dir=in | app=c:\program files\modo pc version\luxology\modo 401\modo.exe |
"TCP Query User{59025117-44A1-4154-90FA-92506F24ABC6}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{5D407A7D-3F92-4418-B7C2-D76FA8A84201}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"TCP Query User{623977C8-7B2E-485C-B940-9C9BE727C596}C:\program files\gnaural\gnaural.exe" = protocol=6 | dir=in | app=c:\program files\gnaural\gnaural.exe |
"TCP Query User{7999C1EE-49A7-4F9B-B3B0-5794E44E6AAF}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{87825537-6F79-4361-9143-8DB04881D777}C:\program files\next limit\maxwell\mxcl.exe" = protocol=6 | dir=in | app=c:\program files\next limit\maxwell\mxcl.exe |
"TCP Query User{906A79DD-70E9-498C-BF67-BF0C4BA12123}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"TCP Query User{C74BBE52-AF5E-4BB0-9FA2-5771C6818185}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
"TCP Query User{CBE0374B-2B1C-41C7-9F6D-C79DE26C2EAF}C:\aptana\aptana studio\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\aptana\aptana studio\jre\bin\javaw.exe |
"TCP Query User{DBC05358-A23C-48C5-8A60-B930334BA30A}C:\aptana\aptana studio\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\aptana\aptana studio\jre\bin\javaw.exe |
"TCP Query User{DCDC72EE-D889-4F7B-AE92-920A07C1A377}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=6 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"TCP Query User{E9698BF4-38B1-439B-BC5F-86BF5E495C9D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{06DA58D3-5614-4894-B118-7408019746CB}C:\program files\aptana\aptana studio\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\aptana\aptana studio\jre\bin\javaw.exe |
"UDP Query User{58B3CDFA-66AB-4B0A-B031-9ED4A4FD4978}C:\program files\google\google sketchup 6\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 6\sketchup.exe |
"UDP Query User{6BD3BB07-FD82-4AC7-A713-D8E9EAEA47DB}C:\programdata\asgvis\drspawner\drspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\drspawner\drspawner.exe |
"UDP Query User{8513AABE-D959-4B81-A283-B4F40B428C69}C:\aptana\aptana studio\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\aptana\aptana studio\jre\bin\javaw.exe |
"UDP Query User{874DEB99-DB4E-4C0E-A455-9D20FB4DD498}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{8B39BF98-0C9A-4ABD-A63D-E82048913F90}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{A1B574E7-D0AA-4164-AFFB-8D5453A3F6B3}C:\aptana\aptana studio\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\aptana\aptana studio\jre\bin\javaw.exe |
"UDP Query User{CA3349A0-9ABC-4A7E-9D69-F9BCE3938320}C:\program files\google\google sketchup 7\sketchup.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\sketchup.exe |
"UDP Query User{D24CD861-7AA7-4A57-A187-B8BF10F2CC6D}C:\program files\gnaural\gnaural.exe" = protocol=17 | dir=in | app=c:\program files\gnaural\gnaural.exe |
"UDP Query User{E8BEBF5C-55F1-4242-A02E-92A3EF3A4BAB}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F0E86699-C02B-496A-A422-5D361FB80653}C:\program files\google\google sketchup 7\layout\layout.exe" = protocol=17 | dir=in | app=c:\program files\google\google sketchup 7\layout\layout.exe |
"UDP Query User{F6FE17B3-1A7E-4BB4-A4C5-3A1E533ABA21}C:\program files\next limit\maxwell\mxcl.exe" = protocol=17 | dir=in | app=c:\program files\next limit\maxwell\mxcl.exe |
"UDP Query User{FA58AC44-00C6-4E46-98DB-F2E8B7D60DB2}C:\program files\modo pc version\luxology\modo 401\modo.exe" = protocol=17 | dir=in | app=c:\program files\modo pc version\luxology\modo 401\modo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1883A84D-94AA-432C-9519-FA31B6B118B9}" = forteManager
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3FF9FF-2E7E-46D8-9910-1DAF63730E61}" = Rhinoceros 4.0 Training Materials, Level 1
"{3D6B5B20-7783-4984-948F-5EC6D94711D4}" = IESviewer 2.99n
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572FBF5D-3BAA-42FF-A468-A54C2C0A17C3}" = Autodesk Revit Architecture 2010
"{5783F2D7-7001-0409-0002-0060B0CE6BBA}" = AutoCAD 2009 - English
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142040}" = Java 2 Runtime Environment, SE v1.4.2_04
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7B41ED45-AAF3-4668-9933-930DF92E4172}" = V-Ray for SketchUp
"{7F352422-4AC3-4AB3-8C00-A639C72F250E}" = CutList Plus 2009
"{81595762-F450-4E38-928D-DC00F5C5B080}_is1" = RDE version 1.1.1
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9172D574-5807-4B9C-9027-261C2DB29FB1}" = Google SketchUp Pro 7.1
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A956967D-D934-4904-94B3-84E3EF850F21}" = V-Ray for SketchUp
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC9B8FEB-0C55-44CB-8854-BC04517B0D5C}" = Graph-iView - Planetarium
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAD098FE-56BA-43A8-8844-83A2B2315AF3}" = HDView for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCBC3666-5199-4702-B052-2C58FCA6EFF9}" = Rhinoceros 4.0 Evaluation
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{DF78EBF9-0C4F-43D3-BD6F-5FC3E2A0E3A8}" = Photosynth 2.0109.1002.1657
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EF3E420F-2DCF-4C24-8E37-896801901033}" = Nero 7 Essentials
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Aptana Studio" = Aptana Studio
"AutoCAD 2009 - English" = AutoCAD 2009 - English
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Revit Architecture 2010" = Autodesk Revit Architecture 2010
"AVG9Uninstall" = AVG Free 9.0
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.5.1
"CobBackup9" = Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CoreFLAC Audio Decoder+Source Filter" = CoreFLAC Audio Decoder+Source Filter (remove only)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Fling" = Fling File Transfer
"Gnaural_is1" = Gnaural ver. 1.0.20090808
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GTK2-Runtime" = GTK2-Runtime
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.46
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Masonry Designer - Acme Brick" = Masonry Designer - Acme Brick
"Maxwell" = Maxwell
"McAfee Security Scan" = McAfee Security Scan
"Mesh To Solid for Rhino_is1" = Mesh To Solid for Rhino
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MoI_v1_trial_is1" = Moment of Inspiration 1.0 trial
"Monkey" = Monkey
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Noise Ninja (Standalone Version)_is1" = Noise Ninja 2 (Standalone Version)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.1.2
"PhotoStitch" = Canon Utilities PhotoStitch
"PrimoPDF4.1.0.9" = PrimoPDF
"PROSetDX" = Intel® PRO Network Connections 12.1.12.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealArcade 1.2" = RealArcade
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Ruby-186-26" = Ruby-186-26
"Smurf" = Smurf 2.0
"SU2KT_is1" = SU2KT
"VLC media player" = VLC media player 0.9.8a
"WebSTAR Uninstall" = WebSTAR DPX USB Cable Modem Adapter
"WinRAR archiver" = WinRAR archiver
"WorkPace 3.7.1.1" = Wellnomics WorkPace 3.7.1
"Yahoo! Companion" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/19/2010 9:10:15 AM | Computer Name = SwainDuncan-PC | Source = Google Update | ID = 20
Description =

Error - 1/19/2010 10:10:16 AM | Computer Name = SwainDuncan-PC | Source = Google Update | ID = 20
Description =

Error - 1/19/2010 10:35:59 AM | Computer Name = SwainDuncan-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2010 12:49:49 PM | Computer Name = SwainDuncan-PC | Source = SPP | ID = 16387
Description =

Error - 1/19/2010 12:49:49 PM | Computer Name = SwainDuncan-PC | Source = System Restore | ID = 8193
Description =

Error - 1/19/2010 12:49:49 PM | Computer Name = SwainDuncan-PC | Source = System Restore | ID = 8210
Description =

Error - 1/19/2010 4:02:16 PM | Computer Name = SwainDuncan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp
0x4b077416, faulting module avgxpl.dll, version 9.0.0.711, time stamp 0x4b0b19d5,
exception code 0xc0000005, fault offset 0x0003a15f, process id 0x600, application
start time 0x01ca99423b1e7764.

Error - 1/20/2010 1:00:14 AM | Computer Name = SwainDuncan-PC | Source = SPP | ID = 16387
Description =

Error - 1/20/2010 1:00:14 AM | Computer Name = SwainDuncan-PC | Source = System Restore | ID = 8193
Description =

Error - 1/20/2010 1:00:14 AM | Computer Name = SwainDuncan-PC | Source = System Restore | ID = 8210
Description =

[ System Events ]
Error - 7/27/2009 11:56:47 AM | Computer Name = SwainDuncan-PC | Source = HTTP | ID = 15016
Description =

Error - 7/27/2009 11:57:03 AM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 7/27/2009 11:57:03 AM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 7/27/2009 11:58:30 AM | Computer Name = SwainDuncan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/28/2009 12:07:17 PM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 7/28/2009 6:37:33 PM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 7/28/2009 11:13:18 PM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 7/29/2009 9:31:28 AM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.

Error - 7/30/2009 3:00:16 AM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/30/2009 3:00:17 AM | Computer Name = SwainDuncan-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 24.201.121.136,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which
addresses are being allocated to DHCP clients. To enable the DHCP allocator on this
IP address, change the scope to include the IP address, or change the IP address
to fall within the scope.


< End of report >



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 22 January 2010 - 11:01 AM

Hi,

please run a scan with gmer as well:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 22 January 2010 - 04:58 PM

myrti,

The registry section of the gmer log is too long to attach or paste into this reply.

Here is the rest:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 16:39:23
Windows 6.0.6002 Service Pack 2
Running: x8xql7t1.exe; Driver: C:\Users\SWANDU~1\AppData\Local\Temp\awlyqkoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x807A3024]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8B60A320, 0x3DE2A7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[780] ole32.dll!CoCreateInstance 75AC9EA6 5 Bytes JMP 0095000A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateFile + 6 772943DA 4 Bytes [28, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtCreateFile + B 772943DF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtMapViewOfSection + 6 77294B2A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtMapViewOfSection + 6 77294B2A 4 Bytes [28, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtMapViewOfSection + B 77294B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenFile + 6 77294BBA 4 Bytes [68, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenFile + B 77294BBF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcess + 6 77294C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcess + B 77294C3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessToken + 6 77294C4A 4 Bytes CALL 76295250 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessToken + B 77294C4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessTokenEx + 6 77294C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenProcessTokenEx + B 77294C5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThread + 6 77294CAA 4 Bytes [68, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThread + B 77294CAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadToken + 6 77294CBA 4 Bytes [68, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadToken + B 77294CBF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadTokenEx + 6 77294CCA 4 Bytes CALL 762952D1 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtOpenThreadTokenEx + B 77294CCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryAttributesFile + 6 77294D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryAttributesFile + B 77294D5F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryFullAttributesFile + 6 77294E0A 4 Bytes CALL 7629540F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtQueryFullAttributesFile + B 77294E0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationFile + 6 772952EA 4 Bytes [28, 01, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationFile + B 772952EF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationThread + 6 7729533A 4 Bytes [28, 02, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtSetInformationThread + B 7729533F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtUnmapViewOfSection + 6 772955DA 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtUnmapViewOfSection + 6 772955DA 4 Bytes [68, 03, 06, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!NtUnmapViewOfSection + B 772955DF 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74047817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7409A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7404BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7403F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7403E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74078395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7404DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7403FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7403FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [740CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7406C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7403D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74036853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7403687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74042AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device InCDFs.sys (InCD File System Driver/Nero AG)
Device -> \Driver\atapi \Device\Harddisk0\DR0 84C04618


---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#8 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 22 January 2010 - 05:05 PM

Myrti,

Attached is a zipped gmer log

Thanks,
Duncan

Attached Files



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 23 January 2010 - 10:49 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 23 January 2010 - 05:53 PM

Credit card cancelled. Too busy to reinstall this week.

ComboFix 10-01-23.02 - Swan Duncan 01/23/2010 17:35:59.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1234 [GMT -5:00]
Running from: c:\users\Swan Duncan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Swan Duncan\AppData\Local\temp\ppcrlui_564_2
c:\users\SWANDU~1\AppData\Local\Temp\ppcrlui_564_2
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\Help\help
c:\windows\Help\help\en-US\Help.h1c
c:\windows\Help\help\en-US\Help.H1T
c:\windows\Help\help\en-US\Help_AssetId.H1K
c:\windows\Help\help\en-US\Help_BestBet.H1K
c:\windows\Help\help\en-US\Help_LinkTerm.H1K
c:\windows\Help\help\en-US\Help_SubjectTerm.H1K
c:\windows\Help\help\en-US\resources.H1S
c:\windows\Help\help\en-US\stopwrds.stp
c:\windows\Help\help\en-US\stylec.h1s
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds

.
((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2010-01-23 22:44 . 2010-01-23 22:44 -------- d-----w- c:\users\Swan Duncan\AppData\Local\temp
2010-01-23 22:44 . 2010-01-23 22:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-23 22:44 . 2010-01-23 22:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-23 22:44 . 2010-01-23 22:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 16:56 . 2010-01-21 16:58 -------- d-----w- c:\users\Swan Duncan\Medical
2010-01-19 16:22 . 2010-01-19 16:22 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\Ahead
2010-01-18 15:54 . 2010-01-18 15:54 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\NewSoft
2010-01-17 13:18 . 2010-01-17 13:18 -------- d-----w- c:\users\Swan Duncan\Patch-ismail
2010-01-16 21:50 . 2010-01-16 21:51 -------- d-----r- c:\users\Swan Duncan\portraits
2010-01-16 16:46 . 2010-01-16 16:46 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2010-01-16 16:43 . 2010-01-16 16:43 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010
2010-01-16 16:42 . 2010-01-16 16:42 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-01-16 16:40 . 2010-01-16 16:40 -------- d-----w- c:\program files\Microsoft SDKs
2010-01-16 16:40 . 2010-01-16 16:40 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-16 16:39 . 2010-01-16 16:39 -------- d-----w- c:\program files\Autodesk
2010-01-16 16:38 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2010-01-16 16:33 . 2010-01-16 16:33 -------- d-----w- C:\Autodesk
2010-01-15 15:29 . 2010-01-15 15:29 0 ----a-w- C:\backup.reg
2010-01-14 22:42 . 2010-01-14 22:42 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2010-01-14 22:41 . 2010-01-15 15:29 8698400 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-01-14 22:36 . 2010-01-15 15:22 -------- d-----w- c:\programdata\ParetoLogic
2010-01-14 22:36 . 2010-01-15 15:22 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-01-14 22:35 . 2010-01-14 22:35 -------- d-----w- c:\users\Swan Duncan\AppData\Local\Downloaded Installations
2010-01-13 16:10 . 2010-01-13 16:10 -------- d-----w- c:\program files\CCleaner
2010-01-13 15:35 . 2010-01-13 15:35 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\Malwarebytes
2010-01-13 15:35 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 15:35 . 2010-01-13 15:35 -------- d-----w- c:\programdata\Malwarebytes
2010-01-13 15:35 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-13 15:35 . 2010-01-13 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 15:18 . 2010-01-13 16:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-13 15:18 . 2010-01-13 15:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-13 14:33 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:33 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 00:36 . 2010-01-10 00:36 -------- d-----w- c:\program files\Runtime Software
2010-01-09 20:51 . 2010-01-09 20:51 -------- d-----w- c:\users\Swan Duncan\AppData\Local\Apps
2010-01-09 18:25 . 2010-01-09 18:25 -------- d-----w- c:\programdata\Cobian
2010-01-09 18:24 . 2010-01-09 18:25 -------- d-----w- c:\program files\Cobian Backup 9
2010-01-09 14:07 . 2010-01-12 19:50 -------- d-----w- c:\programdata\SITEguard
2010-01-09 14:06 . 2010-01-15 18:02 -------- d-----w- c:\programdata\STOPzilla!
2010-01-09 14:06 . 2010-01-09 14:06 -------- d-----w- c:\program files\Common Files\iS3
2010-01-08 23:25 . 2010-01-08 23:25 -------- d-----w- c:\program files\AVG
2010-01-08 22:41 . 2010-01-08 22:41 -------- d-----w- c:\users\Swan Duncan\Laser
2010-01-08 15:37 . 2010-01-08 15:37 99 ----a-w- c:\users\Swan Duncan\AppData\Local\fusioncache.dat
2010-01-03 01:28 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-03 01:28 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-03 01:27 . 2010-01-03 01:27 -------- d-----w- c:\program files\iPod
2010-01-03 01:27 . 2010-01-03 01:28 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-03 01:27 . 2010-01-03 01:28 -------- d-----w- c:\program files\iTunes
2010-01-03 01:25 . 2010-01-03 01:26 -------- d-----w- c:\program files\QuickTime
2010-01-03 01:20 . 2010-01-03 01:20 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 14:32 . 2008-10-04 17:48 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 21:57 . 2009-01-01 03:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 21:54 . 2009-01-06 00:16 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\uTorrent
2010-01-16 19:21 . 2009-01-31 00:42 -------- d-----w- c:\programdata\FLEXnet
2010-01-16 19:21 . 2008-10-04 18:30 -------- d-----w- c:\programdata\Autodesk
2010-01-16 19:21 . 2008-10-04 17:15 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\Autodesk
2010-01-16 16:43 . 2008-10-04 18:30 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-01-16 16:42 . 2008-10-03 15:30 -------- d-----w- c:\programdata\Microsoft Help
2010-01-15 17:56 . 2010-01-15 17:56 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-15 15:29 . 2010-01-14 22:41 118616 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-14 22:41 . 2008-12-12 02:34 -------- d-----w- c:\programdata\Google Updater
2010-01-13 14:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-12 00:49 . 2009-01-25 00:40 -------- d-----w- c:\users\Swan Duncan\AppData\Roaming\Apple Computer
2010-01-09 17:02 . 2008-12-11 18:01 -------- d-----w- c:\program files\PhotomatixPro3
2010-01-09 14:11 . 2008-10-02 21:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 22:11 . 2008-10-04 17:33 -------- d-----w- c:\program files\Java
2010-01-03 01:27 . 2009-01-25 00:39 -------- d-----w- c:\program files\Common Files\Apple
2010-01-02 06:38 . 2010-01-22 13:38 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 13:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 13:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 13:38 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-24 12:24 . 2009-12-24 12:24 -------- d-----w- c:\programdata\WindowsSearch
2009-12-19 18:11 . 2008-10-04 03:37 -------- d-----w- c:\program files\Google
2009-12-11 12:58 . 2009-12-11 12:57 95088 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-11 12:58 . 2009-12-11 12:58 -------- d-----w- c:\users\Guest\AppData\Roaming\DisplayTune
2009-12-11 08:19 . 2009-12-11 08:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-11 08:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-11 08:19 . 2009-12-11 08:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-11 08:19 . 2009-12-11 08:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-10 18:07 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-10 18:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-10 18:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-10 18:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-10 18:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-10 18:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-26 23:21 . 2008-12-08 02:47 -------- d-----w- c:\program files\Photosynth
2009-11-26 16:52 . 2009-11-26 16:52 -------- d-----w- c:\program files\piPOol
2009-11-26 16:48 . 2009-11-26 16:48 33540 ----a-w- c:\windows\system32\CoreFLACDecoder-uninstall.exe
2009-11-15 00:17 . 2009-11-15 00:17 1002096 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe
2009-11-09 14:33 . 2009-11-09 14:33 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-11-09 12:31 . 2009-12-10 08:02 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-10 08:02 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-10 08:02 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-03 01:42 . 2009-10-03 21:01 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17 . 2009-11-25 08:01 2048 ----a-w- c:\windows\system32\tzres.dll
2008-11-09 16:55 . 2008-11-09 16:55 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-15_18.52.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-16 16:38 . 2010-01-16 16:38 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 62976 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90RUS.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 46080 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90KOR.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90JPN.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 64512 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ITA.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 66048 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90FRA.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESP.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 65024 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ESN.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 56832 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90ENU.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 66560 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90DEU.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 39936 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHT.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 38912 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1\MFC90CHS.DLL
+ 2010-01-16 16:38 . 2010-01-16 16:38 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90u.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfcm90.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2\vcomp.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22973_none_a8fac7058d9a33aa\iesetup.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22973_none_a8fac7058d9a33aa\iernonce.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18882_none_a8655a047485967a\iesetup.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18882_none_a8655a047485967a\iernonce.dll
+ 2010-01-22 13:38 . 2010-01-02 13:12 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22973_none_df7800eb09e2ee01\msfeedssync.exe
+ 2010-01-22 13:38 . 2010-01-02 14:51 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22973_none_df7800eb09e2ee01\msfeedsbs.dll
+ 2010-01-22 13:38 . 2010-01-02 04:56 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18882_none_dee293e9f0ce50d1\msfeedssync.exe
+ 2010-01-22 13:38 . 2010-01-02 06:33 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18882_none_dee293e9f0ce50d1\msfeedsbs.dll
+ 2010-01-22 13:38 . 2010-01-02 14:56 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22973_none_e513055ed0f3fc22\WininetPlugin.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22973_none_e513055ed0f3fc22\jsproxy.dll
+ 2010-01-22 13:38 . 2010-01-02 06:38 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18882_none_e47d985db7df5ef2\WininetPlugin.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18882_none_e47d985db7df5ef2\jsproxy.dll
+ 2008-01-21 01:58 . 2010-01-23 22:25 50936 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-23 22:33 77340 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-02 20:50 . 2010-01-23 22:33 10730 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1648962991-4277415786-1211609183-1000_UserData.bin
- 2009-12-09 09:09 . 2009-11-21 04:59 13312 c:\windows\System32\msfeedssync.exe
+ 2010-01-22 13:38 . 2010-01-02 04:56 13312 c:\windows\System32\msfeedssync.exe
+ 2010-01-22 13:38 . 2010-01-02 06:33 55296 c:\windows\System32\msfeedsbs.dll
- 2009-12-09 09:09 . 2009-11-21 06:35 55296 c:\windows\System32\msfeedsbs.dll
+ 2010-01-22 13:38 . 2010-01-02 06:38 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-12-09 09:09 . 2009-11-21 06:40 64512 c:\windows\System32\migration\WininetPlugin.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 25600 c:\windows\System32\jsproxy.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 25600 c:\windows\System32\jsproxy.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 55808 c:\windows\System32\iernonce.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 55808 c:\windows\System32\iernonce.dll
+ 2008-10-02 20:48 . 2010-01-23 22:31 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-17 14:24 . 2010-01-23 16:55 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2008-10-02 20:48 . 2010-01-15 18:09 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-02 20:48 . 2010-01-23 22:31 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-07 21:47 . 2010-01-21 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-07 21:47 . 2010-01-13 14:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 22:26 . 2010-01-16 01:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 22:26 . 2010-01-16 01:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-15 22:26 . 2010-01-16 01:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2009-09-07 21:47 . 2010-01-13 14:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-07 21:47 . 2010-01-21 14:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-07 21:47 . 2010-01-21 14:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-07 21:47 . 2010-01-13 14:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-19 23:23 . 2010-01-15 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-19 23:23 . 2010-01-23 22:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-15 22:26 . 2010-01-15 20:16 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-15 22:26 . 2010-01-15 20:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-01-15 22:26 . 2010-01-15 20:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2008-12-19 23:23 . 2010-01-23 22:31 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-19 23:23 . 2010-01-15 18:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-19 23:23 . 2010-01-23 22:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-19 23:23 . 2010-01-15 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 15:34 . 2005-03-18 20:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 65536 c:\windows\Installer\{55D9E026-DCB0-46FF-B60A-68B972228CF6}\ARPPRODUCTICON.exe
+ 2010-01-16 16:55 . 2010-01-16 16:55 80384 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\ea27d4c214002a11c0c326c3e4aac2cf\WindowsFormsIntegration.Package.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 44032 c:\windows\assembly\NativeImages_v2.0.50727_32\stdole\7b8a4bb46104a41aff97b1640e6eead8\stdole.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 48640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\219d1a2b32ef95160de5525c7861b334\Microsoft.Windows.Design.Host.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 22016 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\e674b681b66956639714c926db4ec907\Microsoft.VisualStudio.Designer.Interfaces.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\773f6c18eb6671cf65462a4db442b927\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 74752 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6542d882cd08a8dd37360e7cc5dfcb0e\Microsoft.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\46085ae3b8fca8de2290d84a8dd6b720\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 53760 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\1e1a897a38c385c05b8626bd189a51a9\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 18944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Internal.#\3f1d1520045bf847732aeb0e20562abe\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 31232 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90a\f7c8f2fc263ff5020f7a20252c1ce698\EnvDTE90a.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 46080 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE90\7e6d9e8c3106aa7fc3a3057904fdf76d\EnvDTE90.ni.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 40960 c:\windows\assembly\GAC_MSIL\msddslmp\8.0.0.0__b03f5f7f11d50a3a\msddslmp.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Host\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Host.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 61440 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 65536 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Zip.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Zip.9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 12800 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.XmlEditor\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.XmlEditor.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 73728 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WizardFramework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WizardFramework.Dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.WCFReference.Interop\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.WCFReference.Interop.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 16384 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.VSContentInstaller\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSContentInstaller.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.HostAdapter.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 22016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 45056 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInAdapter.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 86016 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 98304 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TextTemplating.VSHost\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextTemplating.VSHost.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 15872 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.TemplateWizardInterface\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TemplateWizardInterface.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.WCF\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.WCF.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ManagedInterfaces.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ManagedInterfaces.9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 53248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.HostingProcess.Utilities.Sync\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.HostingProcess.Utilities.Sync.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 36864 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 49152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.DebuggerVisualizers\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.DebuggerVisualizers.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 13824 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Core\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Core.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 69632 c:\windows\assembly\GAC_MSIL\Microsoft.MSXML\8.0.0.0__b03f5f7f11d50a3a\microsoft.msxml.dll
+ 2010-01-16 16:39 . 2010-01-16 16:39 11112 c:\windows\assembly\GAC_MSIL\DesignReviewCore.GAC\1.0.0.0__ead2425575540902\DesignReviewCore.GAC.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 12288 c:\windows\assembly\GAC\VsWebSite.Interop90\9.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop90.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 49152 c:\windows\assembly\GAC\VsWebSite.Interop\8.0.0.0__b03f5f7f11d50a3a\VsWebSite.Interop.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 73728 c:\windows\assembly\GAC\VSLangProj80\8.0.0.0__b03f5f7f11d50a3a\VSLangProj80.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 19968 c:\windows\assembly\GAC\VSLangProj2\7.0.5000.0__b03f5f7f11d50a3a\VSLangProj2.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 53248 c:\windows\assembly\GAC\VSLangProj\7.0.3300.0__b03f5f7f11d50a3a\VSLangProj.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 25592 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 13312 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 11264 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 57344 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.8.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 40960 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 69632 c:\windows\assembly\GAC\Microsoft.VisualStudio.CommandBars\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.CommandBars.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 22552 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 12800 c:\windows\assembly\GAC\EnvDTE90a\9.0.0.0__b03f5f7f11d50a3a\envdte90a.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 18944 c:\windows\assembly\GAC\EnvDTE90\9.0.0.0__b03f5f7f11d50a3a\envdte90.dll
+ 2010-01-23 22:23 . 2010-01-23 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-15 18:09 . 2010-01-15 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-23 22:23 . 2010-01-23 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-15 18:09 . 2010-01-15 18:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-16 16:41 . 2010-01-16 16:41 5632 c:\windows\assembly\GAC_MSIL\VSTADTEProvider.Interop\9.0.0.0__b03f5f7f11d50a3a\VSTADTEProvider.Interop.dll
+ 2010-01-16 16:43 . 2010-01-16 16:43 7680 c:\windows\assembly\GAC_MSIL\RevitVSTAUpgradeHelper\1.0.0.0__7ca4c44a7df1e93b\RevitVSTAUpgradeHelper.dll
+ 2010-01-16 16:43 . 2010-01-16 16:43 5632 c:\windows\assembly\GAC_MSIL\RevitVSTAIPHTerminateOrphaned\1.0.0.0__b1a68e216b24d9de\RevitVSTAIPHTerminateOrphaned.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 4096 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.ProjectAggregator\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.ProjectAggregator.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 5120 c:\windows\assembly\GAC\VslangProj90\9.0.0.0__b03f5f7f11d50a3a\VSLangProj90.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.VSHelp80\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.VSHelp80.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 7680 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.textmanager.interop.9.0.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 8704 c:\windows\assembly\GAC\Microsoft.VisualStudio.Designer.Interfaces\1.0.5000.0__b03f5f7f11d50a3a\microsoft.visualstudio.designer.interfaces.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 6656 c:\windows\assembly\GAC\Microsoft.Internal.VisualStudio.Shell.Interop.9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.Internal.VisualStudio.Shell.Interop.9.0.dll
- 2008-10-03 15:32 . 2008-10-03 15:32 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2010-01-18 02:53 . 2010-01-18 02:53 159032 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e\ATL90.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5\ATL90.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22973_none_47cc7e80dd3ff385\ieui.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18882_none_4737117fc42b5655\ieui.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.22973_none_febc2bb1e91d706f\iesysprep.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18882_none_fe26beb0d008d33f\iesysprep.dll
+ 2010-01-22 13:38 . 2010-01-02 13:13 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22973_none_a8fac7058d9a33aa\ie4uinit.exe
+ 2010-01-22 13:38 . 2010-01-02 04:56 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18882_none_a8655a047485967a\ie4uinit.exe
+ 2010-01-22 13:38 . 2010-01-02 14:55 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22973_none_2acdbc3abba51a7f\sqmapi.dll
+ 2010-01-22 13:38 . 2010-01-02 06:37 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18882_none_2a384f39a2907d4f\sqmapi.dll
+ 2010-01-22 13:38 . 2010-01-02 14:54 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.22973_none_1a507a0d4343ffed\occache.dll
+ 2010-01-22 13:38 . 2010-01-02 06:36 206848 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18882_none_19bb0d0c2a2f62bd\occache.dll
+ 2010-01-22 13:38 . 2010-01-02 14:58 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
+ 2010-01-22 13:38 . 2010-01-02 13:14 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\ieUnatt.exe
+ 2010-01-22 13:38 . 2010-01-02 06:40 638216 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
+ 2010-01-22 13:38 . 2010-01-02 04:57 133632 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\ieUnatt.exe
+ 2010-01-22 13:38 . 2010-01-02 14:50 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22973_none_2ab741d6c959ed0f\IEShims.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18882_none_2a21d4d5b0454fdf\IEShims.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22973_none_7358f64079b186a1\ieproxy.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18882_none_72c3893f609ce971\ieproxy.dll
+ 2010-01-22 13:38 . 2010-01-02 14:51 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.22973_none_43109c2d69974eda\msfeeds.dll
+ 2010-01-22 13:38 . 2010-01-02 06:33 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18882_none_427b2f2c5082b1aa\msfeeds.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.22973_none_1fed9690212ec484\iepeers.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 184320 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18882_none_1f58298f081a2754\iepeers.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22973_none_577a7e5a869e1ce9\iedkcs32.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 387584 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18882_none_56e511596d897fb9\iedkcs32.dll
+ 2010-01-22 13:38 . 2010-01-02 14:56 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22973_none_e513055ed0f3fc22\wininet.dll
+ 2010-01-22 13:38 . 2010-01-02 06:38 916480 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18882_none_e47d985db7df5ef2\wininet.dll
+ 2008-10-03 15:29 . 2010-01-23 00:46 301052 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 10:33 . 2010-01-23 22:39 633850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-15 18:13 633850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-15 18:13 117038 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-23 22:39 117038 c:\windows\System32\perfc009.dat
+ 2010-01-22 13:38 . 2010-01-02 06:36 206848 c:\windows\System32\occache.dll
- 2009-12-09 09:09 . 2009-11-21 06:38 206848 c:\windows\System32\occache.dll
- 2009-12-09 09:09 . 2009-11-21 06:35 594432 c:\windows\System32\msfeeds.dll
+ 2010-01-22 13:38 . 2010-01-02 06:33 594432 c:\windows\System32\msfeeds.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 164352 c:\windows\System32\ieui.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 164352 c:\windows\System32\ieui.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 184320 c:\windows\System32\iepeers.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 184320 c:\windows\System32\iepeers.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 387584 c:\windows\System32\iedkcs32.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 387584 c:\windows\System32\iedkcs32.dll
+ 2010-01-22 13:38 . 2010-01-02 04:56 173056 c:\windows\System32\ie4uinit.exe
- 2009-12-09 09:09 . 2009-11-21 04:59 173056 c:\windows\System32\ie4uinit.exe
+ 2009-09-05 14:44 . 2010-01-23 22:31 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-05 14:44 . 2010-01-15 18:22 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-10-02 20:48 . 2010-01-23 22:31 688128 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 19:10 . 2010-01-20 21:56 969896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-10-04 15:34 . 2006-03-31 16:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2006-03-31 15:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2006-02-03 11:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2006-02-03 12:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-12-05 22:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-12-05 21:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-09-28 18:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-09-28 19:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-07-22 22:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-07-22 21:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-05-26 20:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-05-26 19:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-03-18 22:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-03-18 21:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2005-02-06 00:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-02-05 23:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2008-10-04 15:34 . 2005-03-18 21:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
- 2008-10-04 15:34 . 2005-03-18 20:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2010-01-18 02:53 . 2010-01-18 02:53 195584 c:\windows\Installer\59ca3a.msi
+ 2010-01-16 16:42 . 2010-01-16 16:42 568320 c:\windows\Installer\45f051a.msi
+ 2010-01-16 16:38 . 2010-01-16 16:38 228352 c:\windows\Installer\45f04fb.msi
+ 2010-01-16 16:37 . 2010-01-16 16:37 331264 c:\windows\Installer\45f04f4.msi
+ 2010-01-16 16:40 . 2010-01-16 16:40 450560 c:\windows\Installer\{55D9E026-DCB0-46FF-B60A-68B972228CF6}\NewShortcut3_8F9B2F3608C24383B845BB1C61EF3C49.exe
+ 2010-01-16 16:40 . 2010-01-16 16:40 450560 c:\windows\Installer\{55D9E026-DCB0-46FF-B60A-68B972228CF6}\NewShortcut1.242A9D32_ABC8_4E05_B313_994434C2CC89.exe
+ 2010-01-16 16:55 . 2010-01-16 16:55 198656 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\43f148375deeff5dbeab09e7bcddebf9\WindowsFormsIntegration.Design.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 503296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\6845a436d5388acc5018c94e67064717\Microsoft.Windows.Design.Interaction.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 438272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\15aff7b00854b55a13fff42dfdc3762b\Microsoft.Windows.Design.Extensibility.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 353792 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\034ab5da710828453e2117c806be0b3e\Microsoft.Windows.Design.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 822272 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\fe77c3e6c780b2d116597b1b1bb9c19e\Microsoft.VisualStudio.Shell.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 640512 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\f13b7cc55bb75a8f7d292c79586026ba\Microsoft.VisualStudio.Xaml.LanguageService.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\ef2873d40f1dfb87697fe3d557808267\Microsoft.VisualStudio.TextTemplating.VSHost.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 373248 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\d1b9cb2a5c3287719e84ecf0b8ce52c2\Microsoft.VisualStudio.Shell.Interop.8.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 306176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\cad1994ec1a54248382cecadf45b3e22\Microsoft.VisualStudio.OLE.Interop.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 513024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\bd9d3e09529b0dfc6c5b7c82b42cb443\Microsoft.VisualStudio.Shell.Design.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 861696 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b5f16b3e870deab7ec16807d49e44e47\Microsoft.VisualStudio.Modeling.Sdk.Shell.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 159744 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b350d17e08dff887e1d87e80a8b696e7\Microsoft.VisualStudio.WizardFramework.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 198656 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\b2916840fb0e936744c9ff63be682e28\Microsoft.VisualStudio.Tools.Applications.DesignTime.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 133120 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8ddfe37fa9b2804d2738279270aa3d62\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 173568 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8b3e590c509e1ae259d23431fcd97f45\Microsoft.VisualStudio.TextTemplating.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 876032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\58c395e4acc72710d9ecb97e59629293\Microsoft.VisualStudio.Shell.9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 220672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\4454b911aa4b49402cccdd7ba17277f1\Microsoft.VisualStudio.Configuration.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 300032 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\363e785234912e31033b06091d786291\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 284672 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\23e2a2524dfc66a3e8094b08ee57cbf7\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 802304 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\2001c44ecc1b8e16d9be697e075e4858\Microsoft.VisualStudio.Tools.Applications.Project.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\12b7eb26ccd20e7d5f81b1cbe24dbec3\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 276480 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE80\f4c8382ca59658d1a44a3a1f8de86265\EnvDTE80.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 573440 c:\windows\assembly\NativeImages_v2.0.50727_32\EnvDTE\915aafb381618d64f44a7c98578e61f9\EnvDTE.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 797696 c:\windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\e24d4371a2d15047b4ac120afd9399be\ehiVidCtl.ni.dll
+ 2010-01-16 16:43 . 2010-01-16 16:43 901120 c:\windows\assembly\GAC_MSIL\Revit.Proxy\2.0.0.0__4de18433977df731\Revit.Proxy.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 139264 c:\windows\assembly\GAC_MSIL\msddsp\9.0.0.0__b03f5f7f11d50a3a\msddsp.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 106496 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 774144 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Markup\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Markup.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 163840 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Interaction\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Interaction.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 114688 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Extensibility\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Extensibility.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 991232 c:\windows\assembly\GAC_MSIL\Microsoft.Windows.Design.Developer\3.5.0.0__b03f5f7f11d50a3a\Microsoft.Windows.Design.Developer.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 274432 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 208896 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Xaml.LanguageService\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Xaml.LanguageService.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 552960 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Windows.Forms\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Windows.Forms.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ServerDocument.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 495616 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Project\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Project.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 151552 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ProgrammingModel.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 143360 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Hosting.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 282624 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 368640 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 184320 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Design.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 360448 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Shell.9.0\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 884736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Publish\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Publish.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 344064 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService\2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 348160 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Package.LanguageService.9.0\3.5.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Package.LanguageService.9.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 430080 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk.Shell\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Shell.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 827392 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Modeling.Sdk.Diagrams\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 561152 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Design\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Design.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 200704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Services\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Services.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 172032 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Data.Framework\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Data.Framework.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 106496 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Configuration\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Configuration.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 671744 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.CommonIDE\9.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.commonide.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 595456 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 114688 c:\windows\assembly\GAC\Microsoft.VisualStudio.TextManager.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.TextManager.Interop.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 259152 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Shell.Interop.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 172032 c:\windows\assembly\GAC\Microsoft.VisualStudio.Shell.Interop.8.0\8.0.0.0__b03f5f7f11d50a3a\microsoft.visualstudio.shell.interop.8.0.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 118784 c:\windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 126976 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.InteropA\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.InteropA.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 176128 c:\windows\assembly\GAC\Microsoft.VisualStudio.Debugger.Interop\8.0.1.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Debugger.Interop.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 135168 c:\windows\assembly\GAC\EnvDTE80\8.0.0.0__b03f5f7f11d50a3a\envdte80.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 245760 c:\windows\assembly\GAC\EnvDTE\8.0.0.0__b03f5f7f11d50a3a\envdte.dll
- 2008-10-03 15:32 . 2008-10-03 15:32 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 3783672 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90u.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 3768312 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf\mfc90.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 1986048 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22973_none_2acdbc3abba51a7f\iertutil.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 1985536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18882_none_2a384f39a2907d4f\iertutil.dll
+ 2010-01-22 13:38 . 2010-01-02 14:51 5945856 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22973_none_f66d247d514a6558\mshtml.dll
+ 2010-01-22 13:38 . 2010-01-02 06:33 5942784 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18882_none_f5d7b77c3835c828\mshtml.dll
+ 2010-01-22 13:38 . 2010-01-02 14:56 1209344 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22973_none_980d29bd05ead58f\urlmon.dll
+ 2010-01-22 13:38 . 2010-01-02 06:38 1208832 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18882_none_9777bcbbecd6385f\urlmon.dll
+ 2010-01-22 13:38 . 2010-01-02 06:38 1208832 c:\windows\System32\urlmon.dll
- 2009-12-09 09:09 . 2009-11-21 06:40 1208832 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2010-01-13 15:57 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2010-01-23 14:59 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-01-22 13:38 . 2010-01-02 06:33 5942784 c:\windows\System32\mshtml.dll
- 2009-12-09 09:09 . 2009-11-21 06:34 1985536 c:\windows\System32\iertutil.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 1985536 c:\windows\System32\iertutil.dll
- 2008-10-02 21:51 . 2006-03-31 16:40 2388176 c:\windows\System32\d3dx9_30.dll
+ 2010-01-16 16:38 . 2006-03-31 17:40 2388176 c:\windows\System32\d3dx9_30.dll
+ 2008-10-04 15:34 . 2004-12-01 20:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2004-12-01 19:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 15:34 . 2004-09-29 16:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-04 15:34 . 2004-09-29 17:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:46 . 2010-01-16 16:46 9874944 c:\windows\Installer\45f0527.msi
+ 2010-01-16 16:41 . 2010-01-16 16:41 3986432 c:\windows\Installer\45f0512.msi
+ 2010-01-16 16:40 . 2010-01-16 16:40 2948096 c:\windows\Installer\45f0502.msi
+ 2010-01-21 14:32 . 2010-01-21 14:32 3940352 c:\windows\Installer\1372a2.msi
+ 2010-01-16 16:56 . 2010-01-16 16:56 3152384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\f42437f63a47937433aed1060fec198e\Microsoft.Windows.Design.Markup.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 2855424 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\481a72952eac8272579e92618d309266\Microsoft.Windows.Design.Developer.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 1298944 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\c5c2c8650e069ac0a3fb25628b15389d\Microsoft.VisualStudio.Tools.Applications.Adapter.v9.0.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 2383360 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\7a56ad51332809f3ab20baaeb58900cd\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.ni.dll
+ 2010-01-16 16:55 . 2010-01-16 16:55 1873920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\6bdaab73ecbaa3f754201ef1f7da5df0\Microsoft.VisualStudio.CommonIDE.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 1338880 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\5b7f7f6f2b0349eee2c9505214e8f460\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject.ni.dll
+ 2010-01-16 16:56 . 2010-01-16 16:56 1515008 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\371bc30e38c3d061e112c86cfc56c9e8\Microsoft.VisualStudio.Modeling.Sdk.ni.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 4419584 c:\windows\assembly\GAC_MSIL\Microsoft.VSDesigner\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VSDesigner.dll
+ 2010-01-16 16:41 . 2010-01-16 16:41 1355776 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Xaml\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Xaml.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 2879488 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Editors\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Editors.dll
+ 2010-01-16 16:40 . 2010-01-16 16:40 1712128 c:\windows\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2008-10-04 18:30 . 2008-10-04 18:30 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-16 16:38 . 2010-01-16 16:38 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-10-04 18:29 . 2008-10-04 18:29 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-01-22 13:38 . 2010-01-02 14:50 11070976 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22973_none_47cc7e80dd3ff385\ieframe.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 11070464 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18882_none_4737117fc42b5655\ieframe.dll
+ 2010-01-22 13:38 . 2010-01-02 06:32 11070464 c:\windows\System32\ieframe.dll
+ 2010-01-20 21:55 . 2010-01-20 21:55 15710720 c:\windows\Installer\6baa24b.msp
+ 2009-06-04 07:00 . 2010-01-22 13:36 206919961 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_FlingIconOverlay]
@="{02696AD5-FF96-454b-9E00-81DA8B79B678}"
[HKEY_CLASSES_ROOT\CLSID\{02696AD5-FF96-454b-9E00-81DA8B79B678}]
2009-03-21 16:49 81920 ----a-w- c:\program files\NCH Software\Fling\fldll.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-04 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-03 4874240]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-02-27 570664]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2008-02-18 1629480]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2008-02-18 1057064]
"Wellnomics WorkPace 3.7.1"="c:\program files\Wellnomics WorkPace\workpace.exe" [2008-08-01 1294488]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\users\Swan Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:f7,3e,75,4a,c4,79,ca,01

S2 FlingService;Fling File Transfer;c:\program files\NCH Software\Fling\fling.exe [3/21/2009 11:49 AM 536580]
S2 gupdate1c95c02521efa11;Google Update Service (gupdate1c95c02521efa11);c:\program files\Google\Update\GoogleUpdate.exe [12/11/2008 9:35 PM 133104]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 WebSTARNdis;WebSTAR DPX USB Cable Modem Adapter;c:\windows\System32\drivers\WebSTAR.sys [10/3/2008 10:26 PM 15873]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-04 22:41]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 02:45]

2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-12 02:45]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{F6947E0F-F7A0-4449-85E5-C0A8A4A90267}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Swan Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\u9jhpj5v.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 17:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x521C38E5

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84FF8618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82fa8d24
\Driver\ACPI -> acpi.sys @ 0x8069ed68
\Driver\atapi -> ataport.SYS @ 0x807b4a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&12345678&01&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&12345678&01&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&UID272\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\5&1b0960eb&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM566B\5&1b0960eb&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM566B\5&1b0960eb&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM566B\5&1b0960eb&0&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM566B\5&1b0960eb&0&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0259\5&1b0960eb&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0259\5&1b0960eb&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2010-01-23 17:47:46
ComboFix-quarantined-files.txt 2010-01-23 22:47
ComboFix2.txt 2010-01-15 18:54

Pre-Run: 34,112,380,928 bytes free
Post-Run: 34,514,747,392 bytes free

- - End Of File - - 6C12B517C101B08AC7D5FAB83A5C7E12

Attached Files



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 23 January 2010 - 07:28 PM

Hi,

ComboFix did not take out the infection, please run TDSSKiller instead:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 23 January 2010 - 09:56 PM

I've got a good feeling about this....

21:43:44:368 3584 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
21:43:44:368 3584 ================================================================================
21:43:44:368 3584 SystemInfo:

21:43:44:368 3584 OS Version: 6.0.6002 ServicePack: 2.0
21:43:44:368 3584 Product type: Workstation
21:43:44:368 3584 ComputerName: SWAINDUNCAN-PC
21:43:44:369 3584 UserName: Swan Duncan
21:43:44:369 3584 Windows directory: C:\Windows
21:43:44:369 3584 Processor architecture: Intel x86
21:43:44:369 3584 Number of processors: 2
21:43:44:369 3584 Page size: 0x1000
21:43:44:370 3584 Boot type: Normal boot
21:43:44:370 3584 ================================================================================
21:43:44:374 3584 UnloadDriverW: NtUnloadDriver error 2
21:43:44:374 3584 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
21:43:44:375 3584 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:43:44:536 3584 UtilityInit: KLMD drop and load success
21:43:44:536 3584 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
21:43:44:536 3584 UtilityInit: KLMD open success
21:43:44:536 3584 UtilityInit: Initialize success
21:43:44:536 3584
21:43:44:537 3584 Scanning Services ...
21:43:44:537 3584 CreateRegParser: Registry parser init started
21:43:44:537 3584 CreateRegParser: DisableWow64Redirection error
21:43:44:537 3584 wfopen_ex: Trying to open file C:\Windows\system32\config\system
21:43:44:552 3584 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
21:43:44:552 3584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:43:44:552 3584 wfopen_ex: Trying to KLMD file open
21:43:44:552 3584 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
21:43:44:552 3584 wfopen_ex: File opened ok (Flags 2)
21:43:44:553 3584 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 22D38
21:43:44:553 3584 wfopen_ex: Trying to open file C:\Windows\system32\config\software
21:43:44:555 3584 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
21:43:44:555 3584 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
21:43:44:555 3584 wfopen_ex: Trying to KLMD file open
21:43:44:555 3584 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
21:43:44:555 3584 wfopen_ex: File opened ok (Flags 2)
21:43:44:555 3584 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 22D60
21:43:44:555 3584 CreateRegParser: EnableWow64Redirection error
21:43:44:555 3584 CreateRegParser: RegParser init completed
21:43:45:096 3584 GetAdvancedServicesInfo: Raw services enum returned 431 services
21:43:45:101 3584 fclose_ex: Trying to close file C:\Windows\system32\config\system
21:43:45:101 3584 fclose_ex: Trying to close file C:\Windows\system32\config\software
21:43:45:101 3584
21:43:45:102 3584 Scanning Kernel memory ...
21:43:45:102 3584 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
21:43:45:102 3584 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8572C800
21:43:45:102 3584 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
21:43:45:102 3584
21:43:45:102 3584 DetectCureTDL3: DEVICE_OBJECT: 8582F240
21:43:45:102 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8582F240
21:43:45:102 3584 DetectCureTDL3: DEVICE_OBJECT: 85064918
21:43:45:102 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85064918
21:43:45:102 3584 DetectCureTDL3: DEVICE_OBJECT: 8503EB98
21:43:45:102 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8503EB98
21:43:45:102 3584 KLMD_ReadMem: Trying to ReadMemory 0x8503EB98[0x38]
21:43:45:102 3584 DetectCureTDL3: DRIVER_OBJECT: 84FF4A90
21:43:45:102 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FF4A90[0xA8]
21:43:45:102 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FE36C0[0x1A]
21:43:45:102 3584 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:43:45:103 3584 DetectCureTDL3: IrpHandler (0) addr: 807C6140
21:43:45:103 3584 DetectCureTDL3: IrpHandler (1) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (2) addr: 807C6140
21:43:45:103 3584 DetectCureTDL3: IrpHandler (3) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (4) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (5) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (6) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (7) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (8) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (9) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (10) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (11) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (12) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (13) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (14) addr: 807B4A5A
21:43:45:103 3584 DetectCureTDL3: IrpHandler (15) addr: 807B4A2C
21:43:45:103 3584 DetectCureTDL3: IrpHandler (16) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (17) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (18) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (19) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (20) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (21) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (22) addr: 807B4A88
21:43:45:103 3584 DetectCureTDL3: IrpHandler (23) addr: 807C1B70
21:43:45:103 3584 DetectCureTDL3: IrpHandler (24) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (25) addr: 8203B9D2
21:43:45:103 3584 DetectCureTDL3: IrpHandler (26) addr: 8203B9D2
21:43:45:103 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FF84BF[0x400]
21:43:45:103 3584 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
21:43:45:103 3584 Driver "atapi" StartIo handler infected by TDSS rootkit ... 21:43:45:104 3584 TDL3_StartIoHookCure: Number of patches 1
21:43:45:104 3584 KLMD_WriteMem: Trying to WriteMemory 0x84FF85B6[0x6]
21:43:45:104 3584 cured
21:43:45:104 3584 TDL3_FileDetect: Processing driver: atapi
21:43:45:104 3584 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
21:43:45:104 3584 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
21:43:45:106 3584 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Clean
21:43:45:106 3584
21:43:45:106 3584 DetectCureTDL3: DEVICE_OBJECT: 8582FAA8
21:43:45:106 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8582FAA8
21:43:45:106 3584 DetectCureTDL3: DEVICE_OBJECT: 8504A918
21:43:45:106 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8504A918
21:43:45:106 3584 DetectCureTDL3: DEVICE_OBJECT: 85025B98
21:43:45:106 3584 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85025B98
21:43:45:106 3584 KLMD_ReadMem: Trying to ReadMemory 0x85025B98[0x38]
21:43:45:106 3584 DetectCureTDL3: DRIVER_OBJECT: 85E0D330
21:43:45:106 3584 KLMD_ReadMem: Trying to ReadMemory 0x85E0D330[0xA8]
21:43:45:106 3584 KLMD_ReadMem: Trying to ReadMemory 0x85024028[0x38]
21:43:45:106 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FF4A90[0xA8]
21:43:45:106 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FE36C0[0x1A]
21:43:45:106 3584 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
21:43:45:106 3584 DetectCureTDL3: IrpHandler (0) addr: 84FF8618
21:43:45:106 3584 DetectCureTDL3: IrpHandler (1) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (2) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (3) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (4) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (5) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (6) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (7) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (8) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (9) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (10) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (11) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (12) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (13) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (14) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (15) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (16) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (17) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (18) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (19) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (20) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (21) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (22) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (23) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (24) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (25) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: IrpHandler (26) addr: 84FF8618
21:43:45:107 3584 DetectCureTDL3: All IRP handlers pointed to one addr: 84FF8618
21:43:45:107 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FF8618[0x400]
21:43:45:107 3584 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
21:43:45:107 3584 Driver "atapi" Irp handler infected by TDSS rootkit ... 21:43:45:108 3584 KLMD_WriteMem: Trying to WriteMemory 0x84FF867D[0xD]
21:43:45:108 3584 cured
21:43:45:108 3584 KLMD_ReadMem: Trying to ReadMemory 0x84FF84BF[0x400]
21:43:45:108 3584 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 0
21:43:45:108 3584 TDL3_FileDetect: Processing driver: atapi
21:43:45:108 3584 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
21:43:45:108 3584 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
21:43:45:114 3584 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
21:43:45:114 3584 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 21:43:45:114 3584 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
21:43:45:209 3584 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys:19944, checking..
21:43:45:225 3584 ValidateDriverFile: Stage 1 passed
21:43:45:226 3584 ValidateDriverFile: Stage 2 passed
21:43:45:291 3584 DigitalSignVerifyByHandle: Embedded DS result: 00000000
21:43:45:291 3584 ValidateDriverFile: Stage 3 passed
21:43:45:291 3584 FileCallback: File validated successfully, restore information prepared
21:43:45:330 3584 FindDriverFileBackup: Backup copy found in DriverStore
21:43:45:330 3584 TDL3_FileCure: Backup copy found, using it..
21:43:45:330 3584 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk5D10.tmp
21:43:45:364 3584 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk5D10.tmp, system32\drivers\atapi.sys)
21:43:45:364 3584 TDL3_FileCure: KLMD jobs schedule success
21:43:45:364 3584 will be cured on next reboot
21:43:45:364 3584 UtilityBootReinit: Reboot required for cure complete..
21:43:45:364 3584 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
21:43:45:366 3584 UtilityBootReinit: KLMD drop success
21:43:45:366 3584 KLMD_ApplyPendList: Pending buffer(6568_9BE, 616) dropped successfully
21:43:45:366 3584 UtilityBootReinit: Cure on reboot scheduled successfully
21:43:45:366 3584
21:43:45:366 3584 Completed
21:43:45:367 3584
21:43:45:367 3584 Results:
21:43:45:367 3584 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
21:43:45:367 3584 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:43:45:367 3584 File objects infected / cured / cured on reboot: 1 / 0 / 1
21:43:45:367 3584
21:43:45:368 3584 UnloadDriverW: NtUnloadDriver error 1
21:43:45:368 3584 KLMD_Unload: UnloadDriverW(klmd21) error 1
21:43:45:368 3584 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
21:43:45:368 3584 UtilityDeinit: KLMD(ARK) unloaded successfully


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 23 January 2010 - 10:08 PM

Hi,

that looks good. How is the PC doing?

Please provide a new OTL log.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 bearbear

bearbear
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 23 January 2010 - 10:15 PM

Google redirect is fixed!

OTL logfile created on: 1/23/2010 10:11:08 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Swan Duncan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 31.82 Gb Free Space | 32.58% Space Free | Partition Type: NTFS
Drive D: | 135.23 Gb Total Space | 135.13 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 465.76 Gb Total Space | 317.22 Gb Free Space | 68.11% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWAINDUNCAN-PC
Current User Name: Swan Duncan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/23 18:03:09 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/23 18:03:09 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/23 18:03:06 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/23 18:03:06 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/23 18:03:06 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/23 18:03:06 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/23 18:03:05 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
PRC - [2010/01/02 01:40:20 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2009/11/14 19:17:29 | 00,285,296 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 22:31:14 | 00,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 09:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 09:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/21 11:49:17 | 00,536,580 | ---- | M] (NCH Software) -- C:\Program Files\NCH Software\Fling\fling.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/10/03 22:38:28 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2008/03/02 22:40:08 | 04,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/18 13:36:24 | 01,629,480 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
PRC - [2008/02/18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2008/02/18 13:36:04 | 01,057,064 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/20 21:23:32 | 00,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/06/12 11:30:52 | 00,073,728 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/03/14 20:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2006/10/11 11:45:12 | 00,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006/09/20 07:35:26 | 00,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 15:05:32 | 00,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/23 18:03:22 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NeroRegInCDSrv)
SRV - [2010/01/23 18:03:06 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/23 18:03:05 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/14 17:41:34 | 00,194,032 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/03/21 11:49:17 | 00,536,580 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files\NCH Software\Fling\fling.exe -- (FlingService)
SRV - [2009/02/11 21:45:15 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c95c02521efa11) Google Update Service (gupdate1c95c02521efa11)
SRV - [2009/01/30 19:31:38 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/04 13:32:15 | 00,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/09/17 22:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/06/05 23:41:12 | 01,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/02/18 13:36:14 | 01,553,704 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/17 08:36:18 | 00,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/06/27 17:04:00 | 00,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/06/12 11:30:52 | 00,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/05/13 21:54:36 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/23 18:03:21 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/23 18:03:17 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/23 18:03:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/03/31 15:25:20 | 00,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/09/17 22:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/02 22:41:55 | 00,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/03/02 22:40:10 | 02,047,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/02/18 13:36:14 | 00,038,312 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2008/02/18 13:36:14 | 00,036,648 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2008/02/18 13:36:04 | 00,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/16 16:20:48 | 00,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2001/10/09 12:11:52 | 00,015,873 | ---- | M] (Scientific Atlanta) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WebSTAR.sys -- (WebSTARNdis)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/01/23 18:03:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/01/23 18:03:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 20:26:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 09:32:50 | 00,000,000 | ---D | M]

[2008/10/08 09:13:41 | 00,000,000 | ---D | M] -- C:\Users\Swan Duncan\AppData\Roaming\mozilla\Extensions
[2008/10/08 09:13:41 | 00,000,000 | ---D | M] -- C:\Users\Swan Duncan\AppData\Roaming\mozilla\Firefox\Profiles\u9jhpj5v.default\extensions
[2010/01/08 17:11:15 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/09 11:55:36 | 00,024,576 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npgcplug.dll
[2005/04/27 15:10:49 | 00,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\Mozilla Firefox\plugins\npracplug.dll

O1 HOSTS File: ([2010/01/15 11:41:29 | 00,000,751 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Wellnomics WorkPace 3.7.1] C:\Program Files\Wellnomics WorkPace\workpace.exe (Wellnomics Ltd)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Swan Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Swan Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1648962991-4277415786-1211609183-1000_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 13:11:31 | 00,000,000 | ---D | M] - C:\Autocad install -- [ NTFS ]
O32 - AutoRun File - [2010/01/16 11:33:19 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 18:14:02 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Desktop\Autoruns
[2010/01/23 18:03:27 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/23 18:03:22 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/23 18:03:21 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/23 18:03:17 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/23 18:03:15 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/23 18:03:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/01/23 18:03:13 | 00,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/01/23 18:03:04 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/01/23 17:47:53 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/23 17:47:50 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2010/01/23 17:47:50 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\temp
[2010/01/23 17:34:53 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/23 17:34:31 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/22 17:10:09 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Users\Swan Duncan\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/01/22 08:38:06 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 08:38:06 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 08:38:05 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 08:38:05 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 08:38:05 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 08:38:05 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 08:38:05 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 08:38:05 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 08:38:05 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 08:38:05 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 08:38:05 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 08:38:05 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 08:38:05 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 08:38:05 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/21 11:56:03 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Medical
[2010/01/20 16:26:14 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
[2010/01/19 11:22:42 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\Ahead
[2010/01/18 10:54:21 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\NewSoft
[2010/01/16 16:50:31 | 00,000,000 | R--D | C] -- C:\Users\Swan Duncan\portraits
[2010/01/16 11:45:16 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Documents\Autodesk Revit Architecture 2010
[2010/01/16 11:43:15 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk Revit Architecture 2010
[2010/01/16 11:42:10 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Documents\Visual Studio 2008
[2010/01/16 11:40:36 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/01/16 11:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/01/16 11:39:05 | 00,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2010/01/16 11:38:57 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/01/16 11:38:52 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010/01/16 11:33:19 | 00,000,000 | ---D | C] -- C:\Autodesk
[2010/01/15 13:41:23 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/15 13:41:23 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/15 13:41:23 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/15 13:41:14 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/15 13:33:50 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/14 17:36:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/01/14 17:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/01/14 17:35:52 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\Downloaded Installations
[2010/01/13 11:10:04 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/01/13 10:35:07 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Roaming\Malwarebytes
[2010/01/13 10:35:03 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/13 10:35:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/13 10:35:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/13 10:35:01 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/13 10:18:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/01/13 10:18:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/13 09:33:26 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/13 09:33:26 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/13 08:44:14 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Users\Swan Duncan\Desktop\TDSSKiller.exe
[2010/01/09 19:36:22 | 00,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2010/01/09 16:19:15 | 00,472,064 | ---- | C] ( ) -- C:\Users\Swan Duncan\Desktop\RootRepeal.exe
[2010/01/09 15:51:06 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\AppData\Local\Apps
[2010/01/09 13:25:34 | 00,000,000 | ---D | C] -- C:\ProgramData\Cobian
[2010/01/09 13:24:52 | 00,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/01/09 09:07:32 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2010/01/09 09:06:54 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2010/01/09 09:06:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/01/08 18:25:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/01/08 17:41:31 | 00,000,000 | ---D | C] -- C:\Users\Swan Duncan\Laser
[2010/01/02 20:28:01 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/01/02 20:28:01 | 00,026,600 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys
[2010/01/02 20:27:27 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/01/02 20:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/01/02 20:27:24 | 00,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/02 20:25:59 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/11/09 11:55:38 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Swan Duncan\Documents\*.tmp files -> C:\Users\Swan Duncan\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 22:10:42 | 03,407,872 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT
[2010/01/23 22:10:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/23 21:51:33 | 00,747,142 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/23 21:51:33 | 00,633,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/23 21:51:33 | 00,117,038 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/23 21:49:41 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/23 21:47:32 | 00,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/23 21:47:20 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/23 21:47:11 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/23 21:47:11 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/23 21:47:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/23 21:47:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/23 21:47:00 | 21,449,44128 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/23 21:46:19 | 00,524,288 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/23 21:46:19 | 00,065,536 | -HS- | M] () -- C:\Users\Swan Duncan\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/23 21:45:54 | 03,583,686 | -H-- | M] () -- C:\Users\Swan Duncan\AppData\Local\IconCache.db
[2010/01/23 21:21:25 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Users\Swan Duncan\Desktop\TDSSKiller.exe
[2010/01/23 18:03:22 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/01/23 18:03:22 | 00,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/23 18:03:21 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/01/23 18:03:17 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/01/23 18:03:15 | 54,606,412 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/23 18:03:15 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/23 18:03:15 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/01/23 18:03:14 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/23 18:03:14 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/23 18:03:14 | 00,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/23 17:44:56 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/23 17:31:17 | 28,890,2102 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/23 17:07:53 | 03,834,785 | R--- | M] () -- C:\Users\Swan Duncan\Desktop\ComboFix.exe
[2010/01/23 15:01:47 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6947E0F-F7A0-4449-85E5-C0A8A4A90267}.job
[2010/01/23 12:31:28 | 00,058,368 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 17:10:19 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Users\Swan Duncan\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/01/22 17:03:15 | 00,061,332 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\gmer registry.zip
[2010/01/22 15:30:56 | 00,293,376 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\x8xql7t1.exe
[2010/01/21 16:47:07 | 00,011,507 | ---- | M] () -- C:\Users\Swan Duncan\Documents\Goals - winter 2009 - 2010.xlsx
[2010/01/21 09:32:50 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/20 16:26:15 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Swan Duncan\Desktop\OTL.exe
[2010/01/18 10:55:14 | 00,000,370 | ---- | M] () -- C:\Users\Swan Duncan\Documents\NEWSOFT
[2010/01/18 10:52:48 | 00,006,520 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Roaming\PrimoPDFSet.xml
[2010/01/16 11:44:45 | 00,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Revit Architecture 2010.lnk
[2010/01/16 11:39:10 | 00,001,959 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2010/01/15 12:56:44 | 00,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/01/15 11:41:29 | 00,000,751 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/15 10:29:59 | 08,698,400 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/15 10:29:59 | 00,118,616 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/15 10:29:07 | 00,000,000 | ---- | M] () -- C:\backup.reg
[2010/01/15 09:47:39 | 00,000,795 | ---- | M] () -- C:\rollback.ini
[2010/01/13 11:23:01 | 00,035,970 | ---- | M] () -- C:\Users\Swan Duncan\Documents\cc_20100113_112256.reg
[2010/01/13 11:10:05 | 00,001,670 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\CCleaner.lnk
[2010/01/13 10:35:05 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 10:18:36 | 00,001,055 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\Spybot - Search & Destroy.lnk
[2010/01/10 16:30:57 | 00,524,288 | ---- | M] () -- C:\Users\Swan Duncan\Desktop\dds.pif
[2010/01/10 10:15:16 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/01/10 10:13:38 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/01/09 16:19:19 | 00,472,064 | ---- | M] ( ) -- C:\Users\Swan Duncan\Desktop\RootRepeal.exe
[2010/01/08 10:37:50 | 00,000,099 | ---- | M] () -- C:\Users\Swan Duncan\AppData\Local\fusioncache.dat
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/02 01:33:32 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/02 01:33:32 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/02 01:32:51 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/02 01:32:46 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/02 01:32:33 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/02 01:32:33 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/02 01:32:33 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/02 01:32:32 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/02 01:32:32 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/02 01:32:26 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/01 23:57:00 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/01 23:56:50 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/01 23:56:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/01/01 23:55:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Swan Duncan\Documents\*.tmp files -> C:\Users\Swan Duncan\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/23 18:03:22 | 00,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/01/23 18:03:15 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/01/23 18:03:14 | 54,606,412 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/01/23 18:03:14 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/01/23 18:03:14 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/01/23 18:03:14 | 00,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/01/23 17:07:47 | 03,834,785 | R--- | C] () -- C:\Users\Swan Duncan\Desktop\ComboFix.exe
[2010/01/22 17:06:59 | 28,890,2102 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/22 17:00:37 | 00,061,332 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\gmer registry.zip
[2010/01/22 15:30:54 | 00,293,376 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\x8xql7t1.exe
[2010/01/21 09:32:50 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/18 10:54:21 | 00,000,370 | ---- | C] () -- C:\Users\Swan Duncan\Documents\NEWSOFT
[2010/01/16 11:44:45 | 00,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Revit Architecture 2010.lnk
[2010/01/16 11:39:10 | 00,001,959 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2010/01/15 14:38:22 | 21,449,44128 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/15 13:41:23 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/15 13:41:23 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/15 13:41:23 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/15 13:41:23 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/15 13:41:23 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/15 12:56:44 | 00,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2010/01/15 10:29:07 | 00,000,000 | ---- | C] () -- C:\backup.reg
[2010/01/14 17:41:11 | 08,698,400 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/14 17:41:11 | 00,118,616 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/14 17:41:02 | 00,000,795 | ---- | C] () -- C:\rollback.ini
[2010/01/13 11:23:00 | 00,035,970 | ---- | C] () -- C:\Users\Swan Duncan\Documents\cc_20100113_112256.reg
[2010/01/13 11:10:05 | 00,001,670 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\CCleaner.lnk
[2010/01/13 10:35:05 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/13 10:18:36 | 00,001,055 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\Spybot - Search & Destroy.lnk
[2010/01/10 16:30:50 | 00,524,288 | ---- | C] () -- C:\Users\Swan Duncan\Desktop\dds.pif
[2010/01/10 10:15:16 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/01/10 08:55:27 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/01/08 10:37:50 | 00,000,099 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\fusioncache.dat
[2009/09/11 06:38:04 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/15 11:39:38 | 00,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/04/15 11:37:46 | 00,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/04/15 11:34:09 | 00,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/04/15 11:18:05 | 00,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLaNL.DLL
[2009/04/01 08:32:38 | 00,000,663 | ---- | C] () -- C:\ProgramData\tmp99E3.log
[2009/02/24 10:43:13 | 00,000,000 | ---- | C] () -- C:\Windows\mixer.INI
[2009/02/22 00:25:37 | 00,000,648 | ---- | C] () -- C:\ProgramData\tmp8F4A.log
[2009/02/11 11:10:03 | 00,000,715 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempTest 41 3
[2009/02/09 13:53:52 | 00,120,495 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempReflector 15724 52
[2009/02/09 13:48:30 | 00,000,491 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\TempReflector 19169 30
[2009/02/09 10:25:47 | 00,000,318 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\Tempuntitled 41 47
[2009/02/06 20:46:28 | 00,000,490 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\Tempuntitled 41 28
[2008/11/30 10:06:13 | 00,005,087 | ---- | C] () -- C:\ProgramData\kcmqrovh.dlh
[2008/11/09 17:19:40 | 00,000,098 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\DownloadLog.txt
[2008/10/20 10:16:05 | 00,001,032 | ---- | C] () -- C:\ProgramData\tmpD78A.log
[2008/10/08 20:30:57 | 00,432,128 | ---- | C] () -- C:\Windows\sqlite3.dll
[2008/10/08 14:43:22 | 00,001,032 | ---- | C] () -- C:\ProgramData\tmp86CD.log
[2008/10/07 11:42:54 | 00,000,400 | ---- | C] () -- C:\Windows\g_iclink343.ini
[2008/10/05 19:53:18 | 00,006,520 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Roaming\PrimoPDFSet.xml
[2008/10/05 19:50:03 | 00,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008/10/04 16:56:58 | 00,058,368 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/04 09:43:17 | 00,024,206 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Roaming\UserTile.png
[2008/10/02 15:49:04 | 00,000,680 | ---- | C] () -- C:\Users\Swan Duncan\AppData\Local\d3d9caps.dat
[2008/04/28 11:13:33 | 00,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 836 bytes -> C:\Users\Swan Duncan\Documents\Material proposal.eml:OECustomProperty
@Alternate Data Stream - 744 bytes -> C:\Users\Swan Duncan\Documents\Re_ Looking for work.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> C:\Users\Swan Duncan\Documents\James.eml:OECustomProperty
@Alternate Data Stream - 510 bytes -> C:\Users\Swan Duncan\Documents\Acier Lachine columns.eml:OECustomProperty
< End of report >


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:44 PM

Posted 23 January 2010 - 10:35 PM

Hi,

log is looking good. Just to be safe please run a scan with Eset:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

How is the PC doing?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users