Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:Rootkit-gen


  • This topic is locked This topic is locked
24 replies to this topic

#1 anna_nbgd

anna_nbgd

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 19 February 2010 - 09:00 AM

Infected files by Win32:Rootkit-gen [Rtk]:

F:\WINDOWS\System32\x (ALWAYS the same file - x)
F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\633GVK22\cbbs[1].bmp" file (bpm, jpg or gif with different names)
F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\qjsy[1].bmp" file (bpm, jpg or gif with different names)
F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\aohp[1].png" file (bpm, jpg or gif with different names)
F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E32FIL4R\zzbprrz[1].jpg" file (bpm, jpg or gif with different names)

ComboFix LOG file:

ComboFix 10-02-18.09 - Maja 02/19/2010 14:34:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1064 [GMT 1:00]
Running from: f:\documents and settings\Maja\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100219-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\docume~1\Maja\LOCALS~1\Temp\install_flash_player.exe
f:\recycler\S-1-5-21-1343024091-1682526488-839522115-1003

.
((((((((((((((((((((((((( Files Created from 2010-01-19 to 2010-02-19 )))))))))))))))))))))))))))))))
.

2010-02-19 12:30 . 2010-02-19 12:44 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2010-02-19 12:26 . 2010-02-19 12:58 26688 ----a-w- f:\windows\system32\drivers\procguard.sys
2010-02-19 12:26 . 2008-07-25 12:11 44544 ----a-w- f:\windows\system32\procguard.dll
2010-02-19 12:26 . 2010-02-19 13:12 -------- d-----w- f:\program files\ProcessGuard
2010-02-19 11:20 . 2010-02-19 12:46 -------- d-----w- f:\program files\Sophos
2010-02-18 23:08 . 2004-08-03 23:56 159232 ----a-w- f:\windows\system32\ptpusd.dll
2010-02-18 23:08 . 2001-08-17 21:36 5632 ----a-w- f:\windows\system32\ptpusb.dll
2010-02-18 23:07 . 2004-08-03 21:58 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2010-02-18 23:07 . 2004-08-03 21:58 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\ACD Systems
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ACD Systems
2010-02-17 11:58 . 2004-08-03 22:08 26496 -c--a-w- f:\windows\system32\dllcache\usbstor.sys
2010-02-17 09:34 . 2010-02-19 10:12 -------- d-----w- f:\program files\Valve
2010-02-16 21:29 . 2010-02-16 21:29 5115824 ----a-w- f:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-16 21:28 . 2010-02-16 21:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Malwarebytes
2010-02-16 21:28 . 2010-01-07 15:07 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 21:28 . 2010-02-16 21:29 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2010-02-16 21:28 . 2010-02-16 21:28 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-16 21:28 . 2010-01-07 15:07 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\Application Data\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\program files\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\temp
2010-02-16 15:24 . 2010-02-16 15:24 -------- d-----w- f:\program files\Common Files\Adobe
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-16 14:11 . 2010-02-16 14:11 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-16 14:10 . 2010-02-16 14:13 -------- d-----w- f:\program files\Google
2010-02-16 14:10 . 2010-02-16 14:10 -------- d-----w- f:\program files\Teamspeak2_RC2
2010-02-16 14:09 . 2010-02-16 14:09 -------- d-----w- f:\program files\HLSW
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\xing shared
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\Real
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Real
2010-02-16 13:57 . 2004-03-02 16:37 125184 ------w- f:\windows\system32\drivers\imagesrv.sys
2010-02-16 13:57 . 2004-03-02 16:37 5504 ------w- f:\windows\system32\drivers\imagedrv.sys
2010-02-16 13:57 . 2000-06-26 10:45 106496 ----a-w- f:\windows\system32\TwnLib20.dll
2010-02-16 13:57 . 2004-07-26 16:16 476320 ------w- f:\windows\system32\ImagXpr7.dll
2010-02-16 13:57 . 2004-07-26 16:16 471040 ------w- f:\windows\system32\ImagXRA7.dll
2010-02-16 13:57 . 2004-07-26 16:16 262144 ------w- f:\windows\system32\ImagXR7.dll
2010-02-16 13:57 . 2004-07-26 16:16 1568768 ------w- f:\windows\system32\ImagX7.dll
2010-02-16 13:57 . 2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Common Files\Ahead
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Ahead
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\program files\CyberLink
2010-02-16 13:54 . 2010-02-16 13:55 -------- d-----w- f:\program files\QuickTime
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple Computer
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\program files\Apple Software Update
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Apple
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple Computer
2010-02-16 13:52 . 2010-02-16 13:53 -------- d-----w- f:\documents and settings\Maja\Application Data\BSplayer Pro
2010-02-16 13:52 . 2010-02-16 13:52 -------- d-----w- f:\program files\Webteh
2010-02-16 12:38 . 2010-02-19 13:12 -------- d-----w- f:\documents and settings\Maja\Tracing
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Microsoft
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live SkyDrive
2010-02-16 12:37 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live
2010-02-16 12:32 . 2010-02-16 12:32 -------- d-----w- f:\program files\Common Files\Windows Live
2010-02-16 12:30 . 2010-02-16 18:52 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Screamer Radio
2010-02-16 12:29 . 2010-02-16 12:29 -------- d-----w- f:\program files\PhotoScape
2010-02-16 11:19 . 2006-10-14 15:43 27648 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-16 11:19 . 2006-06-29 12:07 14048 ------w- f:\windows\system32\spmsg2.dll
2010-02-16 11:19 . 2006-10-16 15:10 23856 ----a-w- f:\windows\system32\spupdsvc.exe
2010-02-16 11:13 . 2010-02-16 11:25 -------- d-----w- F:\f8ee2afe1ad1e71421
2010-02-16 11:05 . 2003-06-18 16:31 18944 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-16 11:05 . 2003-06-18 16:31 17920 ----a-w- f:\windows\system32\mdimon.dll
2010-02-16 11:04 . 2010-02-16 11:04 -------- d-----w- f:\program files\Microsoft.NET
2010-02-16 11:04 . 2010-02-16 11:04 -------- d-----w- f:\program files\Microsoft ActiveSync
2010-02-16 11:03 . 2010-02-16 11:04 -------- d-----w- f:\windows\SHELLNEW
2010-02-16 11:01 . 2010-02-16 11:01 -------- d-----r- F:\MSOCache
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\documents and settings\All Users\Application Data\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\Common Files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 10368 ----a-w- f:\windows\system32\drivers\pfc.sys
2010-02-16 10:54 . 2010-02-16 10:54 -------- d-----w- f:\windows\Downloaded Installations
2010-02-16 10:23 . 2010-02-16 10:23 -------- d-----w- f:\windows\nview
2010-02-16 10:23 . 2008-05-16 13:01 446464 ----a-w- f:\windows\system32\nvudisp.exe
2010-02-16 10:23 . 2008-05-16 10:48 446464 ----a-w- f:\windows\system32\NVUNINST.EXE
2010-02-16 10:22 . 2010-02-16 10:22 -------- d-----w- F:\NVIDIA
2010-02-16 10:14 . 2006-08-18 05:52 4017536 ----a-r- f:\windows\system32\drivers\alcxwdm.sys
2010-02-16 10:08 . 2010-02-16 10:15 -------- d-----w- f:\windows\Drivers
2010-02-16 10:05 . 2010-02-16 10:05 -------- d-----w- f:\program files\Intel
2010-02-16 10:04 . 2010-02-16 14:06 -------- d--h--w- f:\program files\InstallShield Installation Information
2010-02-16 10:04 . 2010-02-16 10:14 -------- d-----w- f:\program files\Common Files\InstallShield
2010-02-16 09:54 . 2010-02-16 12:54 -------- d-----w- f:\windows\system32\NtmsData
2010-02-16 09:45 . 2010-02-16 09:45 -------- d-----w- f:\program files\RocketDock
2010-02-16 09:08 . 2010-02-16 09:09 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Temp
2010-02-16 09:08 . 2010-02-16 14:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Google
2010-02-16 09:06 . 2010-02-16 12:38 42752 ----a-w- f:\documents and settings\Maja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 08:23 . 2004-08-03 21:59 5504 -c--a-w- f:\windows\system32\dllcache\intelide.sys
2010-02-16 08:23 . 2004-08-03 21:59 5504 ----a-w- f:\windows\system32\drivers\intelide.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 -c--a-w- f:\windows\system32\dllcache\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 ----a-w- f:\windows\system32\drivers\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 -c--a-w- f:\windows\system32\dllcache\agp440.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 ----a-w- f:\windows\system32\drivers\AGP440.SYS
2010-02-16 08:23 . 2008-05-16 13:01 6557408 -c--a-w- f:\windows\system32\dllcache\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6557408 ----a-w- f:\windows\system32\drivers\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6108928 ----a-w- f:\windows\system32\nv4_disp.dll
2010-02-16 08:23 . 2004-08-03 23:56 4274816 -c--a-w- f:\windows\system32\dllcache\nv4_disp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 00:53 . 2010-02-15 23:32 86327 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Malwarebytes' Anti-Malware"="f:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:513a0792

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- f:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-16 09:08 135664 ----atw- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\Valve\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1200:UDP"= 1200:UDP:services friends

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2/16/2010 11:56 AM 114768]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2/16/2010 11:56 AM 20560]
R2 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/16/2010 10:28 PM 236368]
R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2/16/2010 10:28 PM 19160]
S2 gupdate1caaf11db945d1e;Google Update Service (gupdate1caaf11db945d1e);f:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 3:10 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\4.tmp --> f:\windows\system32\4.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-19 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-17 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]

2010-02-19 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]

2010-02-18 f:\windows\Tasks\Malwarebytes' Scheduled Update for Maja.job
- f:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-16 15:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Steam - f:\program files\Valve\Steam\Steam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 14:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\4.tmp"
.
Completion time: 2010-02-19 14:40:04
ComboFix-quarantined-files.txt 2010-02-19 13:40

Pre-Run: 27,350,892,544 bytes free
Post-Run: 27,421,556,736 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0FB34CB0433A9247732BC18B39CE97C7

Thanks in advance smile.gif


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 20 February 2010 - 02:09 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 20 February 2010 - 09:25 PM

Hello Myrti!

At first I will show you my log file from AVAST background scener:

2/16/2010 12:33:27 PM Maja 1188 Sign of "Win32:Trojan-gen {Other}" has been found in "G:\StrongDC++\Downloads\ScanSpyware.exe" file.
2/16/2010 9:56:31 PM SYSTEM 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/16/2010 10:03:30 PM SYSTEM 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/16/2010 10:37:10 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\633GVK22\cbbs[1].bmp" file.
2/16/2010 10:37:46 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\qjsy[1].bmp" file.
2/16/2010 10:38:07 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\aohp[1].png" file.
2/16/2010 11:10:59 PM SYSTEM 1328 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 1:26:38 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\hijscv[1].jpg" file.
2/18/2010 1:26:44 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 1:53:46 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 3:31:39 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 3:38:40 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 3:42:31 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\633GVK22\srpuqip[1].bmp" file.
2/18/2010 3:42:35 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E32FIL4R\zzbprrz[1].jpg" file.
2/18/2010 3:42:43 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\sloxnzn[1].gif" file.
2/18/2010 3:42:46 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\blmwgw[1].jpg" file.
2/18/2010 3:42:48 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\dtbpntp[1].bmp" file.
2/18/2010 3:42:50 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\uazxb[1].bmp" file.
2/18/2010 3:49:06 PM Maja 1196 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E32FIL4R\zzbprrz[1].jpg" file.
2/18/2010 7:36:01 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L7U2Y39G\ceqiigr[1].jpg" file.
2/18/2010 7:36:10 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:46:13 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:50:50 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:01:17 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:07:45 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:17:28 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:18:36 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:55:21 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 9:34:46 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 9:44:51 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 12:48:36 AM SYSTEM 1292 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 12:21:52 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\86EI76T1\zsgxvcdc[1].jpg" file.
2/19/2010 12:23:20 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UOS5BKCX\gruikb[1].jpg" file.
2/19/2010 12:25:48 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\86EI76T1\eoptiyl[1].jpg" file.
2/19/2010 12:48:35 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 1:48:52 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 1:53:43 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 2:09:53 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 2:15:03 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UYVZWFG1\ihmxouv[1].jpg" file.
2/19/2010 3:18:40 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4H6ZO1QZ\qgefad[1].bmp" file.
2/19/2010 3:18:49 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/19/2010 6:32:30 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/19/2010 6:32:31 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 6:32:55 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 8:05:23 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/19/2010 8:05:24 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 8:05:37 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 12:11:01 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 12:11:02 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 12:11:17 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 11:49:33 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 11:49:34 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 11:49:58 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 3:20:11 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 3:20:12 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 3:20:32 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:01:24 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 4:01:26 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:01:36 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:41:14 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 4:41:14 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:41:25 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 9:25:42 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 9:25:43 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 9:25:52 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.

Of course, I couldn`t delete these files permanently because virus from time to time created it again. I tried some solutions over some tutorials for removal and tools, Malwarebytes , RootkitRevealer... and Combo Fix at last. Nothing was helpful. Also, I reintalled Windows (16/02/10), but virus came back. :@

OTL.Txt

OTL logfile created on: 2/21/2010 3:01:36 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = F:\Documents and Settings\Maja\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.84 Gb Total Space | 24.33 Gb Free Space | 76.41% Space Free | Partition Type: NTFS
Drive G: | 117.20 Gb Total Space | 36.01 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTNIK-E9D27CB8
Current User Name: Maja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/21 03:00:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Maja\Desktop\OTL.exe
PRC - [2010/02/20 15:41:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/16 15:01:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- F:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- F:\Documents and Settings\Maja\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- F:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/05/16 14:01:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- F:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/08/02 22:12:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\soundman.exe
PRC - [2004/08/03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 03:00:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Maja\Desktop\OTL.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- F:\Program Files\RocketDock\RocketDock.dll
MOD - [2004/08/03 23:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- F:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:56:38 | 002,897,920 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\xpsp2res.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/20 15:41:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- F:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/16 15:10:51 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- F:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1caaf11db945d1e) Google Update Service (gupdate1caaf11db945d1e)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- F:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- F:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008/05/16 14:01:00 | 000,159,812 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- F:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/16 11:55:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009/11/25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- F:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- F:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/18 06:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/07/17 10:36:38 | 000,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- F:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/18 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- F:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1275210071-776561741-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1275210071-776561741-725345543-1003\S-1-5-21-1275210071-776561741-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - F:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1275210071-776561741-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] F:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] F:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] F:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] F:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] F:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] F:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1275210071-776561741-725345543-1003..\Run: [RocketDock] F:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: F:\Documents and Settings\Maja\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = F:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-776561741-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1275210071-776561741-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - F:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.93.224.1 80.93.224.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - F:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: F:\Documents and Settings\Maja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Maja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - F:\WINDOWS\system32\ias [2010/02/16 01:09:32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: rdblmfht - F:\WINDOWS\system32\yhsnocj.dll ()

MsConfig - StartUpFolder: F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - F:\Documents and Settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - F:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - F:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection F:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - F:\WINDOWS\system32\Rundll32.exe F:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - F:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - F:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - F:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - F:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - F:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - F:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - F:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - F:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - F:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - F:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - F:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - F:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/21 03:00:31 | 000,549,376 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Maja\Desktop\OTL.exe
[2010/02/20 20:05:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\My Documents\OneNote Notebooks
[2010/02/20 16:03:47 | 000,000,000 | ---D | C] -- F:\WINDOWS\Sun
[2010/02/20 15:41:48 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Sun
[2010/02/20 15:41:45 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Java
[2010/02/20 15:41:28 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\deploytk.dll
[2010/02/20 15:41:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaws.exe
[2010/02/20 15:41:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaw.exe
[2010/02/20 15:41:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\java.exe
[2010/02/20 15:41:28 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javacpl.cpl
[2010/02/20 15:41:04 | 000,000,000 | ---D | C] -- F:\Program Files\Java
[2010/02/20 15:38:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Sun
[2010/02/20 15:24:14 | 000,000,000 | ---D | C] -- F:\Program Files\Adobe
[2010/02/20 12:59:00 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\My Documents\Updater5
[2010/02/20 00:22:45 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\WinRAR
[2010/02/19 18:32:27 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/19 18:26:25 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\ParetoLogic
[2010/02/19 18:26:15 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/02/19 18:26:14 | 000,000,000 | ---D | C] -- F:\Program Files\ParetoLogic
[2010/02/19 18:04:06 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Adobe
[2010/02/19 17:57:19 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Adobe
[2010/02/19 17:53:53 | 000,032,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msonpmon.dll
[2010/02/19 17:48:31 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Works
[2010/02/19 17:48:13 | 000,000,000 | ---D | C] -- F:\Program Files\MSBuild
[2010/02/19 17:47:16 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Visual Studio
[2010/02/19 17:47:15 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\DESIGNER
[2010/02/19 17:45:52 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft.NET
[2010/02/19 17:42:07 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Visual Studio 8
[2010/02/19 17:40:45 | 000,000,000 | ---D | C] -- F:\WINDOWS\SHELLNEW
[2010/02/19 17:40:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Microsoft Help
[2010/02/19 17:39:43 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft Office
[2010/02/19 17:39:42 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/19 17:38:44 | 000,000,000 | RH-D | C] -- F:\MSOCache
[2010/02/19 17:36:07 | 000,000,000 | -HSD | C] -- F:\Config.Msi
[2010/02/19 17:20:31 | 000,000,000 | ---D | C] -- F:\Program Files\WinRAR
[2010/02/19 14:41:24 | 000,000,000 | -HSD | C] -- F:\RECYCLER
[2010/02/19 14:33:35 | 000,000,000 | RHSD | C] -- F:\cmdcons
[2010/02/19 14:32:11 | 000,212,480 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWXCACLS.exe
[2010/02/19 14:32:11 | 000,161,792 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWREG.exe
[2010/02/19 14:32:11 | 000,136,704 | ---- | C] (SteelWerX) -- F:\WINDOWS\SWSC.exe
[2010/02/19 14:32:11 | 000,031,232 | ---- | C] (NirSoft) -- F:\WINDOWS\NIRCMD.exe
[2010/02/19 14:32:02 | 000,000,000 | ---D | C] -- F:\WINDOWS\ERDNT
[2010/02/19 14:31:22 | 000,000,000 | -H-D | C] -- F:\Qoobox
[2010/02/19 13:30:52 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/19 13:26:54 | 000,044,544 | ---- | C] (DiamondCS) -- F:\WINDOWS\System32\procguard.dll
[2010/02/19 13:26:54 | 000,026,688 | ---- | C] (DiamondCS) -- F:\WINDOWS\System32\drivers\procguard.sys
[2010/02/19 00:08:00 | 000,159,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ptpusd.dll
[2010/02/19 00:08:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ptpusb.dll
[2010/02/19 00:07:59 | 000,015,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\usbscan.sys
[2010/02/18 11:26:47 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\ACD Systems
[2010/02/18 11:26:46 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\ACD Systems
[2010/02/17 12:58:12 | 000,026,496 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\usbstor.sys
[2010/02/17 10:34:03 | 000,000,000 | ---D | C] -- F:\Program Files\Valve
[2010/02/17 10:28:37 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\appmgmt
[2010/02/16 22:28:18 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Malwarebytes
[2010/02/16 22:28:10 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/16 21:27:36 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\TeamViewer
[2010/02/16 21:27:32 | 000,000,000 | ---D | C] -- F:\Program Files\TeamViewer
[2010/02/16 21:27:20 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\temp
[2010/02/16 21:00:35 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\My Documents\DriverGenius
[2010/02/16 16:24:24 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/16 15:37:26 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/16 15:13:59 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Google
[2010/02/16 15:11:00 | 000,000,000 | ---D | M] -- F:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/02/16 15:10:53 | 000,000,000 | ---D | C] -- F:\Program Files\Google
[2010/02/16 15:10:29 | 000,034,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\lhacm.acm
[2010/02/16 15:10:24 | 000,000,000 | ---D | C] -- F:\Program Files\Teamspeak2_RC2
[2010/02/16 15:09:08 | 000,000,000 | ---D | C] -- F:\Program Files\HLSW
[2010/02/16 15:02:16 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\My Documents\My Videos
[2010/02/16 15:01:54 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- F:\WINDOWS\System32\rmoc3260.dll
[2010/02/16 15:01:47 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- F:\WINDOWS\System32\pndx5016.dll
[2010/02/16 15:01:47 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- F:\WINDOWS\System32\pndx5032.dll
[2010/02/16 15:01:45 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\xing shared
[2010/02/16 15:01:23 | 000,278,528 | ---- | C] (Real Networks, Inc) -- F:\WINDOWS\System32\pncrt.dll
[2010/02/16 15:01:20 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Real
[2010/02/16 15:01:20 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\Real
[2010/02/16 15:01:19 | 000,000,000 | ---D | C] -- F:\Program Files\Real
[2010/02/16 14:57:39 | 000,125,184 | ---- | C] (Ahead Software AG) -- F:\WINDOWS\System32\drivers\imagesrv.sys
[2010/02/16 14:57:39 | 000,005,504 | ---- | C] (Ahead Software AG) -- F:\WINDOWS\System32\drivers\imagedrv.sys
[2010/02/16 14:57:16 | 000,106,496 | ---- | C] (Pegasus Software) -- F:\WINDOWS\System32\TwnLib20.dll
[2010/02/16 14:57:15 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- F:\WINDOWS\System32\ImagX7.dll
[2010/02/16 14:57:15 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- F:\WINDOWS\System32\ImagXpr7.dll
[2010/02/16 14:57:15 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- F:\WINDOWS\System32\ImagXRA7.dll
[2010/02/16 14:57:15 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- F:\WINDOWS\System32\ImagXR7.dll
[2010/02/16 14:57:14 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- F:\WINDOWS\System32\NeroCheck.exe
[2010/02/16 14:57:13 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Ahead
[2010/02/16 14:57:12 | 000,000,000 | ---D | C] -- F:\Program Files\Ahead
[2010/02/16 14:55:57 | 000,221,215 | ---- | C] (DivXNetworks, Inc.) -- F:\WINDOWS\System32\Divxdec.ax
[2010/02/16 14:55:55 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\CyberLink
[2010/02/16 14:55:52 | 000,000,000 | ---D | C] -- F:\Program Files\CyberLink
[2010/02/16 14:54:35 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Apple
[2010/02/16 14:54:23 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Apple Computer
[2010/02/16 14:54:07 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Real
[2010/02/16 14:52:14 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\BSplayer Pro
[2010/02/16 14:52:10 | 000,000,000 | ---D | C] -- F:\Program Files\Webteh
[2010/02/16 13:38:56 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Tracing
[2010/02/16 13:38:24 | 000,000,000 | ---D | C] -- F:\Program Files\Microsoft
[2010/02/16 13:38:13 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Documents\microsoft
[2010/02/16 13:38:06 | 000,000,000 | ---D | C] -- F:\Program Files\Windows Live SkyDrive
[2010/02/16 13:37:43 | 000,000,000 | ---D | C] -- F:\Program Files\Windows Live
[2010/02/16 13:32:12 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Windows Live
[2010/02/16 13:30:45 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Screamer Radio
[2010/02/16 13:29:49 | 000,000,000 | ---D | C] -- F:\Program Files\PhotoScape
[2010/02/16 12:19:16 | 000,014,048 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\spmsg2.dll
[2010/02/16 12:19:00 | 000,023,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\spupdsvc.exe
[2010/02/16 12:13:37 | 000,000,000 | -H-D | C] -- F:\f8ee2afe1ad1e71421
[2010/02/16 12:11:16 | 000,000,000 | R-SD | C] -- F:\WINDOWS\assembly
[2010/02/16 12:10:48 | 000,000,000 | ---D | C] -- F:\WINDOWS\Microsoft.NET
[2010/02/16 12:05:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mdimon.dll
[2010/02/16 11:56:55 | 000,023,120 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswRdr.sys
[2010/02/16 11:56:54 | 000,048,560 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswTdi.sys
[2010/02/16 11:56:54 | 000,027,408 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aavmker4.sys
[2010/02/16 11:56:53 | 000,097,480 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\AvastSS.scr
[2010/02/16 11:56:52 | 000,114,768 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswSP.sys
[2010/02/16 11:56:52 | 000,094,160 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon2.sys
[2010/02/16 11:56:52 | 000,093,424 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswmon.sys
[2010/02/16 11:56:52 | 000,020,560 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/02/16 11:56:43 | 000,000,000 | ---D | C] -- F:\WINDOWS\pss
[2010/02/16 11:56:33 | 001,280,480 | ---- | C] (ALWIL Software) -- F:\WINDOWS\System32\aswBoot.exe
[2010/02/16 11:56:33 | 001,060,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MFC71.dll
[2010/02/16 11:56:33 | 000,499,712 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MSVCP71.dll
[2010/02/16 11:56:33 | 000,348,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\MSVCR71.dll
[2010/02/16 11:56:31 | 000,000,000 | ---D | C] -- F:\Program Files\Alwil Software
[2010/02/16 11:55:43 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/02/16 11:55:42 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\ACD Systems
[2010/02/16 11:55:42 | 000,000,000 | ---D | C] -- F:\Program Files\ACD Systems
[2010/02/16 11:55:36 | 000,010,368 | ---- | C] (Padus, Inc.) -- F:\WINDOWS\System32\drivers\pfc.sys
[2010/02/16 11:54:02 | 000,000,000 | ---D | C] -- F:\WINDOWS\Downloaded Installations
[2010/02/16 11:23:32 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nvudisp.exe
[2010/02/16 11:23:32 | 000,000,000 | ---D | C] -- F:\WINDOWS\nview
[2010/02/16 11:23:22 | 000,446,464 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\NVUNINST.EXE
[2010/02/16 11:22:50 | 000,000,000 | -H-D | C] -- F:\NVIDIA
[2010/02/16 11:17:17 | 000,017,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\spmsg.dll
[2010/02/16 11:15:18 | 000,006,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\splitter.sys
[2010/02/16 11:15:16 | 000,082,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wdmaud.sys
[2010/02/16 11:15:14 | 000,052,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dmusic.sys
[2010/02/16 11:15:13 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\swmidi.sys
[2010/02/16 11:15:11 | 000,142,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\aec.sys
[2010/02/16 11:15:10 | 000,171,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kmixer.sys
[2010/02/16 11:15:09 | 000,002,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\drmkaud.sys
[2010/02/16 11:15:07 | 000,060,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sysaudio.sys
[2010/02/16 11:15:05 | 000,007,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mskssrv.sys
[2010/02/16 11:15:03 | 000,004,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mspqm.sys
[2010/02/16 11:15:01 | 000,005,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mspclock.sys
[2010/02/16 11:14:55 | 004,017,536 | R--- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\System32\drivers\alcxwdm.sys
[2010/02/16 11:14:54 | 000,145,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\drivers\portcls.sys
[2010/02/16 11:14:54 | 000,145,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\portcls.sys
[2010/02/16 11:14:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ksuser.dll
[2010/02/16 11:14:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ksuser.dll
[2010/02/16 11:14:53 | 000,130,048 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ksproxy.ax
[2010/02/16 11:14:53 | 000,130,048 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ksproxy.ax
[2010/02/16 11:14:53 | 000,060,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\drivers\drmk.sys
[2010/02/16 11:14:53 | 000,060,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\drmk.sys
[2010/02/16 11:14:51 | 000,000,000 | ---D | C] -- F:\Program Files\Realtek Sound Manager
[2010/02/16 11:14:50 | 000,000,000 | ---D | C] -- F:\Program Files\AvRack
[2010/02/16 11:14:44 | 000,000,000 | ---D | C] -- F:\Program Files\Realtek AC97
[2010/02/16 11:14:43 | 018,804,736 | ---- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\System32\alsndmgr.cpl
[2010/02/16 11:14:43 | 010,528,768 | ---- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\System32\RTLCPL.exe
[2010/02/16 11:14:43 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\soundman.exe
[2010/02/16 11:14:42 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\alcupd.exe
[2010/02/16 11:14:42 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- F:\WINDOWS\Alcrmv.exe
[2010/02/16 11:14:22 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Macromedia
[2010/02/16 11:14:22 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Adobe
[2010/02/16 11:08:49 | 000,000,000 | ---D | C] -- F:\WINDOWS\Drivers
[2010/02/16 11:05:11 | 000,000,000 | ---D | C] -- F:\Program Files\Intel
[2010/02/16 11:04:26 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\ReinstallBackups
[2010/02/16 11:04:23 | 000,000,000 | -H-D | C] -- F:\Program Files\InstallShield Installation Information
[2010/02/16 11:04:17 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\InstallShield
[2010/02/16 10:54:44 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\NtmsData
[2010/02/16 10:45:19 | 000,000,000 | ---D | C] -- F:\Program Files\RocketDock
[2010/02/16 10:10:32 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\My Documents\Downloads
[2010/02/16 10:08:05 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Temp
[2010/02/16 10:08:02 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Google
[2010/02/16 09:23:56 | 000,005,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\intelide.sys
[2010/02/16 09:23:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\usbuhci.sys
[2010/02/16 09:23:46 | 000,042,368 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agp440.sys
[2010/02/16 09:23:36 | 006,557,408 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/02/16 09:23:36 | 006,557,408 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/02/16 09:23:36 | 006,108,928 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\nv4_disp.dll
[2010/02/16 09:23:36 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- F:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/02/16 01:18:39 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- F:\WINDOWS\System32\drivers\RTL8139.sys
[2010/02/16 01:18:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\usbui.dll
[2010/02/16 01:18:14 | 000,074,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\usbui.dll
[2010/02/16 01:17:23 | 000,000,000 | -HSD | C] -- F:\WINDOWS\Installer
[2010/02/16 01:17:22 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\ODBC
[2010/02/16 01:17:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\spcommon.dll
[2010/02/16 01:17:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\spcplui.dll
[2010/02/16 01:17:20 | 000,774,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\spttseng.dll
[2010/02/16 01:17:18 | 000,741,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sapi.dll
[2010/02/16 01:17:18 | 000,155,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sapi.cpl
[2010/02/16 01:17:18 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sapisvr.exe
[2010/02/16 01:17:18 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\SpeechEngines
[2010/02/16 01:17:17 | 000,000,000 | R--D | C] -- F:\Program Files
[2010/02/16 01:17:17 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Microsoft Shared
[2010/02/16 01:17:17 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files
[2010/02/16 01:17:16 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt041f.dll
[2010/02/16 01:17:14 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdazel.dll
[2010/02/16 01:17:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdazel.dll
[2010/02/16 01:17:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0419.dll
[2010/02/16 01:17:13 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdtuq.dll
[2010/02/16 01:17:13 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdtuf.dll
[2010/02/16 01:17:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdtuq.dll
[2010/02/16 01:17:13 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdtuf.dll
[2010/02/16 01:17:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdmon.dll
[2010/02/16 01:17:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdkyr.dll
[2010/02/16 01:17:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdmon.dll
[2010/02/16 01:17:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdkyr.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdycc.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbduzb.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdur.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdtat.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdru1.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdkaz.dll
[2010/02/16 01:17:09 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdaze.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdycc.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbduzb.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdur.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdtat.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdru1.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdkaz.dll
[2010/02/16 01:17:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdaze.dll
[2010/02/16 01:17:08 | 000,022,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0408.dll
[2010/02/16 01:17:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdru.dll
[2010/02/16 01:17:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdbu.dll
[2010/02/16 01:17:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdblr.dll
[2010/02/16 01:17:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdru.dll
[2010/02/16 01:17:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdbu.dll
[2010/02/16 01:17:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdblr.dll
[2010/02/16 01:17:05 | 000,008,192 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhept.dll
[2010/02/16 01:17:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhept.dll
[2010/02/16 01:17:04 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhela3.dll
[2010/02/16 01:17:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhela3.dll
[2010/02/16 01:17:04 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhela2.dll
[2010/02/16 01:17:04 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdgkl.dll
[2010/02/16 01:17:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhela2.dll
[2010/02/16 01:17:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdgkl.dll
[2010/02/16 01:17:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhe319.dll
[2010/02/16 01:17:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhe220.dll
[2010/02/16 01:17:04 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhe.dll
[2010/02/16 01:17:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhe319.dll
[2010/02/16 01:17:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhe220.dll
[2010/02/16 01:17:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhe.dll
[2010/02/16 01:17:01 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdlv1.dll
[2010/02/16 01:17:01 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdlv.dll
[2010/02/16 01:17:01 | 000,006,144 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdest.dll
[2010/02/16 01:17:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlv1.dll
[2010/02/16 01:17:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlv.dll
[2010/02/16 01:17:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdest.dll
[2010/02/16 01:17:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdlt1.dll
[2010/02/16 01:17:01 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdlt.dll
[2010/02/16 01:17:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlt1.dll
[2010/02/16 01:17:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlt.dll
[2010/02/16 01:17:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt040e.dll
[2010/02/16 01:17:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0415.dll
[2010/02/16 01:16:59 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0405.dll
[2010/02/16 01:16:57 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdsl1.dll
[2010/02/16 01:16:57 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdsl.dll
[2010/02/16 01:16:57 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdpl.dll
[2010/02/16 01:16:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsl1.dll
[2010/02/16 01:16:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsl.dll
[2010/02/16 01:16:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdpl.dll
[2010/02/16 01:16:57 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdro.dll
[2010/02/16 01:16:57 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdro.dll
[2010/02/16 01:16:56 | 000,007,168 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdcz.dll
[2010/02/16 01:16:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdcz.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdycl.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhu.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdcz2.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdcz1.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdcr.dll
[2010/02/16 01:16:56 | 000,006,656 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\KBDAL.DLL
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdycl.dll
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhu.dll
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdcz2.dll
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdcz1.dll
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdcr.dll
[2010/02/16 01:16:56 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdal.dll
[2010/02/16 01:16:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdpl1.dll
[2010/02/16 01:16:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\kbdhu1.dll
[2010/02/16 01:16:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdpl1.dll
[2010/02/16 01:16:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdhu1.dll
[2010/02/16 01:16:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\irclass.dll
[2010/02/16 01:16:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\irclass.dll
[2010/02/16 01:16:52 | 000,176,157 | ---- | C] (Digi International, Inc.) -- F:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2010/02/16 01:16:52 | 000,176,157 | ---- | C] (Digi International, Inc.) -- F:\WINDOWS\System32\dgrpsetu.dll
[2010/02/16 01:16:52 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- F:\WINDOWS\System32\EqnClass.Dll
[2010/02/16 01:16:52 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- F:\WINDOWS\System32\dllcache\eqnclass.dll
[2010/02/16 01:16:52 | 000,085,020 | ---- | C] (Digi International) -- F:\WINDOWS\System32\dllcache\dgsetup.dll
[2010/02/16 01:16:52 | 000,085,020 | ---- | C] (Digi International) -- F:\WINDOWS\System32\dgsetup.dll
[2010/02/16 01:16:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- F:\WINDOWS\System32\spxcoins.dll
[2010/02/16 01:16:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- F:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/02/16 01:16:51 | 000,019,200 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\TAPI.DLL
[2010/02/16 01:16:51 | 000,013,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\WFWNET.DRV
[2010/02/16 01:16:51 | 000,009,008 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\VER.DLL
[2010/02/16 01:16:51 | 000,004,048 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\TIMER.DRV
[2010/02/16 01:16:51 | 000,003,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\SYSTEM.DRV
[2010/02/16 01:16:51 | 000,002,176 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\VGA.DRV
[2010/02/16 01:16:50 | 000,126,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MSVIDEO.DLL
[2010/02/16 01:16:50 | 000,082,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\OLECLI.DLL
[2010/02/16 01:16:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\OLESVR.DLL
[2010/02/16 01:16:50 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\SHELL.DLL
[2010/02/16 01:16:50 | 000,001,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\SOUND.DRV
[2010/02/16 01:16:49 | 000,073,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MCIAVI.DRV
[2010/02/16 01:16:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MCIWAVE.DRV
[2010/02/16 01:16:49 | 000,025,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MCISEQ.DRV
[2010/02/16 01:16:49 | 000,009,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\LZEXPAND.DLL
[2010/02/16 01:16:49 | 000,002,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MOUSE.DRV
[2010/02/16 01:16:49 | 000,002,000 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\KEYBOARD.DRV
[2010/02/16 01:16:49 | 000,001,152 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MMTASK.TSK
[2010/02/16 01:16:48 | 000,109,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\AVIFILE.DLL
[2010/02/16 01:16:48 | 000,069,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\AVICAP.DLL
[2010/02/16 01:16:48 | 000,032,816 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\COMMDLG.DLL
[2010/02/16 01:16:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\TASKMAN.EXE
[2010/02/16 01:16:48 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\taskman.exe
[2010/02/16 01:16:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\irenum.sys
[2010/02/16 01:16:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\batt.dll
[2010/02/16 01:16:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\batt.dll
[2010/02/16 01:16:46 | 000,146,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\WINSPOOL.DRV
[2010/02/16 01:16:46 | 000,068,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System\MMSYSTEM.DLL
[2010/02/16 01:16:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\storprop.dll
[2010/02/16 01:16:38 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Start Menu
[2010/02/16 01:16:38 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents
[2010/02/16 01:16:38 | 000,000,000 | -H-D | C] -- F:\Documents and Settings\All Users\Templates
[2010/02/16 01:16:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Favorites
[2010/02/16 01:16:38 | 000,000,000 | ---D | C] -- F:\Documents and Settings\All Users\Desktop
[2010/02/16 01:15:09 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\CatRoot2
[2010/02/16 01:15:09 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\CatRoot
[2010/02/16 01:15:04 | 000,000,000 | --SD | C] -- F:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/16 01:15:04 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\All Users\Application Data
[2010/02/16 01:14:17 | 000,000,000 | -HSD | C] -- F:\System Volume Information
[2010/02/16 01:14:17 | 000,000,000 | ---D | C] -- F:\Documents and Settings
[2010/02/16 01:07:59 | 000,000,000 | R-SD | C] -- F:\WINDOWS\Fonts
[2010/02/16 01:07:59 | 000,000,000 | RHSD | C] -- F:\WINDOWS\System32\dllcache
[2010/02/16 01:07:59 | 000,000,000 | R--D | C] -- F:\WINDOWS\Web
[2010/02/16 01:07:59 | 000,000,000 | -H-D | C] -- F:\WINDOWS
[2010/02/16 01:07:59 | 000,000,000 | -H-D | C] -- F:\WINDOWS\inf
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\WinSxS
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\wins
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\wbem
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\usmt
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\twain_32
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Temp
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\system32
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\system
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\spool
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\ShellExt
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\Setup
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\security
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Resources
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\repair
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\ras
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Provisioning
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\PeerNet
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\pchealth
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\oobe
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\npp
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\mui
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\mui
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\msapps
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\msagent
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Media
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\java
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\inetsrv
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\IME
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\ime
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\icsxml
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\ias
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Help
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\export
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\etc
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\ehome
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Driver Cache
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\drivers\disdn
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\dhcp
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Debug
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Cursors
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Connection Wizard
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\config
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\Config
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\AppPatch
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\addins
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\3com_dmi
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\3076
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\2052
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1054
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1042
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1041
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1037
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1033
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1031
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1028
[2010/02/16 01:07:59 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\1025
[2010/02/16 00:39:34 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Application Data\Identities
[2010/02/16 00:39:33 | 000,000,000 | -H-D | C] -- F:\Program Files\Uninstall Information
[2010/02/16 00:39:31 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\My Documents\My Pictures
[2010/02/16 00:39:31 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\My Documents\My Music
[2010/02/16 00:39:17 | 000,000,000 | --SD | C] -- F:\Documents and Settings\Maja\Application Data\Microsoft
[2010/02/16 00:39:17 | 000,000,000 | --SD | C] -- F:\Documents and Settings\Maja\Cookies
[2010/02/16 00:39:17 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\Maja\Application Data
[2010/02/16 00:39:17 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\Favorites
[2010/02/16 00:39:17 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Local Settings\Application Data\Microsoft
[2010/02/16 00:39:17 | 000,000,000 | ---D | C] -- F:\Documents and Settings\Maja\Desktop
[2010/02/16 00:39:16 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\Maja\SendTo
[2010/02/16 00:39:16 | 000,000,000 | RH-D | C] -- F:\Documents and Settings\Maja\Recent
[2010/02/16 00:39:16 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\Start Menu
[2010/02/16 00:39:16 | 000,000,000 | R--D | C] -- F:\Documents and Settings\Maja\My Documents
[2010/02/16 00:39:16 | 000,000,000 | -H-D | C] -- F:\Documents and Settings\Maja\Templates
[2010/02/16 00:39:16 | 000,000,000 | -H-D | C] -- F:\Documents and Settings\Maja\PrintHood
[2010/02/16 00:39:16 | 000,000,000 | -H-D | C] -- F:\Documents and Settings\Maja\NetHood
[2010/02/16 00:39:16 | 000,000,000 | -H-D | C] -- F:\Documents and Settings\Maja\Local Settings
[2010/02/16 00:38:24 | 000,000,000 | ---D | C] -- F:\WINDOWS\SoftwareDistribution
[2010/02/16 00:38:13 | 000,000,000 | ---D | C] -- F:\WINDOWS\Prefetch
[2010/02/16 00:38:12 | 000,000,000 | --SD | C] -- F:\WINDOWS\System32\Microsoft
[2010/02/16 00:37:58 | 000,000,000 | ---D | M] -- F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/16 00:35:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winzm.ime
[2010/02/16 00:35:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winsp.ime
[2010/02/16 00:35:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winpy.ime
[2010/02/16 00:35:58 | 000,079,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winar30.ime
[2010/02/16 00:35:58 | 000,069,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wingb.ime
[2010/02/16 00:35:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winime.ime
[2010/02/16 00:35:57 | 000,041,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/02/16 00:35:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/02/16 00:35:56 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w3svc.dll
[2010/02/16 00:35:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wam51.dll
[2010/02/16 00:35:56 | 000,053,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wamreg51.dll
[2010/02/16 00:35:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wamps51.dll
[2010/02/16 00:35:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w3svapi.dll
[2010/02/16 00:35:55 | 000,426,041 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\voicepad.dll
[2010/02/16 00:35:55 | 000,086,073 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\voicesub.dll
[2010/02/16 00:35:55 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w3ext.dll
[2010/02/16 00:35:55 | 000,048,256 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w32.dll
[2010/02/16 00:35:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010/02/16 00:35:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\uniime.dll
[2010/02/16 00:35:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\unicdime.ime
[2010/02/16 00:35:53 | 000,103,424 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\uihelper.dll
[2010/02/16 00:35:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsprof.exe
[2010/02/16 00:35:52 | 000,571,392 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/02/16 00:35:52 | 000,455,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/02/16 00:35:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/02/16 00:35:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tools.dll
[2010/02/16 00:35:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/02/16 00:35:51 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/02/16 00:35:51 | 000,021,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdipx.sys
[2010/02/16 00:35:51 | 000,019,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdspx.sys
[2010/02/16 00:35:51 | 000,013,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdasync.sys
[2010/02/16 00:35:50 | 000,046,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\svcext51.dll
[2010/02/16 00:35:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\status.dll
[2010/02/16 00:35:49 | 000,101,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/02/16 00:35:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sspifilt.dll
[2010/02/16 00:35:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ssinc51.dll
[2010/02/16 00:35:48 | 000,143,422 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\softkey.dll
[2010/02/16 00:35:47 | 000,188,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010/02/16 00:35:47 | 000,040,448 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010/02/16 00:35:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/02/16 00:35:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmptrap.exe
[2010/02/16 00:35:47 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/02/16 00:35:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpmib.dll
[2010/02/16 00:35:46 | 000,456,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010/02/16 00:35:46 | 000,358,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpincl.dll
[2010/02/16 00:35:46 | 000,259,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmpcl.dll
[2010/02/16 00:35:46 | 000,032,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\snmp.exe
[2010/02/16 00:35:45 | 000,236,544 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smi2smir.exe
[2010/02/16 00:35:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/02/16 00:35:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/02/16 00:35:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smtpapi.dll
[2010/02/16 00:35:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/02/16 00:35:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/02/16 00:35:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/02/16 00:35:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smb6w.dll
[2010/02/16 00:35:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sma3w.dll
[2010/02/16 00:35:44 | 000,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm93w.dll
[2010/02/16 00:35:44 | 000,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm92w.dll
[2010/02/16 00:35:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm90w.dll
[2010/02/16 00:35:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/02/16 00:35:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm87w.dll
[2010/02/16 00:35:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm81w.dll
[2010/02/16 00:35:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/02/16 00:35:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/02/16 00:35:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm89w.dll
[2010/02/16 00:35:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sm59w.dll
[2010/02/16 00:35:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\simptcp.dll
[2010/02/16 00:35:41 | 000,221,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\seo.dll
[2010/02/16 00:35:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/02/16 00:35:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/02/16 00:35:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/16 00:35:40 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/16 00:35:40 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- F:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/02/16 00:35:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rw001ext.dll
[2010/02/16 00:35:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rwnh.dll
[2010/02/16 00:35:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\romanime.ime
[2010/02/16 00:35:39 | 000,023,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/02/16 00:35:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rpcref.dll
[2010/02/16 00:35:38 | 000,020,736 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ramdisk.sys
[2010/02/16 00:35:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\quser.exe
[2010/02/16 00:35:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\register.exe
[2010/02/16 00:35:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\quick.ime
[2010/02/16 00:35:37 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\query.exe
[2010/02/16 00:35:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pwsdata.dll
[2010/02/16 00:35:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/02/16 00:35:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/02/16 00:35:35 | 000,482,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/02/16 00:35:35 | 000,070,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/02/16 00:35:35 | 000,067,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/02/16 00:35:35 | 000,053,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/02/16 00:35:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/02/16 00:35:34 | 000,079,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\phon.ime
[2010/02/16 00:35:34 | 000,020,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\permchk.dll
[2010/02/16 00:35:33 | 000,036,927 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs411.dll
[2010/02/16 00:35:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pagecnt.dll
[2010/02/16 00:35:33 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs404.dll
[2010/02/16 00:35:33 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs804.dll
[2010/02/16 00:35:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\padrs412.dll
[2010/02/16 00:35:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/02/16 00:35:31 | 000,053,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nextlink.dll
[2010/02/16 00:35:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nsepm.dll
[2010/02/16 00:35:30 | 000,229,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\multibox.dll
[2010/02/16 00:35:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtstocom.exe
[2010/02/16 00:35:28 | 001,875,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/02/16 00:35:28 | 000,040,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msiregmv.exe
[2010/02/16 00:35:27 | 000,098,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/02/16 00:35:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\migregdb.exe
[2010/02/16 00:35:24 | 000,092,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mga.sys
[2010/02/16 00:35:24 | 000,092,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mga.dll
[2010/02/16 00:35:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\metada51.dll
[2010/02/16 00:35:24 | 000,037,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\md5filt.dll
[2010/02/16 00:35:24 | 000,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mdsync.dll
[2010/02/16 00:35:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/02/16 00:35:23 | 000,022,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010/02/16 00:35:23 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lprmon.dll
[2010/02/16 00:35:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lonsint.dll
[2010/02/16 00:35:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\lmmib2.dll
[2010/02/16 00:35:22 | 000,022,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\logscrpt.dll
[2010/02/16 00:35:21 | 000,070,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/02/16 00:35:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/02/16 00:35:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/02/16 00:35:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/02/16 00:35:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/02/16 00:35:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/02/16 00:35:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/02/16 00:35:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/02/16 00:35:19 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/02/16 00:35:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/02/16 00:35:19 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/02/16 00:35:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010/02/16 00:35:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010/02/16 00:35:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/02/16 00:35:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/02/16 00:35:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/02/16 00:35:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/02/16 00:35:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010/02/16 00:35:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/02/16 00:35:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/02/16 00:35:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/02/16 00:35:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/02/16 00:35:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/02/16 00:35:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/02/16 00:35:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdax2.dll
[2010/02/16 00:35:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd106n.dll
[2010/02/16 00:35:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/02/16 00:35:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda3.dll
[2010/02/16 00:35:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda2.dll
[2010/02/16 00:35:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbda1.dll
[2010/02/16 00:35:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/02/16 00:35:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/02/16 00:35:15 | 000,026,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iscomlog.dll
[2010/02/16 00:35:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\jupiw.dll
[2010/02/16 00:35:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iwrps.dll
[2010/02/16 00:35:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\isapips.dll
[2010/02/16 00:35:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kbd101.dll
[2010/02/16 00:35:14 | 000,257,024 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\infocomm.dll
[2010/02/16 00:35:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iprip.dll
[2010/02/16 00:35:14 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\infoctrs.dll
[2010/02/16 00:35:13 | 000,471,102 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imskdic.dll
[2010/02/16 00:35:13 | 000,315,452 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imskf.dll
[2010/02/16 00:35:13 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetin51.exe
[2010/02/16 00:35:12 | 000,274,489 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/02/16 00:35:12 | 000,262,200 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjputy.exe
[2010/02/16 00:35:12 | 000,233,527 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjprw.exe
[2010/02/16 00:35:12 | 000,102,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imlang.dll
[2010/02/16 00:35:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/02/16 00:35:12 | 000,045,109 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/02/16 00:35:11 | 000,307,257 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/02/16 00:35:11 | 000,208,952 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/02/16 00:35:11 | 000,155,705 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/02/16 00:35:10 | 000,716,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/02/16 00:35:10 | 000,368,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/02/16 00:35:10 | 000,081,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/02/16 00:35:10 | 000,057,398 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/02/16 00:35:09 | 000,811,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/02/16 00:35:09 | 000,340,023 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imjp81.ime
[2010/02/16 00:35:09 | 000,311,359 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/02/16 00:35:09 | 000,102,463 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/02/16 00:35:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/02/16 00:35:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/02/16 00:35:08 | 000,106,496 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/02/16 00:35:08 | 000,094,720 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\imekr61.ime
[2010/02/16 00:35:08 | 000,079,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iislog51.dll
[2010/02/16 00:35:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iissync.exe
[2010/02/16 00:35:08 | 000,003,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iismui.dll
[2010/02/16 00:35:07 | 000,145,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iische51.dll
[2010/02/16 00:35:07 | 000,060,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisclex4.dll
[2010/02/16 00:35:07 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisadmin.dll
[2010/02/16 00:35:07 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010/02/16 00:35:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010/02/16 00:35:01 | 010,129,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/02/16 00:34:47 | 010,096,640 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/02/16 00:34:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\httpod51.dll
[2010/02/16 00:34:47 | 000,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\httpmb51.dll
[2010/02/16 00:34:46 | 000,268,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\httpext.dll
[2010/02/16 00:34:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hostmib.dll
[2010/02/16 00:34:45 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/02/16 00:34:45 | 000,032,256 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\gzip.dll
[2010/02/16 00:34:44 | 000,400,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010/02/16 00:34:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxstiff.dll
[2010/02/16 00:34:44 | 000,246,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxst30.dll
[2010/02/16 00:34:44 | 000,192,512 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010/02/16 00:34:44 | 000,154,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsui.dll
[2010/02/16 00:34:43 | 000,562,176 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsst.dll
[2010/02/16 00:34:43 | 000,267,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxssvc.exe
[2010/02/16 00:34:43 | 000,031,744 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/02/16 00:34:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsmon.dll
[2010/02/16 00:34:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxssend.exe
[2010/02/16 00:34:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsperf.dll
[2010/02/16 00:34:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsres.dll
[2010/02/16 00:34:42 | 000,285,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxscomex.dll
[2010/02/16 00:34:42 | 000,229,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxscover.exe
[2010/02/16 00:34:42 | 000,132,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/02/16 00:34:42 | 000,072,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxscom.dll
[2010/02/16 00:34:42 | 000,055,296 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsevent.dll
[2010/02/16 00:34:42 | 000,027,136 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010/02/16 00:34:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsext32.dll
[2010/02/16 00:34:41 | 000,452,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsapi.dll
[2010/02/16 00:34:41 | 000,143,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010/02/16 00:34:41 | 000,125,952 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010/02/16 00:34:41 | 000,111,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/02/16 00:34:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010/02/16 00:34:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpmib.dll
[2010/02/16 00:34:40 | 000,618,605 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4autl.dll
[2010/02/16 00:34:40 | 000,024,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010/02/16 00:34:40 | 000,020,541 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010/02/16 00:34:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/02/16 00:34:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\flattemp.exe
[2010/02/16 00:34:38 | 000,092,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\evntwin.exe
[2010/02/16 00:34:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/02/16 00:34:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\exstrace.dll
[2010/02/16 00:34:38 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010/02/16 00:34:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\evntagnt.dll
[2010/02/16 00:34:37 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/16 00:34:37 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/16 00:34:37 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- F:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/16 00:34:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\et4000.sys
[2010/02/16 00:34:37 | 000,024,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\evntcmd.exe
[2010/02/16 00:34:36 | 000,514,587 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\edb500.dll
[2010/02/16 00:34:34 | 000,078,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dayi.ime
[2010/02/16 00:34:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\davcdata.exe
[2010/02/16 00:34:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cprofile.exe
[2010/02/16 00:34:32 | 000,057,399 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cplexe.exe
[2010/02/16 00:34:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\convlog.exe
[2010/02/16 00:34:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\controt.dll
[2010/02/16 00:34:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\counters.dll
[2010/02/16 00:34:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\compfilt.dll
[2010/02/16 00:34:30 | 000,480,256 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/02/16 00:34:30 | 000,198,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintime.dll
[2010/02/16 00:34:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/02/16 00:34:29 | 000,838,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/02/16 00:34:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/02/16 00:34:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/02/16 00:34:28 | 001,677,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/02/16 00:34:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chgusr.exe
[2010/02/16 00:34:27 | 000,078,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chajei.ime
[2010/02/16 00:34:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chgport.exe
[2010/02/16 00:34:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chglogon.exe
[2010/02/16 00:34:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\change.exe
[2010/02/16 00:34:26 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- F:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/16 00:34:26 | 000,010,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/02/16 00:34:26 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/02/16 00:34:25 | 000,218,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\c_g18030.dll
[2010/02/16 00:34:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\browscap.dll
[2010/02/16 00:34:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\asptxn.dll
[2010/02/16 00:34:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\aspperf.dll
[2010/02/16 00:34:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\authfilt.dll
[2010/02/16 00:34:14 | 000,369,664 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\asp51.dll
[2010/02/16 00:34:14 | 000,331,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\aqueue.dll
[2010/02/16 00:34:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/02/16 00:34:13 | 000,108,544 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\appconf.dll
[2010/02/16 00:34:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0804.dll
[2010/02/16 00:34:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0412.dll
[2010/02/16 00:34:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0411.dll
[2010/02/16 00:34:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt040d.dll
[2010/02/16 00:34:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0404.dll
[2010/02/16 00:34:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\agt0401.dll
[2010/02/16 00:34:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/02/16 00:34:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\adrot.dll
[2010/02/16 00:34:11 | 000,029,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admexs.dll
[2010/02/16 00:34:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admxprox.dll
[2010/02/16 00:34:09 | 000,032,827 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tcptest.exe
[2010/02/16 00:34:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/02/16 00:34:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wamregps.dll
[2010/02/16 00:34:08 | 002,134,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/02/16 00:34:08 | 000,189,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/02/16 00:34:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\staxmem.dll
[2010/02/16 00:34:07 | 000,020,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shtml.dll
[2010/02/16 00:34:07 | 000,016,437 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shtml.exe
[2010/02/16 00:34:05 | 000,076,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\logui.ocx
[2010/02/16 00:34:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\isatq.dll
[2010/02/16 00:34:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/02/16 00:34:04 | 000,829,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/02/16 00:34:04 | 000,169,984 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisui.dll
[2010/02/16 00:34:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/02/16 00:34:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/02/16 00:34:04 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/02/16 00:34:03 | 000,068,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisext51.dll
[2010/02/16 00:34:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iismap.dll
[2010/02/16 00:34:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/02/16 00:34:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisreset.exe
[2010/02/16 00:34:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/02/16 00:34:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/02/16 00:34:02 | 000,208,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/02/16 00:34:02 | 000,020,538 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/02/16 00:34:01 | 000,876,653 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/02/16 00:34:01 | 000,598,071 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/02/16 00:34:01 | 000,188,494 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpcount.exe
[2010/02/16 00:34:01 | 000,109,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/02/16 00:34:01 | 000,020,541 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/02/16 00:34:01 | 000,014,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/02/16 00:34:00 | 000,147,513 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/02/16 00:34:00 | 000,102,509 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/02/16 00:34:00 | 000,082,035 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/02/16 00:34:00 | 000,049,212 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/02/16 00:34:00 | 000,049,210 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/02/16 00:34:00 | 000,041,020 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/02/16 00:34:00 | 000,032,826 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/02/16 00:33:59 | 000,188,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/02/16 00:33:59 | 000,184,435 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/02/16 00:33:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/02/16 00:33:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\coadmin.dll
[2010/02/16 00:33:58 | 000,275,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/02/16 00:33:58 | 000,094,720 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\certmap.ocx
[2010/02/16 00:33:58 | 000,020,540 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\author.dll
[2010/02/16 00:33:58 | 000,016,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\author.exe
[2010/02/16 00:33:57 | 000,290,816 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/02/16 00:33:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admwprox.dll
[2010/02/16 00:33:57 | 000,016,439 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admin.exe
[2010/02/16 00:33:55 | 000,020,540 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\admin.dll
[2010/02/16 00:33:54 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\xircom
[2010/02/16 00:33:54 | 000,000,000 | ---D | C] -- F:\Program Files\xerox
[2010/02/16 00:33:54 | 000,000,000 | ---D | C] -- F:\Program Files\microsoft frontpage
[2010/02/16 00:33:32 | 000,000,000 | --SD | M] -- F:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/16 00:33:32 | 000,000,000 | --SD | M] -- F:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/16 00:33:23 | 000,112,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mapi32.dll
[2010/02/16 00:32:40 | 000,000,000 | -HSD | C] -- F:\Documents and Settings\All Users\DRM
[2010/02/16 00:32:32 | 000,000,000 | --SD | C] -- F:\WINDOWS\Downloaded Program Files
[2010/02/16 00:32:32 | 000,000,000 | R--D | C] -- F:\WINDOWS\Offline Web Pages
[2010/02/16 00:32:24 | 000,000,000 | -H-D | C] -- F:\Program Files\WindowsUpdate
[2010/02/16 00:31:54 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\DirectX
[2010/02/16 00:31:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msoobe.exe
[2010/02/16 00:31:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\atrace.dll
[2010/02/16 00:31:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\atrace.dll
[2010/02/16 00:31:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\helphost.exe
[2010/02/16 00:31:16 | 000,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\notiflag.exe
[2010/02/16 00:31:16 | 000,021,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\brpinfo.dll
[2010/02/16 00:31:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hcappres.dll
[2010/02/16 00:31:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srdiag.exe
[2010/02/16 00:30:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\nmevtmsg.dll
[2010/02/16 00:30:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2010/02/16 00:30:58 | 000,039,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msinfo32.exe
[2010/02/16 00:30:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wb32.exe
[2010/02/16 00:30:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cb32.exe
[2010/02/16 00:30:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\acctres.dll
[2010/02/16 00:30:57 | 000,064,512 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\acctres.dll
[2010/02/16 00:30:56 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\Services
[2010/02/16 00:30:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\icfgnt5.dll
[2010/02/16 00:30:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icfgnt5.dll
[2010/02/16 00:30:51 | 000,000,000 | --SD | C] -- F:\WINDOWS\Tasks
[2010/02/16 00:30:50 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwtutor.exe
[2010/02/16 00:30:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwres.dll
[2010/02/16 00:30:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\trialoc.dll
[2010/02/16 00:30:50 | 000,023,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mssoapr.dll
[2010/02/16 00:30:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\isignup.exe
[2010/02/16 00:30:49 | 000,235,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mssoap1.dll
[2010/02/16 00:30:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wisc10.dll
[2010/02/16 00:30:49 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\MSSoap
[2010/02/16 00:30:48 | 000,093,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2010/02/16 00:30:43 | 000,725,566 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srchui.dll
[2010/02/16 00:30:43 | 000,058,434 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srchctls.dll
[2010/02/16 00:30:42 | 003,166,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msgr3en.dll
[2010/02/16 00:30:42 | 000,000,000 | ---D | C] -- F:\WINDOWS\srchasst
[2010/02/16 00:30:41 | 000,848,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\vgx.dll
[2010/02/16 00:30:41 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\Macromed
[2010/02/16 00:30:39 | 000,774,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\setup_wm.exe
[2010/02/16 00:30:39 | 000,098,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmpband.dll
[2010/02/16 00:30:38 | 000,786,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\migrate.exe
[2010/02/16 00:30:38 | 000,368,640 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mpvis.dll
[2010/02/16 00:30:38 | 000,221,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmpns.dll
[2010/02/16 00:30:38 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\custsat.dll
[2010/02/16 00:30:37 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- F:\WINDOWS\System32\dllcache\npdsplay.dll
[2010/02/16 00:30:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\npdrmv2.dll
[2010/02/16 00:30:37 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmplayer.exe
[2010/02/16 00:30:37 | 000,010,240 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2010/02/16 00:30:35 | 001,134,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuaueng.dll
[2010/02/16 00:30:35 | 000,183,296 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wuaueng1.dll
[2010/02/16 00:30:35 | 000,183,296 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuaueng1.dll
[2010/02/16 00:30:35 | 000,120,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuweb.dll
[2010/02/16 00:30:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wucltui.dll
[2010/02/16 00:30:35 | 000,112,640 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wucltui.dll
[2010/02/16 00:30:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuauserv.dll
[2010/02/16 00:30:34 | 000,430,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wuapi.dll
[2010/02/16 00:30:34 | 000,430,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuapi.dll
[2010/02/16 00:30:34 | 000,165,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wuauclt1.exe
[2010/02/16 00:30:34 | 000,165,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuauclt1.exe
[2010/02/16 00:30:34 | 000,162,304 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2010/02/16 00:30:34 | 000,111,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wuauclt.exe
[2010/02/16 00:30:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\wups.dll
[2010/02/16 00:30:34 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wups.dll
[2010/02/16 00:30:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bitsprx2.dll
[2010/02/16 00:30:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\bitsprx2.dll
[2010/02/16 00:30:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bitsprx3.dll
[2010/02/16 00:30:34 | 000,007,168 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\bitsprx3.dll
[2010/02/16 00:30:33 | 000,382,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\qmgr.dll
[2010/02/16 00:30:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\qmgrprxy.dll
[2010/02/16 00:30:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2010/02/16 00:30:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2res2.dll
[2010/02/16 00:30:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2eres.dll
[2010/02/16 00:30:29 | 004,256,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2res.dll
[2010/02/16 00:30:29 | 000,502,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2010/02/16 00:30:29 | 000,402,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2filt.dll
[2010/02/16 00:30:29 | 000,325,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2010/02/16 00:30:29 | 000,167,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2ae.dll
[2010/02/16 00:30:29 | 000,007,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmm2ext.dll
[2010/02/16 00:30:27 | 003,555,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/16 00:30:27 | 000,000,000 | ---D | C] -- F:\Program Files\Movie Maker
[2010/02/16 00:30:24 | 000,561,664 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msobmain.dll
[2010/02/16 00:30:24 | 000,122,368 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msobcomm.dll
[2010/02/16 00:30:24 | 000,030,720 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msobshel.dll
[2010/02/16 00:30:24 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msobweb.dll
[2010/02/16 00:30:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msobdl.dll
[2010/02/16 00:30:23 | 000,051,200 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oobebaln.exe
[2010/02/16 00:30:20 | 000,150,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\uploadm.exe
[2010/02/16 00:30:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\safrslv.dll
[2010/02/16 00:30:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\safrslv.dll
[2010/02/16 00:30:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\safrcdlg.dll
[2010/02/16 00:30:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\safrcdlg.dll
[2010/02/16 00:30:20 | 000,029,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\safrdm.dll
[2010/02/16 00:30:20 | 000,029,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\safrdm.dll
[2010/02/16 00:30:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\racpldlg.dll
[2010/02/16 00:30:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\racpldlg.dll
[2010/02/16 00:30:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pchshell.dll
[2010/02/16 00:30:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pchsvc.dll
[2010/02/16 00:30:16 | 000,158,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msconfig.exe
[2010/02/16 00:30:15 | 000,768,512 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\helpctr.exe
[2010/02/16 00:30:15 | 000,743,936 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/02/16 00:30:15 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hscupd.exe
[2010/02/16 00:30:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\fltMc.exe
[2010/02/16 00:30:14 | 000,022,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fltmc.exe
[2010/02/16 00:30:14 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fltlib.dll
[2010/02/16 00:30:13 | 000,380,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rstrui.exe
[2010/02/16 00:30:13 | 000,124,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fltmgr.sys
[2010/02/16 00:30:12 | 000,239,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\srrstr.dll
[2010/02/16 00:30:12 | 000,239,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srrstr.dll
[2010/02/16 00:30:12 | 000,170,496 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srsvc.dll
[2010/02/16 00:30:12 | 000,073,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sr.sys
[2010/02/16 00:30:12 | 000,067,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\srclient.dll
[2010/02/16 00:30:12 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\Restore
[2010/02/16 00:30:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\ils.dll
[2010/02/16 00:30:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ils.dll
[2010/02/16 00:30:11 | 000,032,768 | ---- | C] (Intel Corporation) -- F:\WINDOWS\System32\isrdbg32.dll
[2010/02/16 00:30:11 | 000,032,768 | ---- | C] (Intel Corporation) -- F:\WINDOWS\System32\dllcache\isrdbg32.dll
[2010/02/16 00:30:10 | 000,034,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mnmdd.dll
[2010/02/16 00:30:10 | 000,034,560 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mnmdd.dll
[2010/02/16 00:30:10 | 000,032,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2010/02/16 00:30:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\nmmkcert.dll
[2010/02/16 00:30:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmmkcert.dll
[2010/02/16 00:30:09 | 000,229,376 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmas.dll
[2010/02/16 00:30:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msconf.dll
[2010/02/16 00:30:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msconf.dll
[2010/02/16 00:30:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dcap32.dll
[2010/02/16 00:30:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmasnt.dll
[2010/02/16 00:30:08 | 000,385,024 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\callcont.dll
[2010/02/16 00:30:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rrcm.dll
[2010/02/16 00:30:07 | 000,221,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nac.dll
[2010/02/16 00:30:07 | 000,077,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmcom.dll
[2010/02/16 00:30:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\h323cc.dll
[2010/02/16 00:30:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\confmrsl.dll
[2010/02/16 00:30:06 | 000,274,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mst120.dll
[2010/02/16 00:30:06 | 000,188,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmwb.dll
[2010/02/16 00:30:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmchat.dll
[2010/02/16 00:30:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mst123.dll
[2010/02/16 00:30:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmoldwb.dll
[2010/02/16 00:30:05 | 000,151,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\nmft.dll
[2010/02/16 00:30:04 | 001,032,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\conf.exe
[2010/02/16 00:30:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msoeacct.dll
[2010/02/16 00:30:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msoeacct.dll
[2010/02/16 00:30:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msoert2.dll
[2010/02/16 00:30:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msoert2.dll
[2010/02/16 00:30:04 | 000,000,000 | ---D | C] -- F:\Program Files\NetMeeting
[2010/02/16 00:30:03 | 000,504,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wab32.dll
[2010/02/16 00:30:03 | 000,249,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wab32res.dll
[2010/02/16 00:30:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wabimp.dll
[2010/02/16 00:30:03 | 000,046,080 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wab.exe
[2010/02/16 00:30:03 | 000,032,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wabfind.dll
[2010/02/16 00:30:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wabmig.exe
[2010/02/16 00:30:02 | 000,678,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/02/16 00:30:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\directdb.dll
[2010/02/16 00:30:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\inetres.dll
[2010/02/16 00:30:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetres.dll
[2010/02/16 00:30:01 | 000,104,448 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oeimport.dll
[2010/02/16 00:30:01 | 000,060,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msimn.exe
[2010/02/16 00:29:59 | 002,479,616 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msoeres.dll
[2010/02/16 00:29:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\setup50.exe
[2010/02/16 00:29:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oemig50.exe
[2010/02/16 00:29:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oemiglib.dll
[2010/02/16 00:29:58 | 000,274,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mstask.dll
[2010/02/16 00:29:58 | 000,190,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\schedsvc.dll
[2010/02/16 00:29:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mstinit.exe
[2010/02/16 00:29:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mstinit.exe
[2010/02/16 00:29:58 | 000,000,000 | ---D | C] -- F:\Program Files\Outlook Express
[2010/02/16 00:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\isign32.dll
[2010/02/16 00:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\isign32.dll
[2010/02/16 00:29:57 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\icwdial.dll
[2010/02/16 00:29:57 | 000,073,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwdial.dll
[2010/02/16 00:29:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\icwphbk.dll
[2010/02/16 00:29:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwphbk.dll
[2010/02/16 00:29:56 | 000,274,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\inetcfg.dll
[2010/02/16 00:29:56 | 000,274,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetcfg.dll
[2010/02/16 00:29:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwdl.dll
[2010/02/16 00:29:54 | 000,172,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwhelp.dll
[2010/02/16 00:29:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwconn.dll
[2010/02/16 00:29:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwutil.dll
[2010/02/16 00:29:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwrmind.exe
[2010/02/16 00:29:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\inetwiz.exe
[2010/02/16 00:29:53 | 000,214,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwconn1.exe
[2010/02/16 00:29:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icwconn2.exe
[2010/02/16 00:29:52 | 000,561,179 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dao360.dll
[2010/02/16 00:29:52 | 000,217,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2010/02/16 00:29:51 | 000,487,424 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oledb32.dll
[2010/02/16 00:29:51 | 000,204,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaps.dll
[2010/02/16 00:29:51 | 000,094,208 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdatl3.dll
[2010/02/16 00:29:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaosp.dll
[2010/02/16 00:29:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\oledb32r.dll
[2010/02/16 00:29:50 | 000,315,392 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdasql.dll
[2010/02/16 00:29:50 | 000,233,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaora.dll
[2010/02/16 00:29:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msxactps.dll
[2010/02/16 00:29:50 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdatt.dll
[2010/02/16 00:29:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdasqlr.dll
[2010/02/16 00:29:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaorar.dll
[2010/02/16 00:29:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaurl.dll
[2010/02/16 00:29:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdasc.dll
[2010/02/16 00:29:49 | 000,200,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadox.dll
[2010/02/16 00:29:49 | 000,180,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadomd.dll
[2010/02/16 00:29:49 | 000,102,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msjro.dll
[2010/02/16 00:29:49 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado27.tlb
[2010/02/16 00:29:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadrh15.dll
[2010/02/16 00:29:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msador15.dll
[2010/02/16 00:29:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaer.dll
[2010/02/16 00:29:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaenum.dll
[2010/02/16 00:29:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdadc.dll
[2010/02/16 00:29:48 | 000,536,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado15.dll
[2010/02/16 00:29:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado26.tlb
[2010/02/16 00:29:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado25.tlb
[2010/02/16 00:29:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado21.tlb
[2010/02/16 00:29:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msado20.tlb
[2010/02/16 00:29:48 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msader15.dll
[2010/02/16 00:29:47 | 000,200,704 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaprst.dll
[2010/02/16 00:29:47 | 000,155,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadds.dll
[2010/02/16 00:29:47 | 000,118,784 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdarem.dll
[2010/02/16 00:29:47 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdfmap.dll
[2010/02/16 00:29:47 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msaddsr.dll
[2010/02/16 00:29:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaremr.dll
[2010/02/16 00:29:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdaprsr.dll
[2010/02/16 00:29:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadce.dll
[2010/02/16 00:29:46 | 000,143,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadco.dll
[2010/02/16 00:29:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadcf.dll
[2010/02/16 00:29:46 | 000,053,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadcs.dll
[2010/02/16 00:29:46 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadcer.dll
[2010/02/16 00:29:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadcor.dll
[2010/02/16 00:29:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msadcfr.dll
[2010/02/16 00:29:45 | 000,000,000 | ---D | C] -- F:\Program Files\Common Files\System
[2010/02/16 00:29:44 | 000,093,184 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iexplore.exe
[2010/02/16 00:29:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hmmapi.dll
[2010/02/16 00:29:44 | 000,018,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\iedw.exe
[2010/02/16 00:29:43 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/16 00:29:43 | 000,000,000 | ---D | C] -- F:\Program Files\Internet Explorer
[2010/02/16 00:29:18 | 000,000,000 | ---D | C] -- F:\Program Files\ComPlus Applications
[2010/02/16 00:29:12 | 000,000,000 | ---D | C] -- F:\WINDOWS\Registration
[2010/02/16 00:29:06 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents\My Music
[2010/02/16 00:29:06 | 000,000,000 | ---D | C] -- F:\Program Files\Windows Media Player
[2010/02/16 00:29:06 | 000,000,000 | ---D | C] -- F:\Program Files\Online Services
[2010/02/16 00:29:01 | 000,000,000 | ---D | C] -- F:\Program Files\Messenger
[2010/02/16 00:29:00 | 001,817,687 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bckgres.dll
[2010/02/16 00:29:00 | 000,082,501 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bckg.dll
[2010/02/16 00:29:00 | 000,042,577 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\bckgzm.exe
[2010/02/16 00:28:59 | 000,780,885 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chkrres.dll
[2010/02/16 00:28:59 | 000,753,236 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rvseres.dll
[2010/02/16 00:28:59 | 000,048,706 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rvse.dll
[2010/02/16 00:28:59 | 000,042,575 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chkrzm.exe
[2010/02/16 00:28:59 | 000,042,574 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rvsezm.exe
[2010/02/16 00:28:59 | 000,042,573 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shvlzm.exe
[2010/02/16 00:28:59 | 000,040,515 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\chkr.dll
[2010/02/16 00:28:58 | 002,178,131 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shvlres.dll
[2010/02/16 00:28:58 | 001,175,635 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hrtzres.dll
[2010/02/16 00:28:58 | 000,066,113 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shvl.dll
[2010/02/16 00:28:58 | 000,057,409 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hrtz.dll
[2010/02/16 00:28:58 | 000,042,573 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\hrtzzm.exe
[2010/02/16 00:28:58 | 000,032,339 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\uniansi.dll
[2010/02/16 00:28:58 | 000,004,677 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\zeeverm.dll
[2010/02/16 00:28:57 | 001,039,955 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cmnresm.dll
[2010/02/16 00:28:57 | 000,113,222 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\zoneclim.dll
[2010/02/16 00:28:57 | 000,041,029 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\zcorem.dll
[2010/02/16 00:28:57 | 000,013,894 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\zonelibm.dll
[2010/02/16 00:28:56 | 000,217,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cmnclim.dll
[2010/02/16 00:28:56 | 000,036,937 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\zclientm.exe
[2010/02/16 00:28:56 | 000,029,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\znetm.dll
[2010/02/16 00:28:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\write.exe
[2010/02/16 00:28:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\write.exe
[2010/02/16 00:28:56 | 000,000,000 | ---D | C] -- F:\Program Files\MSN Gaming Zone
[2010/02/16 00:28:41 | 000,138,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\sndvol32.exe
[2010/02/16 00:28:41 | 000,138,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sndvol32.exe
[2010/02/16 00:28:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\avtapi.dll
[2010/02/16 00:28:40 | 000,227,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\avtapi.dll
[2010/02/16 00:28:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\avwav.dll
[2010/02/16 00:28:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\avwav.dll
[2010/02/16 00:28:40 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- F:\WINDOWS\System32\hticons.dll
[2010/02/16 00:28:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\avmeter.dll
[2010/02/16 00:28:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\avmeter.dll
[2010/02/16 00:28:40 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- F:\WINDOWS\System32\dllcache\htrn_jis.dll
[2010/02/16 00:28:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\winchat.exe
[2010/02/16 00:28:39 | 000,035,328 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winchat.exe
[2010/02/16 00:28:29 | 000,605,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\getuname.dll
[2010/02/16 00:28:29 | 000,605,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\getuname.dll
[2010/02/16 00:28:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\calc.exe
[2010/02/16 00:28:28 | 000,114,688 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\calc.exe
[2010/02/16 00:28:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\charmap.exe
[2010/02/16 00:28:28 | 000,080,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\charmap.exe
[2010/02/16 00:28:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\sol.exe
[2010/02/16 00:28:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sol.exe
[2010/02/16 00:28:27 | 000,126,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mshearts.exe
[2010/02/16 00:28:27 | 000,126,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mshearts.exe
[2010/02/16 00:28:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\winmine.exe
[2010/02/16 00:28:27 | 000,119,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winmine.exe
[2010/02/16 00:28:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\freecell.exe
[2010/02/16 00:28:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\freecell.exe
[2010/02/16 00:28:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tsshutdn.exe
[2010/02/16 00:28:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsshutdn.exe
[2010/02/16 00:28:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tskill.exe
[2010/02/16 00:28:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tskill.exe
[2010/02/16 00:28:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rwinsta.exe
[2010/02/16 00:28:26 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rwinsta.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tsdiscon.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tsdiscon.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tscon.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tscon.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\shadow.exe
[2010/02/16 00:28:26 | 000,014,848 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\shadow.exe
[2010/02/16 00:28:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\reset.exe
[2010/02/16 00:28:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\reset.exe
[2010/02/16 00:28:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\regini.exe
[2010/02/16 00:28:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\regini.exe
[2010/02/16 00:28:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\qwinsta.exe
[2010/02/16 00:28:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\qwinsta.exe
[2010/02/16 00:28:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msg.exe
[2010/02/16 00:28:25 | 000,020,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msg.exe
[2010/02/16 00:28:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\qappsrv.exe
[2010/02/16 00:28:25 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\qappsrv.exe
[2010/02/16 00:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cdmodem.dll
[2010/02/16 00:28:25 | 000,015,872 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\cdmodem.dll
[2010/02/16 00:28:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\logoff.exe
[2010/02/16 00:28:25 | 000,015,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\logoff.exe
[2010/02/16 00:28:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdpcfgex.dll
[2010/02/16 00:28:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2010/02/16 00:28:24 | 000,019,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2010/02/16 00:28:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comrereg.exe
[2010/02/16 00:28:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comrepl.dll
[2010/02/16 00:28:23 | 000,082,432 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\comrepl.dll
[2010/02/16 00:28:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comaddin.dll
[2010/02/16 00:28:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\comaddin.dll
[2010/02/16 00:28:23 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mtxlegih.dll
[2010/02/16 00:28:23 | 000,025,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxlegih.dll
[2010/02/16 00:28:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mtxdm.dll
[2010/02/16 00:28:23 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxdm.dll
[2010/02/16 00:28:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2010/02/16 00:28:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dcomcnfg.exe
[2010/02/16 00:28:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mtxex.dll
[2010/02/16 00:28:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxex.dll
[2010/02/16 00:28:22 | 000,147,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comsnap.dll
[2010/02/16 00:28:22 | 000,147,456 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\comsnap.dll
[2010/02/16 00:28:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\stclient.dll
[2010/02/16 00:28:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\stclient.dll
[2010/02/16 00:28:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmi2xml.dll
[2010/02/16 00:28:17 | 000,075,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipicmp.dll
[2010/02/16 00:28:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmimsg.dll
[2010/02/16 00:28:17 | 000,052,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmitimep.dll
[2010/02/16 00:28:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winmgmtr.dll
[2010/02/16 00:28:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\winmgmt.exe
[2010/02/16 00:28:16 | 000,116,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\updprov.dll
[2010/02/16 00:28:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tmplprov.dll
[2010/02/16 00:28:16 | 000,059,904 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2010/02/16 00:28:16 | 000,059,904 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\trnsprov.dll
[2010/02/16 00:28:16 | 000,040,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\smtpcons.dll
[2010/02/16 00:28:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemads.tlb
[2010/02/16 00:28:16 | 000,016,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\unsecapp.exe
[2010/02/16 00:28:16 | 000,012,288 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemads.dll
[2010/02/16 00:28:15 | 000,273,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msiprov.dll
[2010/02/16 00:28:15 | 000,120,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dsprov.dll
[2010/02/16 00:28:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fwdprov.dll
[2010/02/16 00:27:56 | 000,000,000 | ---D | C] -- F:\Program Files\MSN
[2010/02/16 00:27:54 | 000,281,088 | ---- | C] (Cinematronics) -- F:\WINDOWS\System32\dllcache\pinball.exe
[2010/02/16 00:27:54 | 000,183,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\accwiz.exe
[2010/02/16 00:27:54 | 000,183,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\accwiz.exe
[2010/02/16 00:27:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\sndrec32.exe
[2010/02/16 00:27:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sndrec32.exe
[2010/02/16 00:27:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\access.cpl
[2010/02/16 00:27:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\access.cpl
[2010/02/16 00:27:53 | 000,345,088 | ---- | C] (Hilgraeve, Inc.) -- F:\WINDOWS\System32\hypertrm.dll
[2010/02/16 00:27:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mplay32.exe
[2010/02/16 00:27:53 | 000,123,392 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mplay32.exe
[2010/02/16 00:27:52 | 000,539,136 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\dialer.exe
[2010/02/16 00:27:52 | 000,343,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mspaint.exe
[2010/02/16 00:27:52 | 000,343,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mspaint.exe
[2010/02/16 00:27:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\clipbrd.exe
[2010/02/16 00:27:52 | 000,102,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\clipbrd.exe
[2010/02/16 00:27:52 | 000,000,000 | ---D | C] -- F:\Program Files\Windows NT
[2010/02/16 00:27:51 | 000,538,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\spider.exe
[2010/02/16 00:27:51 | 000,538,624 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\spider.exe
[2010/02/16 00:27:50 | 000,655,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mstscax.dll
[2010/02/16 00:27:50 | 000,139,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdpwd.sys
[2010/02/16 00:27:50 | 000,093,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tscfgwmi.dll
[2010/02/16 00:27:50 | 000,093,696 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2010/02/16 00:27:50 | 000,021,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdtcp.sys
[2010/02/16 00:27:50 | 000,012,040 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tdpipe.sys
[2010/02/16 00:27:49 | 000,407,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mstsc.exe
[2010/02/16 00:27:49 | 000,407,552 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mstsc.exe
[2010/02/16 00:27:49 | 000,140,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\sessmgr.exe
[2010/02/16 00:27:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdshost.exe
[2010/02/16 00:27:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdshost.exe
[2010/02/16 00:27:49 | 000,060,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\remotepg.dll
[2010/02/16 00:27:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdsaddin.exe
[2010/02/16 00:27:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdsaddin.exe
[2010/02/16 00:27:48 | 000,295,424 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\termsrv.dll
[2010/02/16 00:27:48 | 000,147,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdchost.dll
[2010/02/16 00:27:48 | 000,147,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdchost.dll
[2010/02/16 00:27:48 | 000,087,176 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdpwsx.dll
[2010/02/16 00:27:48 | 000,087,176 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdpwsx.dll
[2010/02/16 00:27:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\tscupgrd.exe
[2010/02/16 00:27:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\tscupgrd.exe
[2010/02/16 00:27:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdpsnd.dll
[2010/02/16 00:27:48 | 000,019,968 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdpsnd.dll
[2010/02/16 00:27:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\rdpclip.exe
[2010/02/16 00:27:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rdpclip.exe
[2010/02/16 00:27:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cfgbkend.dll
[2010/02/16 00:27:47 | 000,038,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\cfgbkend.dll
[2010/02/16 00:27:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\qprocess.exe
[2010/02/16 00:27:47 | 000,020,480 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\qprocess.exe
[2010/02/16 00:27:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\icaapi.dll
[2010/02/16 00:27:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\icaapi.dll
[2010/02/16 00:27:46 | 000,425,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msdtcprx.dll
[2010/02/16 00:27:46 | 000,425,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtcprx.dll
[2010/02/16 00:27:46 | 000,161,280 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msdtcuiu.dll
[2010/02/16 00:27:46 | 000,161,280 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2010/02/16 00:27:46 | 000,090,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mtxoci.dll
[2010/02/16 00:27:46 | 000,090,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mtxoci.dll
[2010/02/16 00:27:46 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\MsDtc
[2010/02/16 00:27:45 | 000,949,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msdtctm.dll
[2010/02/16 00:27:45 | 000,949,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtctm.dll
[2010/02/16 00:27:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\msdtclog.dll
[2010/02/16 00:27:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtclog.dll
[2010/02/16 00:27:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xolehlp.dll
[2010/02/16 00:27:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\xolehlp.dll
[2010/02/16 00:27:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\msdtc.exe
[2010/02/16 00:27:43 | 000,195,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comadmin.dll
[2010/02/16 00:27:43 | 000,110,080 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\clbcatex.dll
[2010/02/16 00:27:43 | 000,110,080 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\clbcatex.dll
[2010/02/16 00:27:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\catsrvps.dll
[2010/02/16 00:27:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\catsrvps.dll
[2010/02/16 00:27:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\colbact.dll
[2010/02/16 00:27:43 | 000,062,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\colbact.dll
[2010/02/16 00:27:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comrepl.exe
[2010/02/16 00:27:43 | 000,000,000 | ---D | C] -- F:\WINDOWS\System32\Com
[2010/02/16 00:27:42 | 000,628,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\catsrvut.dll
[2010/02/16 00:27:42 | 000,628,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\catsrvut.dll
[2010/02/16 00:27:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\catsrv.dll
[2010/02/16 00:27:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\catsrv.dll
[2010/02/16 00:27:41 | 001,251,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comsvcs.dll
[2010/02/16 00:27:41 | 001,251,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\comsvcs.dll
[2010/02/16 00:27:40 | 000,540,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\comuid.dll
[2010/02/16 00:27:40 | 000,540,160 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\comuid.dll
[2010/02/16 00:27:39 | 000,501,248 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\clbcatq.dll
[2010/02/16 00:27:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipcima.dll
[2010/02/16 00:27:36 | 000,144,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmisvc.dll
[2010/02/16 00:27:36 | 000,144,896 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiprov.dll
[2010/02/16 00:27:36 | 000,132,096 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipdskq.dll
[2010/02/16 00:27:36 | 000,095,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiutils.dll
[2010/02/16 00:27:36 | 000,062,976 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipjobj.dll
[2010/02/16 00:27:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipiprt.dll
[2010/02/16 00:27:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmipsess.dll
[2010/02/16 00:27:35 | 000,358,912 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmic.exe
[2010/02/16 00:27:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemupgd.dll
[2010/02/16 00:27:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiadap.exe
[2010/02/16 00:27:35 | 000,140,800 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmidcprv.dll
[2010/02/16 00:27:35 | 000,126,464 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2010/02/16 00:27:35 | 000,089,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2010/02/16 00:27:35 | 000,060,928 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmicookr.dll
[2010/02/16 00:27:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiapres.dll
[2010/02/16 00:27:34 | 000,530,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemcore.dll
[2010/02/16 00:27:34 | 000,273,920 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemess.dll
[2010/02/16 00:27:34 | 000,214,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemcomn.dll
[2010/02/16 00:27:34 | 000,196,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemcntl.dll
[2010/02/16 00:27:34 | 000,178,176 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemdisp.dll
[2010/02/16 00:27:34 | 000,116,224 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemtest.exe
[2010/02/16 00:27:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemcons.dll
[2010/02/16 00:27:34 | 000,043,520 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemsvc.dll
[2010/02/16 00:27:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wbemprox.dll
[2010/02/16 00:27:33 | 000,177,152 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\repdrvfs.dll
[2010/02/16 00:27:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\viewprov.dll
[2010/02/16 00:27:33 | 000,086,528 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\stdprov.dll
[2010/02/16 00:27:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\scrcons.exe
[2010/02/16 00:27:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\provthrd.dll
[2010/02/16 00:27:32 | 000,212,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntevt.dll
[2010/02/16 00:27:32 | 000,092,672 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\policman.dll
[2010/02/16 00:27:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mofd.dll
[2010/02/16 00:27:31 | 000,047,104 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ncprov.dll
[2010/02/16 00:27:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\krnlprov.dll
[2010/02/16 00:27:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mofcomp.exe
[2010/02/16 00:27:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\esscli.dll
[2010/02/16 00:27:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\framedyn.dll
[2010/02/16 00:27:28 | 001,352,192 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cimwin32.dll
[2010/02/16 00:27:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\licwmi.dll
[2010/02/16 00:27:28 | 000,058,880 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\licwmi.dll
[2010/02/16 00:27:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\servdeps.dll
[2010/02/16 00:27:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\servdeps.dll
[2010/02/16 00:27:28 | 000,017,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\mmfutil.dll
[2010/02/16 00:27:28 | 000,017,408 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\mmfutil.dll
[2010/02/16 00:27:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\cmprops.dll
[2010/02/16 00:27:27 | 000,185,344 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\cmprops.dll
[2010/02/16 00:27:24 | 000,000,000 | R--D | C] -- F:\Documents and Settings\All Users\Documents\My Videos
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/21 03:00:36 | 000,549,376 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Maja\Desktop\OTL.exe
[2010/02/21 02:59:00 | 000,000,886 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 02:13:00 | 000,000,974 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
[2010/02/21 01:08:50 | 002,883,584 | -H-- | M] () -- F:\Documents and Settings\Maja\NTUSER.DAT
[2010/02/20 21:25:38 | 000,000,882 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/20 21:25:37 | 000,187,171 | ---- | M] () -- F:\WINDOWS\System32\nvapps.xml
[2010/02/20 21:25:30 | 000,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2010/02/20 21:25:22 | 000,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2010/02/20 20:05:02 | 000,000,966 | ---- | M] () -- F:\Documents and Settings\Maja\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/02/20 16:40:13 | 000,000,278 | -HS- | M] () -- F:\Documents and Settings\Maja\ntuser.ini
[2010/02/20 16:40:07 | 005,368,384 | -H-- | M] () -- F:\Documents and Settings\Maja\Local Settings\Application Data\IconCache.db
[2010/02/20 16:13:37 | 000,027,638 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\2.jpg
[2010/02/20 16:13:15 | 000,034,073 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\1.jpg
[2010/02/20 16:06:54 | 000,160,401 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\de_dust20023.jpg
[2010/02/20 16:06:40 | 000,186,467 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\de_dust20014.jpg
[2010/02/20 15:41:08 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaws.exe
[2010/02/20 15:41:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javaw.exe
[2010/02/20 15:41:08 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\java.exe
[2010/02/20 15:41:08 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\javacpl.cpl
[2010/02/20 15:41:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- F:\WINDOWS\System32\deploytk.dll
[2010/02/20 13:03:00 | 000,077,471 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\SLeasing-admin_zabrana.pdf
[2010/02/20 12:58:49 | 000,038,912 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\adm_zabrana_potvrda.doc
[2010/02/19 18:37:42 | 000,000,552 | ---- | M] () -- F:\WINDOWS\win.ini
[2010/02/19 18:37:42 | 000,000,227 | ---- | M] () -- F:\WINDOWS\system.ini
[2010/02/19 18:32:00 | 000,263,024 | ---- | M] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/19 18:26:15 | 000,068,456 | ---- | M] () -- F:\Documents and Settings\Maja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/19 14:33:39 | 000,000,403 | RHS- | M] () -- F:\boot.ini
[2010/02/19 13:58:06 | 000,026,688 | ---- | M] (DiamondCS) -- F:\WINDOWS\System32\drivers\procguard.sys
[2010/02/17 11:43:28 | 000,001,580 | ---- | M] () -- F:\Documents and Settings\Maja\Desktop\CS 1.6 v42.lnk
[2010/02/17 11:41:22 | 000,001,369 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2010/02/17 10:13:03 | 000,000,922 | ---- | M] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
[2010/02/16 15:10:29 | 000,034,064 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\lhacm.acm
[2010/02/16 15:01:54 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- F:\WINDOWS\System32\rmoc3260.dll
[2010/02/16 15:01:47 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- F:\WINDOWS\System32\pndx5016.dll
[2010/02/16 15:01:47 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- F:\WINDOWS\System32\pndx5032.dll
[2010/02/16 15:01:23 | 000,278,528 | ---- | M] (Real Networks, Inc) -- F:\WINDOWS\System32\pncrt.dll
[2010/02/16 12:49:33 | 000,005,632 | ---- | M] () -- F:\Documents and Settings\Maja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 12:36:46 | 000,002,626 | ---- | M] () -- F:\WINDOWS\System32\CONFIG.NT
[2010/02/16 12:24:58 | 000,395,200 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2010/02/16 12:24:58 | 000,059,440 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2010/02/16 12:19:47 | 000,496,926 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/16 12:05:55 | 000,000,376 | ---- | M] () -- F:\WINDOWS\ODBC.INI
[2010/02/16 11:55:41 | 000,316,640 | ---- | M] () -- F:\WINDOWS\WMSysPr9.prx
[2010/02/16 11:55:36 | 000,010,368 | ---- | M] (Padus, Inc.) -- F:\WINDOWS\System32\drivers\pfc.sys
[2010/02/16 11:17:33 | 000,001,374 | ---- | M] () -- F:\WINDOWS\imsins.BAK
[2010/02/16 11:16:53 | 000,000,169 | ---- | M] () -- F:\WINDOWS\RtlRack.ini
[2010/02/16 10:32:21 | 000,000,332 | -H-- | M] () -- F:\Boot.bak
[2010/02/16 00:39:15 | 000,002,206 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2010/02/16 00:38:00 | 000,008,192 | ---- | M] () -- F:\WINDOWS\REGLOCS.OLD
[2010/02/16 00:36:13 | 000,000,560 | ---- | M] () -- F:\WINDOWS\System32\$winnt$.inf
[2010/02/16 00:33:35 | 000,000,000 | ---- | M] () -- F:\WINDOWS\control.ini
[2010/02/16 00:33:32 | 000,023,392 | ---- | M] () -- F:\WINDOWS\System32\nscompat.tlb
[2010/02/16 00:33:32 | 000,016,832 | ---- | M] () -- F:\WINDOWS\System32\amcompat.tlb
[2010/02/16 00:33:23 | 000,004,161 | ---- | M] () -- F:\WINDOWS\ODBCINST.INI
[2010/02/16 00:32:32 | 000,000,488 | RH-- | M] () -- F:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/16 00:32:32 | 000,000,488 | RH-- | M] () -- F:\WINDOWS\System32\logonui.exe.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\WindowsShell.Manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | M] () -- F:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/16 00:29:27 | 000,021,640 | ---- | M] () -- F:\WINDOWS\System32\emptyregdb.dat
[2010/02/16 00:29:16 | 000,000,037 | ---- | M] () -- F:\WINDOWS\vbaddin.ini
[2010/02/16 00:29:16 | 000,000,036 | ---- | M] () -- F:\WINDOWS\vb.ini
[3 F:\WINDOWS\*.tmp files -> F:\WINDOWS\*.tmp -> ]
[1 F:\WINDOWS\System32\*.tmp files -> F:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 20:05:02 | 000,000,966 | ---- | C] () -- F:\Documents and Settings\Maja\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/02/20 16:13:37 | 000,027,638 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\2.jpg
[2010/02/20 16:13:15 | 000,034,073 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\1.jpg
[2010/02/20 15:36:25 | 000,186,467 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\de_dust20014.jpg
[2010/02/20 15:35:44 | 000,160,401 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\de_dust20023.jpg
[2010/02/20 13:02:58 | 000,077,471 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\SLeasing-admin_zabrana.pdf
[2010/02/20 12:58:48 | 000,038,912 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\adm_zabrana_potvrda.doc
[2010/02/19 14:33:38 | 000,000,332 | -H-- | C] () -- F:\Boot.bak
[2010/02/19 14:33:36 | 000,260,272 | -H-- | C] () -- F:\cmldr
[2010/02/19 14:32:11 | 000,261,632 | ---- | C] () -- F:\WINDOWS\PEV.exe
[2010/02/19 14:32:11 | 000,098,816 | ---- | C] () -- F:\WINDOWS\sed.exe
[2010/02/19 14:32:11 | 000,080,412 | ---- | C] () -- F:\WINDOWS\grep.exe
[2010/02/19 14:32:11 | 000,077,312 | ---- | C] () -- F:\WINDOWS\MBR.exe
[2010/02/19 14:32:11 | 000,068,096 | ---- | C] () -- F:\WINDOWS\zip.exe
[2010/02/17 11:43:28 | 000,001,580 | ---- | C] () -- F:\Documents and Settings\Maja\Desktop\CS 1.6 v42.lnk
[2010/02/17 11:41:22 | 000,001,369 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6.lnk
[2010/02/16 15:54:04 | 000,000,886 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/16 15:54:03 | 000,000,882 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/16 12:05:55 | 000,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2010/02/16 11:56:33 | 000,380,928 | ---- | C] () -- F:\WINDOWS\System32\actskin4.ocx
[2010/02/16 11:23:32 | 000,187,171 | ---- | C] () -- F:\WINDOWS\System32\nvapps.xml
[2010/02/16 11:23:32 | 000,018,070 | ---- | C] () -- F:\WINDOWS\System32\nvdisp.nvu
[2010/02/16 11:16:53 | 000,000,169 | ---- | C] () -- F:\WINDOWS\RtlRack.ini
[2010/02/16 11:15:22 | 000,049,152 | ---- | C] () -- F:\WINDOWS\System32\ChCfg.exe
[2010/02/16 11:14:50 | 000,000,164 | ---- | C] () -- F:\WINDOWS\avrack.ini
[2010/02/16 11:14:43 | 000,141,016 | ---- | C] () -- F:\WINDOWS\System32\alsndmgr.wav
[2010/02/16 11:14:42 | 000,143,360 | ---- | C] () -- F:\WINDOWS\System32\RtlCPAPI.dll
[2010/02/16 10:56:11 | 000,005,632 | ---- | C] () -- F:\Documents and Settings\Maja\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 10:08:04 | 000,000,974 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
[2010/02/16 10:08:03 | 000,000,922 | ---- | C] () -- F:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
[2010/02/16 09:00:38 | 000,250,032 | RHS- | C] () -- F:\ntldr
[2010/02/16 09:00:38 | 000,047,564 | RHS- | C] () -- F:\NTDETECT.COM
[2010/02/16 09:00:38 | 000,000,403 | RHS- | C] () -- F:\boot.ini
[2010/02/16 01:17:25 | 000,001,374 | ---- | C] () -- F:\WINDOWS\imsins.BAK
[2010/02/16 01:17:20 | 001,685,606 | ---- | C] () -- F:\WINDOWS\System32\dllcache\sam.spd
[2010/02/16 01:17:20 | 000,000,888 | ---- | C] () -- F:\WINDOWS\System32\dllcache\sam.sdf
[2010/02/16 01:17:19 | 000,643,717 | ---- | C] () -- F:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/02/16 01:17:19 | 000,605,050 | ---- | C] () -- F:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/02/16 01:17:17 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28603.nls
[2010/02/16 01:17:17 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_28603.nls
[2010/02/16 01:17:13 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_857.nls
[2010/02/16 01:17:13 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_857.nls
[2010/02/16 01:17:13 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28599.nls
[2010/02/16 01:17:13 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_28599.nls
[2010/02/16 01:17:13 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10081.nls
[2010/02/16 01:17:13 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10081.nls
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28595.nls
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\C_28595.NLS
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10017.nls
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10017.nls
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10007.nls
[2010/02/16 01:17:08 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10007.nls
[2010/02/16 01:17:04 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_869.nls
[2010/02/16 01:17:04 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_869.nls
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_875.nls
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_875.nls
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28597.nls
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\C_28597.NLS
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10006.nls
[2010/02/16 01:17:04 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10006.nls
[2010/02/16 01:17:03 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_737.nls
[2010/02/16 01:17:03 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_737.nls
[2010/02/16 01:17:01 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28594.nls
[2010/02/16 01:17:01 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\C_28594.NLS
[2010/02/16 01:17:00 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_866.nls
[2010/02/16 01:17:00 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_866.nls
[2010/02/16 01:17:00 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_855.nls
[2010/02/16 01:17:00 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_855.nls
[2010/02/16 01:16:55 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_852.nls
[2010/02/16 01:16:55 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\c_852.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10082.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10082.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10029.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10029.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10010.nls
[2010/02/16 01:16:55 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_10010.nls
[2010/02/16 01:16:53 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20127.nls
[2010/02/16 01:16:53 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\c_20127.nls
[2010/02/16 01:16:47 | 000,001,688 | ---- | C] () -- F:\WINDOWS\System32\AUTOEXEC.NT
[2010/02/16 01:15:23 | 000,141,702 | ---- | C] () -- F:\WINDOWS\System32\dllcache\netfx.cat
[2010/02/16 01:15:22 | 000,399,645 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/16 01:15:22 | 000,110,116 | ---- | C] () -- F:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/02/16 01:15:22 | 000,037,484 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/16 01:15:22 | 000,031,965 | ---- | C] () -- F:\WINDOWS\System32\dllcache\mediactr.cat
[2010/02/16 01:15:22 | 000,031,281 | ---- | C] () -- F:\WINDOWS\System32\dllcache\FP4.CAT
[2010/02/16 01:15:22 | 000,024,209 | ---- | C] () -- F:\WINDOWS\System32\dllcache\msn7.cat
[2010/02/16 01:15:22 | 000,013,753 | ---- | C] () -- F:\WINDOWS\System32\dllcache\IMS.CAT
[2010/02/16 01:15:22 | 000,013,472 | ---- | C] () -- F:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/16 01:15:22 | 000,011,651 | ---- | C] () -- F:\WINDOWS\System32\dllcache\msn9.cat
[2010/02/16 01:15:22 | 000,009,581 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/02/16 01:15:22 | 000,008,574 | ---- | C] () -- F:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/16 01:15:22 | 000,007,382 | ---- | C] () -- F:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/16 01:15:22 | 000,007,334 | ---- | C] () -- F:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/02/16 01:15:22 | 000,007,245 | ---- | C] () -- F:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/02/16 01:15:21 | 002,012,670 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5.CAT
[2010/02/16 01:15:21 | 001,042,903 | ---- | C] () -- F:\WINDOWS\System32\dllcache\SP2.CAT
[2010/02/16 01:15:21 | 000,797,189 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/16 01:15:21 | 000,502,724 | ---- | C] () -- F:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/02/16 01:14:16 | 000,263,024 | ---- | C] () -- F:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/16 01:13:23 | 000,000,560 | ---- | C] () -- F:\WINDOWS\System32\$winnt$.inf
[2010/02/16 00:39:18 | 000,000,278 | -HS- | C] () -- F:\Documents and Settings\Maja\ntuser.ini
[2010/02/16 00:39:16 | 002,883,584 | -H-- | C] () -- F:\Documents and Settings\Maja\NTUSER.DAT
[2010/02/16 00:38:00 | 000,008,192 | ---- | C] () -- F:\WINDOWS\REGLOCS.OLD
[2010/02/16 00:36:10 | 000,002,048 | --S- | C] () -- F:\WINDOWS\bootstat.dat
[2010/02/16 00:36:02 | 000,028,288 | ---- | C] () -- F:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/16 00:35:36 | 000,083,748 | ---- | C] () -- F:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/16 00:35:36 | 000,083,748 | ---- | C] () -- F:\WINDOWS\System32\dllcache\prc.nls
[2010/02/16 00:35:34 | 000,175,104 | ---- | C] () -- F:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/16 00:35:22 | 000,047,066 | ---- | C] () -- F:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/16 00:35:21 | 001,158,818 | ---- | C] () -- F:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/16 00:35:13 | 000,059,392 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/16 00:35:11 | 000,196,665 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/16 00:35:08 | 000,134,339 | ---- | C] () -- F:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/16 00:34:54 | 013,463,552 | ---- | C] () -- F:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/16 00:34:45 | 000,108,827 | ---- | C] () -- F:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/16 00:34:40 | 000,094,208 | ---- | C] () -- F:\WINDOWS\System32\dllcache\fpencode.dll
[2010/02/16 00:34:30 | 000,173,568 | ---- | C] () -- F:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/16 00:34:25 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/16 00:34:25 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/16 00:34:25 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/16 00:34:25 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/16 00:34:24 | 000,177,698 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/16 00:34:24 | 000,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/16 00:34:24 | 000,066,594 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/16 00:34:24 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/16 00:34:24 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/16 00:34:24 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/16 00:34:24 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/16 00:34:23 | 000,180,770 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/16 00:34:23 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/16 00:34:22 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/16 00:34:21 | 000,187,938 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/16 00:34:21 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/16 00:34:20 | 000,189,986 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/16 00:34:20 | 000,186,402 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/16 00:34:20 | 000,185,378 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/16 00:34:20 | 000,180,258 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/16 00:34:20 | 000,180,258 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/16 00:34:20 | 000,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/16 00:34:19 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/16 00:34:18 | 000,173,602 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/16 00:34:18 | 000,066,082 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/16 00:34:17 | 000,195,618 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/16 00:34:17 | 000,177,698 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/16 00:34:17 | 000,162,850 | ---- | C] () -- F:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/16 00:34:16 | 000,082,172 | ---- | C] () -- F:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/16 00:34:16 | 000,066,728 | ---- | C] () -- F:\WINDOWS\System32\dllcache\big5.nls
[2010/02/16 00:33:35 | 000,002,626 | ---- | C] () -- F:\WINDOWS\System32\CONFIG.NT
[2010/02/16 00:33:32 | 000,023,392 | ---- | C] () -- F:\WINDOWS\System32\nscompat.tlb
[2010/02/16 00:33:32 | 000,016,832 | ---- | C] () -- F:\WINDOWS\System32\amcompat.tlb
[2010/02/16 00:33:31 | 000,316,640 | ---- | C] () -- F:\WINDOWS\WMSysPr9.prx
[2010/02/16 00:32:32 | 000,000,488 | RH-- | C] () -- F:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/16 00:32:32 | 000,000,488 | RH-- | C] () -- F:\WINDOWS\System32\logonui.exe.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\WindowsShell.Manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/16 00:32:28 | 000,000,749 | RH-- | C] () -- F:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/16 00:32:10 | 004,399,505 | ---- | C] () -- F:\WINDOWS\System32\dllcache\nls302en.lex
[2010/02/16 00:31:12 | 000,048,680 | -HS- | C] () -- F:\WINDOWS\winnt256.bmp
[2010/02/16 00:31:12 | 000,048,680 | -HS- | C] () -- F:\WINDOWS\winnt.bmp
[2010/02/16 00:31:00 | 000,000,984 | ---- | C] () -- F:\WINDOWS\System32\dllcache\srframe.mmf
[2010/02/16 00:30:36 | 000,004,639 | ---- | C] () -- F:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/02/16 00:30:16 | 000,376,320 | ---- | C] () -- F:\WINDOWS\System32\dllcache\msinfo.dll
[2010/02/16 00:29:27 | 000,021,640 | ---- | C] () -- F:\WINDOWS\System32\emptyregdb.dat
[2010/02/16 00:28:31 | 000,065,954 | ---- | C] () -- F:\WINDOWS\Prairie Wind.bmp
[2010/02/16 00:28:31 | 000,065,832 | ---- | C] () -- F:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/16 00:28:31 | 000,026,680 | ---- | C] () -- F:\WINDOWS\River Sumida.bmp
[2010/02/16 00:28:31 | 000,026,582 | ---- | C] () -- F:\WINDOWS\Greenstone.bmp
[2010/02/16 00:28:31 | 000,017,362 | ---- | C] () -- F:\WINDOWS\Rhododendron.bmp
[2010/02/16 00:28:31 | 000,017,336 | ---- | C] () -- F:\WINDOWS\Gone Fishing.bmp
[2010/02/16 00:28:31 | 000,009,522 | ---- | C] () -- F:\WINDOWS\Zapotec.bmp
[2010/02/16 00:28:30 | 000,093,702 | ---- | C] () -- F:\WINDOWS\System32\subrange.uce
[2010/02/16 00:28:30 | 000,065,978 | ---- | C] () -- F:\WINDOWS\Soap Bubbles.bmp
[2010/02/16 00:28:30 | 000,017,062 | ---- | C] () -- F:\WINDOWS\Coffee Bean.bmp
[2010/02/16 00:28:30 | 000,016,730 | ---- | C] () -- F:\WINDOWS\FeatherTexture.bmp
[2010/02/16 00:28:30 | 000,001,272 | ---- | C] () -- F:\WINDOWS\Blue Lace 16.bmp
[2010/02/16 00:28:29 | 000,060,458 | ---- | C] () -- F:\WINDOWS\System32\ideograf.uce
[2010/02/16 00:28:29 | 000,024,006 | ---- | C] () -- F:\WINDOWS\System32\gb2312.uce
[2010/02/16 00:28:29 | 000,022,984 | ---- | C] () -- F:\WINDOWS\System32\bopomofo.uce
[2010/02/16 00:28:29 | 000,016,740 | ---- | C] () -- F:\WINDOWS\System32\shiftjis.uce
[2010/02/16 00:28:29 | 000,012,876 | ---- | C] () -- F:\WINDOWS\System32\korean.uce
[2010/02/16 00:28:29 | 000,008,484 | ---- | C] () -- F:\WINDOWS\System32\kanji_2.uce
[2010/02/16 00:28:29 | 000,006,948 | ---- | C] () -- F:\WINDOWS\System32\kanji_1.uce
[2010/02/16 00:28:26 | 000,003,286 | ---- | C] () -- F:\WINDOWS\System32\tslabels.h
[2010/02/16 00:28:26 | 000,001,161 | ---- | C] () -- F:\WINDOWS\System32\usrlogon.cmd
[2010/02/16 00:28:24 | 000,000,768 | ---- | C] () -- F:\WINDOWS\System32\msdtcprf.h
[2010/02/16 00:28:15 | 000,063,488 | ---- | C] () -- F:\WINDOWS\System32\wmimgmt.msc
[2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/16 14:01:00 | 001,486,848 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2008/05/16 14:01:00 | 000,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2004/08/03 23:56:44 | 000,164,975 | RHS- | C] () -- F:\WINDOWS\System32\yhsnocj.dll
[2004/08/03 23:56:44 | 000,081,920 | ---- | C] () -- F:\WINDOWS\System32\ieencode.dll
[2004/07/17 10:36:38 | 000,027,440 | ---- | C] () -- F:\WINDOWS\System32\drivers\secdrv.sys
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- F:\WINDOWS\System32\UNACEV2.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/03 23:56:44 | 000,164,975 | RHS- | M] () Unable to obtain MD5 -- F:\WINDOWS\system32\yhsnocj.dll
[1 F:\WINDOWS\system32\*.tmp files -> F:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\ERDNT\cache\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\system32\drivers\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- F:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- F:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- F:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- F:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- F:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- F:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> F:\Documents and Settings\All Users\Application Data\TEMP:2A81F9CE
< End of report >




#4 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 20 February 2010 - 09:27 PM

Extras.Txt

OTL Extras logfile created on: 2/21/2010 3:01:36 AM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = F:\Documents and Settings\Maja\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.84 Gb Total Space | 24.33 Gb Free Space | 76.41% Space Free | Partition Type: NTFS
Drive G: | 117.20 Gb Total Space | 36.01 Gb Free Space | 30.72% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTNIK-E9D27CB8
Current User Name: Maja
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- F:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1275210071-776561741-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "F:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "F:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- F:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "F:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1200:UDP" = 1200:UDP:*:Enabled:services friends
"3266:TCP" = 3266:TCP:*:Enabled:pwoutfm

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" = F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe" = F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"G:\BEOGRID\StrongDC++\StrongDC.exe" = G:\BEOGRID\StrongDC++\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"F:\Program Files\Valve\hl.exe" = F:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = F:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"F:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = F:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = F:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BSPlayer1" = BSPlayer
"Counter Strike 1.6 Patch v42" = Counter Strike 1.6 Patch v42
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HLSW_is1" = HLSW v1.1.6
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"RealPlayer 12.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"WIC" = Windows Imaging Component
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1275210071-776561741-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/20/2010 10:20:32 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 11:01:24 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\windows\system32\yhsnocj.dll failed, 00000005.

Error - 2/20/2010 11:01:26 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 11:01:36 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 11:41:14 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\windows\system32\yhsnocj.dll failed, 00000005.

Error - 2/20/2010 11:41:14 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 11:41:25 AM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 4:25:42 PM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\windows\system32\yhsnocj.dll failed, 00000005.

Error - 2/20/2010 4:25:43 PM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

Error - 2/20/2010 4:25:52 PM | Computer Name = PUTNIK-E9D27CB8 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
F:\WINDOWS\system32\03.tmp failed, 00000005.

[ Application Events ]
Error - 2/17/2010 5:29:57 AM | Computer Name = PUTNIK-E9D27CB8 | Source = MsiInstaller | ID = 11306
Description = Product: Counter-Strike™ -- Error 1306. Another application has
exclusive access to the file 'F:\Program Files\Valve\Steam\SteamApps\condition
zero models.gcf'. Please shut down all other applications, then click Retry.

Error - 2/17/2010 6:47:58 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application hl.exe, version 1.1.1.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 8:01:31 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 8:01:32 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 9:28:05 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 2/19/2010 12:28:35 PM | Computer Name = PUTNIK-E9D27CB8 | Source = MsiInstaller | ID = 11713
Description = Product: Microsoft Office Word MUI (English) 2007 -- Error 1713. Setup
cannot install one of the required products for Microsoft Office Word MUI (English)
2007.

Error - 2/19/2010 12:51:25 PM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application msiexec.exe, version 4.5.6001.22159, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 12:52:28 PM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/20/2010 1:42:04 PM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application skplayer.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/20/2010 1:42:07 PM | Computer Name = PUTNIK-E9D27CB8 | Source = Application Hang | ID = 1002
Description = Hanging application skplayer.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/20/2010 11:01:24 AM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/20/2010 11:01:35 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Service Control Manager | ID = 7023
Description = The Security Image service terminated with the following error: %%1114

Error - 2/20/2010 11:41:07 AM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/20/2010 11:41:13 AM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/20/2010 11:41:18 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Service Control Manager | ID = 7023
Description = The Security Image service terminated with the following error: %%1114

Error - 2/20/2010 11:41:41 AM | Computer Name = PUTNIK-E9D27CB8 | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate1caaf11db945d1e) service terminated
unexpectedly. It has done this 1 time(s).

Error - 2/20/2010 4:25:35 PM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/20/2010 4:25:45 PM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/20/2010 4:25:46 PM | Computer Name = PUTNIK-E9D27CB8 | Source = Service Control Manager | ID = 7023
Description = The Security Image service terminated with the following error: %%1114

Error - 2/20/2010 4:41:01 PM | Computer Name = PUTNIK-E9D27CB8 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

Thanks again smile.gif

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 21 February 2010 - 08:23 AM

Hi,

please run gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

As well as a new scan with ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If combofix prompts for updates, please accept.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 February 2010 - 11:04 AM

gmer.log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-23 16:40:42
Windows 5.1.2600 Service Pack 2
Running: j8cslbue.exe; Driver: F:\DOCUME~1\Maja\LOCALS~1\Temp\pwayrfob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB74D56B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB74D5574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB74D5A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB74D514C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB74D564E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB74D508C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB74D50F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB74D576E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB74D572E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB74D58AE]

---- Kernel code sections - GMER 1.0.15 ----

.text F:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9BDF360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text F:\WINDOWS\System32\svchost.exe[848] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 018DADCD
.text F:\WINDOWS\System32\svchost.exe[848] NETAPI32.dll!NetpwPathCanonicalize 5B86A259 5 Bytes JMP 018DAD64
.text F:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtQueryInformationProcess 7C90E01B 5 Bytes JMP 0080ADCD

---- User IAT/EAT - GMER 1.0.15 ----

IAT F:\WINDOWS\system32\services.exe[572] @ F:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002
IAT F:\WINDOWS\system32\services.exe[572] @ F:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


ComboFix log

ComboFix 10-02-22.07 - Maja 02/23/2010 16:51:04.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1180 [GMT 1:00]
Running from: g:\anna\Install\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100223-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\windows\system32\yhsnocj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RDBLMFHT
-------\Service_rdblmfht


((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-20 15:03 . 2010-02-20 15:03 -------- d-----w- f:\windows\Sun
2010-02-20 14:41 . 2010-02-20 14:41 503808 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcp71.dll
2010-02-20 14:41 . 2010-02-20 14:41 499712 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\jmc.dll
2010-02-20 14:41 . 2010-02-20 14:41 348160 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcr71.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Common Files\Java
2010-02-20 14:41 . 2010-02-20 14:41 61440 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-sse.dll
2010-02-20 14:41 . 2010-02-20 14:41 12800 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-d3d.dll
2010-02-20 14:41 . 2010-02-20 14:41 411368 ----a-w- f:\windows\system32\deploytk.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Java
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:30 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\program files\ParetoLogic
2010-02-19 17:04 . 2010-02-20 14:24 -------- d-----w- f:\program files\Common Files\Adobe
2010-02-19 16:57 . 2010-02-20 12:00 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Adobe
2010-02-19 16:53 . 2006-10-26 18:56 33104 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-19 16:53 . 2006-10-26 18:56 32592 ----a-w- f:\windows\system32\msonpmon.dll
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\Microsoft Works
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\MSBuild
2010-02-19 16:45 . 2010-02-19 16:45 -------- d-----w- f:\program files\Microsoft.NET
2010-02-19 16:42 . 2010-02-19 16:42 -------- d-----w- f:\program files\Microsoft Visual Studio 8
2010-02-19 16:40 . 2010-02-19 16:47 -------- d-----w- f:\windows\SHELLNEW
2010-02-19 16:40 . 2010-02-19 16:40 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Microsoft Help
2010-02-19 16:39 . 2010-02-19 16:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-19 16:38 . 2010-02-19 16:38 -------- d-----r- F:\MSOCache
2010-02-19 12:30 . 2010-02-19 12:44 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2010-02-19 12:26 . 2010-02-19 12:58 26688 ----a-w- f:\windows\system32\drivers\procguard.sys
2010-02-19 12:26 . 2008-07-25 12:11 44544 ----a-w- f:\windows\system32\procguard.dll
2010-02-18 23:08 . 2004-08-03 23:56 159232 ----a-w- f:\windows\system32\ptpusd.dll
2010-02-18 23:08 . 2001-08-17 21:36 5632 ----a-w- f:\windows\system32\ptpusb.dll
2010-02-18 23:07 . 2004-08-03 21:58 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2010-02-18 23:07 . 2004-08-03 21:58 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\ACD Systems
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ACD Systems
2010-02-17 11:58 . 2004-08-03 22:08 26496 -c--a-w- f:\windows\system32\dllcache\usbstor.sys
2010-02-17 09:34 . 2010-02-23 13:50 -------- d-----w- f:\program files\Valve
2010-02-16 21:28 . 2010-02-16 21:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Malwarebytes
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\Application Data\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\program files\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\temp
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-16 14:11 . 2010-02-16 14:11 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-16 14:10 . 2010-02-16 14:13 -------- d-----w- f:\program files\Google
2010-02-16 14:10 . 2010-02-16 14:10 -------- d-----w- f:\program files\Teamspeak2_RC2
2010-02-16 14:09 . 2010-02-16 14:09 -------- d-----w- f:\program files\HLSW
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\xing shared
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\Real
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Real
2010-02-16 13:57 . 2004-03-02 16:37 125184 ------w- f:\windows\system32\drivers\imagesrv.sys
2010-02-16 13:57 . 2004-03-02 16:37 5504 ------w- f:\windows\system32\drivers\imagedrv.sys
2010-02-16 13:57 . 2000-06-26 10:45 106496 ----a-w- f:\windows\system32\TwnLib20.dll
2010-02-16 13:57 . 2004-07-26 16:16 476320 ------w- f:\windows\system32\ImagXpr7.dll
2010-02-16 13:57 . 2004-07-26 16:16 471040 ------w- f:\windows\system32\ImagXRA7.dll
2010-02-16 13:57 . 2004-07-26 16:16 262144 ------w- f:\windows\system32\ImagXR7.dll
2010-02-16 13:57 . 2004-07-26 16:16 1568768 ------w- f:\windows\system32\ImagX7.dll
2010-02-16 13:57 . 2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Common Files\Ahead
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Ahead
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\program files\CyberLink
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple Computer
2010-02-16 13:52 . 2010-02-16 13:53 -------- d-----w- f:\documents and settings\Maja\Application Data\BSplayer Pro
2010-02-16 13:52 . 2010-02-16 13:52 -------- d-----w- f:\program files\Webteh
2010-02-16 12:38 . 2010-02-23 15:56 -------- d-----w- f:\documents and settings\Maja\Tracing
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Microsoft
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live SkyDrive
2010-02-16 12:37 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live
2010-02-16 12:32 . 2010-02-16 12:32 -------- d-----w- f:\program files\Common Files\Windows Live
2010-02-16 12:30 . 2010-02-16 18:52 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Screamer Radio
2010-02-16 12:29 . 2010-02-16 12:29 -------- d-----w- f:\program files\PhotoScape
2010-02-16 11:19 . 2006-10-14 15:43 27648 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-16 11:19 . 2006-06-29 12:07 14048 ------w- f:\windows\system32\spmsg2.dll
2010-02-16 11:19 . 2006-10-16 15:10 23856 ----a-w- f:\windows\system32\spupdsvc.exe
2010-02-16 11:13 . 2010-02-16 11:25 -------- d-----w- F:\f8ee2afe1ad1e71421
2010-02-16 11:05 . 2003-06-18 16:31 18944 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-16 11:05 . 2003-06-18 16:31 17920 ----a-w- f:\windows\system32\mdimon.dll
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\documents and settings\All Users\Application Data\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\Common Files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 10368 ----a-w- f:\windows\system32\drivers\pfc.sys
2010-02-16 10:54 . 2010-02-16 10:54 -------- d-----w- f:\windows\Downloaded Installations
2010-02-16 10:23 . 2010-02-16 10:23 -------- d-----w- f:\windows\nview
2010-02-16 10:23 . 2008-05-16 13:01 446464 ----a-w- f:\windows\system32\nvudisp.exe
2010-02-16 10:23 . 2008-05-16 10:48 446464 ----a-w- f:\windows\system32\NVUNINST.EXE
2010-02-16 10:22 . 2010-02-16 10:22 -------- d-----w- F:\NVIDIA
2010-02-16 10:14 . 2006-08-18 05:52 4017536 ----a-r- f:\windows\system32\drivers\alcxwdm.sys
2010-02-16 10:08 . 2010-02-16 10:15 -------- d-----w- f:\windows\Drivers
2010-02-16 10:05 . 2010-02-16 10:05 -------- d-----w- f:\program files\Intel
2010-02-16 10:04 . 2010-02-16 14:06 -------- d--h--w- f:\program files\InstallShield Installation Information
2010-02-16 10:04 . 2010-02-16 10:14 -------- d-----w- f:\program files\Common Files\InstallShield
2010-02-16 09:54 . 2010-02-16 12:54 -------- d-----w- f:\windows\system32\NtmsData
2010-02-16 09:45 . 2010-02-16 09:45 -------- d-----w- f:\program files\RocketDock
2010-02-16 09:08 . 2010-02-16 09:09 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Temp
2010-02-16 09:08 . 2010-02-16 14:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Google
2010-02-16 09:06 . 2010-02-19 17:26 68456 ----a-w- f:\documents and settings\Maja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 08:23 . 2004-08-03 21:59 5504 -c--a-w- f:\windows\system32\dllcache\intelide.sys
2010-02-16 08:23 . 2004-08-03 21:59 5504 ----a-w- f:\windows\system32\drivers\intelide.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 -c--a-w- f:\windows\system32\dllcache\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 ----a-w- f:\windows\system32\drivers\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 -c--a-w- f:\windows\system32\dllcache\agp440.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 ------w- f:\windows\system32\drivers\AGP440.SYS
2010-02-16 08:23 . 2008-05-16 13:01 6557408 -c--a-w- f:\windows\system32\dllcache\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6557408 ----a-w- f:\windows\system32\drivers\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6108928 ----a-w- f:\windows\system32\nv4_disp.dll
2010-02-16 08:23 . 2004-08-03 23:56 4274816 -c--a-w- f:\windows\system32\dllcache\nv4_disp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 00:53 . 2010-02-15 23:32 86327 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-16 10:56 . 2010-02-16 10:56 -------- d-----w- f:\program files\Alwil Software
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek Sound Manager
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\AvRack
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek AC97
2010-02-15 23:33 . 2010-02-15 23:33 -------- d-----w- f:\program files\microsoft frontpage
2010-02-15 23:29 . 2010-02-15 23:29 21640 ----a-w- f:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-02-19_13.38.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 65536 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 45056 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 40960 f:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 69632 f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 95744 f:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2010-02-23 15:56 . 2010-02-23 15:56 16384 f:\windows\Temp\Perflib_Perfdata_58c.dat
+ 2010-02-23 15:56 . 2010-02-23 15:56 16384 f:\windows\Temp\Perflib_Perfdata_514.dat
+ 2006-07-24 09:50 . 2006-07-24 09:50 47920 f:\windows\system32\VBAME.DLL
+ 2010-02-19 16:53 . 2006-10-26 18:56 67408 f:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2010-02-19 16:53 . 2006-10-26 18:56 67408 f:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-07-24 09:50 . 2006-07-24 09:50 39728 f:\windows\system32\SCP32.DLL
+ 2006-10-26 13:10 . 2006-10-26 13:10 33088 f:\windows\system32\FM20ENU.DLL
+ 2010-02-19 16:41 . 2010-02-19 16:41 48128 f:\windows\Installer\ae1bd7.msi
+ 2010-02-19 16:54 . 2010-02-19 16:54 35088 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 18704 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 20240 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-19 16:48 . 2010-02-19 16:48 39624 f:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 47832 f:\windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 72472 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 39704 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 39712 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 60200 f:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 39728 f:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 43840 f:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 16384 f:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 11544 f:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12080 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 12096 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12104 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 12104 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12112 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12632 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12104 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 12616 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 12616 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 12096 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2010-02-19 16:46 . 2010-02-19 16:46 12096 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2010-02-19 16:45 . 2010-02-19 16:45 12104 f:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 64288 f:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 13312 f:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 20280 f:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 35648 f:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 17208 f:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 88896 f:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2010-02-19 16:46 . 2010-02-19 16:46 80696 f:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 16712 f:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 31560 f:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2010-02-19 16:48 . 2010-02-19 16:48 82784 f:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 65536 f:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2010-02-19 16:48 . 2010-02-19 16:48 4096 f:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 4608 f:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14 626688 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14 548864 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 13:14 . 2006-06-05 13:14 479232 f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-10-26 12:45 . 2006-10-26 12:45 293376 f:\windows\system32\WISPTIS.EXE
+ 2010-02-19 16:53 . 2006-10-26 18:56 864080 f:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2010-02-19 16:53 . 2006-10-26 18:56 864080 f:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2010-02-20 14:41 . 2010-02-20 14:41 153376 f:\windows\system32\javaws.exe
+ 2010-02-20 14:41 . 2010-02-20 14:41 145184 f:\windows\system32\javaw.exe
+ 2010-02-20 14:41 . 2010-02-20 14:41 145184 f:\windows\system32\java.exe
+ 2006-10-26 12:45 . 2006-10-26 12:45 207360 f:\windows\system32\INKED.DLL
+ 2010-02-16 00:14 . 2010-02-19 17:32 263024 f:\windows\system32\FNTCACHE.DAT
+ 2010-02-19 16:44 . 2010-02-19 16:44 501248 f:\windows\Installer\ae1c1b.msi
+ 2010-02-19 16:43 . 2010-02-19 16:43 501248 f:\windows\Installer\ae1c03.msi
+ 2010-02-19 16:43 . 2010-02-19 16:43 506880 f:\windows\Installer\ae1bfd.msi
+ 2010-02-19 16:42 . 2010-02-19 16:42 516608 f:\windows\Installer\ae1bf6.msi
+ 2010-02-19 16:42 . 2010-02-19 16:42 513024 f:\windows\Installer\ae1bef.msi
+ 2010-02-19 16:41 . 2010-02-19 16:41 501248 f:\windows\Installer\ae1be3.msi
+ 2010-02-19 16:40 . 2010-02-19 16:40 501248 f:\windows\Installer\ae1bbb.msi
+ 2010-02-20 14:41 . 2010-02-20 14:41 178176 f:\windows\Installer\1389a0.msi
+ 2010-02-20 14:41 . 2010-02-20 14:41 576000 f:\windows\Installer\13899a.msi
+ 2010-02-20 14:25 . 2010-02-20 14:25 295606 f:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
+ 2010-02-19 16:40 . 2010-02-19 16:40 217864 f:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 888080 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 272648 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 922384 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 845584 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 217864 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 184080 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 159504 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2006-10-26 18:48 . 2006-10-26 18:48 434528 f:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\DWTRIG20.EXE
+ 2004-11-17 16:33 . 2004-11-17 16:33 450669 f:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AWEC.DLL
+ 2004-11-17 16:33 . 2004-11-17 16:33 589880 f:\windows\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\FP4AUTL.DLL
+ 2010-02-19 16:48 . 2010-02-19 16:48 330520 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 105248 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 211736 f:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 609104 f:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 367400 f:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 118112 f:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 416544 f:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2010-02-19 16:48 . 2010-02-19 16:48 229376 f:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2010-02-19 16:47 . 2010-02-19 16:47 371496 f:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 781104 f:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 232248 f:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 248632 f:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 920376 f:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 146232 f:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 404296 f:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 150320 f:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 110592 f:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 1079808 f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 1093632 f:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 13:10 . 2006-10-26 13:10 1190688 f:\windows\system32\FM20.DLL
+ 2010-02-19 16:44 . 2010-02-19 16:44 1640960 f:\windows\Installer\ae1c21.msi
+ 2010-02-19 16:44 . 2010-02-19 16:44 1652736 f:\windows\Installer\ae1c15.msi
+ 2010-02-19 16:43 . 2010-02-19 16:43 1652736 f:\windows\Installer\ae1c0f.msi
+ 2010-02-19 16:43 . 2010-02-19 16:43 1652736 f:\windows\Installer\ae1c09.msi
+ 2010-02-19 16:42 . 2010-02-19 16:42 2319872 f:\windows\Installer\ae1be9.msi
+ 2010-02-19 16:41 . 2010-02-19 16:41 1647616 f:\windows\Installer\ae1bdd.msi
+ 2010-02-19 16:41 . 2010-02-19 16:41 1640960 f:\windows\Installer\ae1bcd.msi
+ 2010-02-19 16:41 . 2010-02-19 16:41 2022912 f:\windows\Installer\ae1bc7.msi
+ 2010-02-19 16:40 . 2010-02-19 16:40 1713152 f:\windows\Installer\ae1bc1.msi
+ 2010-02-19 16:40 . 2010-02-19 16:40 2397184 f:\windows\Installer\ae1bb5.msi
+ 2010-02-20 14:25 . 2010-02-20 14:25 4272128 f:\windows\Installer\2bd9c.msi
+ 2010-02-19 16:54 . 2010-02-19 16:54 1172240 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-19 16:54 . 2010-02-19 16:54 1165584 f:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-02-19 16:47 . 2010-02-19 16:47 1276720 f:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2010-02-19 16:47 . 2010-02-19 16:47 1612592 f:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 8007680 f:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2010-02-19 16:48 . 2010-02-19 16:48 1215328 f:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2010-02-19 16:53 . 2010-02-19 16:53 18181632 f:\windows\Installer\ae1c3d.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

f:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-16 09:08 135664 ----atw- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- f:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- f:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\Valve\\hl.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\BEOGRID\\StrongDC++\\StrongDC++\\StrongDC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1200:UDP"= 1200:UDP:services friends
"3266:TCP"= 3266:TCP:pwoutfm

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2/16/2010 11:56 AM 114768]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2/16/2010 11:56 AM 20560]
S2 gupdate1caaf11db945d1e;Google Update Service (gupdate1caaf11db945d1e);f:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 3:10 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\4.tmp --> f:\windows\system32\4.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-23 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-23 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-17 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]

2010-02-23 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-QuickTime Task - f:\program files\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 16:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\4.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2864)
f:\program files\RocketDock\RocketDock.dll
f:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Alwil Software\Avast4\aswUpdSv.exe
f:\program files\Alwil Software\Avast4\ashServ.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\program files\Alwil Software\Avast4\ashMaiSv.exe
f:\program files\Alwil Software\Avast4\ashWebSv.exe
f:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-23 16:59:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 15:58

Pre-Run: 25,978,097,664 bytes free
Post-Run: 25,889,210,368 bytes free

- - End Of File - - 658EF2DF89CC19459ED2302479F3F4A4


#7 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 23 February 2010 - 11:10 AM

After I have done all scans (gmer and combofix) Avast reported Rootkit-Gen again. Also, there are some returning errors in scanning, 00000005.

Here`s a log from avast:

2/23/2010 5:04:53 PM SYSTEM 1300 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/23/2010 5:04:40 PM SYSTEM 1300 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\ojljs[1].bmp" file.
2/23/2010 4:42:35 PM SYSTEM 1188 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/23/2010 4:42:25 PM SYSTEM 1188 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/23/2010 4:42:24 PM SYSTEM 1188 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/23/2010 2:49:48 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/23/2010 2:49:37 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/23/2010 2:49:36 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/23/2010 12:36:01 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/23/2010 12:35:51 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/23/2010 12:35:50 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/22/2010 10:10:22 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 10:10:15 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 10:10:15 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/22/2010 4:32:11 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 4:32:06 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 4:32:05 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/22/2010 12:36:29 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 12:36:19 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 12:36:18 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/22/2010 3:33:24 AM SYSTEM 1336 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/22/2010 3:33:15 AM SYSTEM 1336 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/22/2010 3:33:14 AM SYSTEM 1336 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/22/2010 3:25:31 AM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 3:25:23 AM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/22/2010 3:25:22 AM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/21/2010 1:44:14 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/21/2010 1:44:05 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
2/21/2010 1:44:03 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/21/2010 12:40:28 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/21/2010 12:40:22 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/21/2010 12:40:21 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 9:25:52 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 9:25:43 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 9:25:42 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 4:41:25 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:41:14 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:41:14 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 4:01:36 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:01:26 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 4:01:24 PM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 3:20:32 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 3:20:12 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 3:20:11 PM SYSTEM 1184 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 11:49:58 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 11:49:34 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 11:49:33 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/20/2010 12:11:17 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 12:11:02 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/20/2010 12:11:01 AM SYSTEM 1304 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/19/2010 8:05:37 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 8:05:24 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 8:05:23 PM SYSTEM 1312 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/19/2010 6:32:55 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 6:32:31 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
2/19/2010 6:32:30 PM SYSTEM 1208 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/19/2010 3:18:49 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/19/2010 3:18:40 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4H6ZO1QZ\qgefad[1].bmp" file.
2/19/2010 2:15:03 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UYVZWFG1\ihmxouv[1].jpg" file.
2/19/2010 2:09:53 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 1:53:43 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 1:48:52 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 12:48:35 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/19/2010 12:25:48 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\86EI76T1\eoptiyl[1].jpg" file.
2/19/2010 12:23:20 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\UOS5BKCX\gruikb[1].jpg" file.
2/19/2010 12:21:52 PM Maja 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\86EI76T1\zsgxvcdc[1].jpg" file.
2/19/2010 12:48:36 AM SYSTEM 1292 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 9:44:51 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 9:34:46 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:55:21 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:18:36 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:17:28 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:07:45 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 8:01:17 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:50:50 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:46:13 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:36:10 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 7:36:01 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L7U2Y39G\ceqiigr[1].jpg" file.
2/18/2010 3:49:06 PM Maja 1196 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E32FIL4R\zzbprrz[1].jpg" file.
2/18/2010 3:42:50 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\uazxb[1].bmp" file.
2/18/2010 3:42:48 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\dtbpntp[1].bmp" file.
2/18/2010 3:42:46 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\blmwgw[1].jpg" file.
2/18/2010 3:42:43 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\sloxnzn[1].gif" file.
2/18/2010 3:42:35 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E32FIL4R\zzbprrz[1].jpg" file.
2/18/2010 3:42:31 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\633GVK22\srpuqip[1].bmp" file.
2/18/2010 3:38:40 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 3:31:39 PM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 1:53:46 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 1:26:44 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/18/2010 1:26:38 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\hijscv[1].jpg" file.
2/16/2010 11:10:59 PM SYSTEM 1328 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/16/2010 10:38:07 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZK2SJ09M\aohp[1].png" file.
2/16/2010 10:37:46 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\MTGO2LH3\qjsy[1].bmp" file.
2/16/2010 10:37:10 PM Maja 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\633GVK22\cbbs[1].bmp" file.
2/16/2010 10:03:30 PM SYSTEM 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/16/2010 9:56:31 PM SYSTEM 1172 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/16/2010 12:33:27 PM Maja 1188 Sign of "Win32:Trojan-gen {Other}" has been found in "G:\StrongDC++\Downloads\ScanSpyware.exe" file.

Regards.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 26 February 2010 - 05:00 AM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

F:\WINDOWS\system32\x

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 26 February 2010 - 07:26 AM

Virus Total analysis:

File x received on 2010.02.26 12:24:53 (UTC)
Current status: finished
Result: 41/41 (100%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.26 Net-Worm.Win32.Kido!IK
AhnLab-V3 5.0.0.2 2010.02.26 Win32/Conficker.worm.Gen
AntiVir 8.2.1.176 2010.02.26 Worm/Conficker.C
Antiy-AVL 2.0.3.7 2010.02.26 Worm/Win32.Kido.ih.gen
Authentium 5.2.0.5 2010.02.25 W32/Conficker!Generic
Avast 4.8.1351.0 2010.02.26 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.02.26 Win32:Rootkit-gen
AVG 9.0.0.730 2010.02.26 Worm/Downadup
BitDefender 7.2 2010.02.26 Win32.Worm.Downadup.Gen
CAT-QuickHeal 10.00 2010.02.26 Win32.Net-Worm.Kido.ih.3.Pack
ClamAV 0.96.0.0-git 2010.02.26 Trojan.Dropper-18535
Comodo 4071 2010.02.26 NetWorm.Win32.Kido.fw
DrWeb 5.0.1.12222 2010.02.26 Win32.HLLW.Shadow.1
eSafe 7.0.17.0 2010.02.25 Win32.Banker
eTrust-Vet 35.2.7330 2010.02.26 Win32/Conficker
F-Prot 4.5.1.85 2010.02.25 W32/Conficker!Generic
F-Secure 9.0.15370.0 2010.02.26 Worm:W32/Downadup.BP
Fortinet 4.0.14.0 2010.02.26 W32/Conficker.A!worm
GData 19 2010.02.26 Win32.Worm.Downadup.Gen
Ikarus T3.1.1.80.0 2010.02.26 Net-Worm.Win32.Kido
Jiangmin 13.0.900 2010.02.25 Trojan/Buzus.wul
K7AntiVirus 7.10.983 2010.02.25 Net-Worm.Win32.Downadup.fw
Kaspersky 7.0.0.125 2010.02.26 Net-Worm.Win32.Kido.ih
McAfee 5903 2010.02.25 W32/Conficker.worm.gen.a
McAfee+Artemis 5903 2010.02.25 Artemis!9C50E0C52A5E
McAfee-GW-Edition 6.8.5 2010.02.26 Worm.Conficker.C
Microsoft 1.5502 2010.02.26 Worm:Win32/Conficker.C
NOD32 4897 2010.02.26 a variant of Win32/Conficker.AE
Norman 6.04.08 2010.02.25 W32/Conficker.DP
nProtect 2009.1.8.0 2010.02.26 Worm/W32.Kido.164975
Panda 10.0.2.2 2010.02.25 Trj/Downloader.MDW
PCTools 7.0.3.5 2010.02.26 Net-Worm.Conficker
Rising 22.36.04.04 2010.02.26 Worm.Win32.MS08-067.c
Sophos 4.50.0 2010.02.26 Mal/Conficker-A
Sunbelt 5700 2010.02.26 Trojan.Malware
Symantec 20091.2.0.41 2010.02.26 W32.Downadup.B
TheHacker 6.5.1.6.211 2010.02.26 W32/Kido.fw
TrendMicro 9.120.0.1004 2010.02.26 WORM_DOWNAD.AD
VBA32 3.12.12.2 2010.02.26 Worm.Win32.kido.124
ViRobot 2010.2.26.2204 2010.02.26 Worm.Win32.Conficker.164975
VirusBuster 5.0.27.0 2010.02.26 Worm.Kido.ME
Additional information
File size: 164975 bytes
MD5...: 9c50e0c52a5e8ffa3484653862398b31
SHA1..: 7f6f3fc04c573c179aadb25dcaab85c0fef71f70
SHA256: 4ad8241bc715f6564d8b902dd54238110c4aecbeb24d53101b035c3f8bdaf3f0
ssdeep: 3072:Ljn3qLa+ktaTWvJf6wOp95F9NAM73gt0nRweF/J2XRHjKj0o:3naLa+kaCy
wc9D9NbMtAwPBHWj
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a090
timedatestamp.....: 0x3a8a27d2 (Wed Feb 14 06:38:10 2001)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x4000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x5000 0x16000 0x15400 7.80 9a27b2d21372291fc14103239696e220
UPX2 0x1b000 0x1000 0x200 3.66 b3b24563c7c9c69baf0553984c239cca

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ADVAPI32.dll: IsValidSid
> GDI32.dll: GetPixel
> MSVCRT.dll: div
> ole32.dll: CoFileTimeNow
> SHELL32.dll: -
> USER32.dll: IsChild

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (38.5%)
Win32 EXE Yoda's Crypter (33.5%)
Win32 Executable Generic (10.7%)
Win32 Dynamic Link Library (generic) (9.5%)
Clipper DOS Executable (2.5%)
packers (Kaspersky): PE_Patch.UPX, UPX
packers (Authentium): UPX
packers (Antiy-AVL): ACProtect V1.3X-1.4X DLL
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): UPX

Edited by anna_nbgd, 26 February 2010 - 07:28 AM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 26 February 2010 - 03:00 PM

Hi,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/296905/win32rootkit-gen/
Collect::
F:\WINDOWS\system32\x
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3266:TCP"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Let me know if you still get detections from Avast.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 27 February 2010 - 01:05 PM

Hi Myrti!

Today I didn`t have detections from Avast, because, again it reports errors 00000005. But before that, detections were very often. I have to mention that i don`t have a problem to delete files that Avast detect, but that files virus creates over and over again.


Avast log after 23th of February:

2/27/2010 6:54:04 PM SYSTEM 1308 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 6:53:47 PM SYSTEM 1308 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 6:53:46 PM SYSTEM 1308 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/27/2010 5:16:40 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 5:16:31 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 5:16:30 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/27/2010 3:27:10 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 3:27:01 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 3:27:00 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/27/2010 3:17:03 PM Maja 3308 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Qoobox\Quarantine\F\WINDOWS\system32\_yhsnocj_.dll.zip\yhsnocj.dll" file.
2/27/2010 12:28:21 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 12:28:09 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/27/2010 12:28:07 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/27/2010 3:16:53 AM SYSTEM 1180 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JR34QZC3\bsxdg[1].jpg" file.
2/26/2010 11:49:21 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/26/2010 11:49:07 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
2/26/2010 11:49:07 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
2/26/2010 10:30:48 PM Maja 1332 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JR34QZC3\bsxdg[1].jpg" file.
2/26/2010 9:23:35 PM Maja 1332 Sign of "BV:AutoRun-S [Wrm]" has been found in "C:\autorun.inf" file.
2/26/2010 9:23:27 PM Maja 1332 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" file.
2/26/2010 8:01:20 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 8:01:11 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\dxnq[1].gif" file.
2/26/2010 7:01:38 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 7:00:54 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UYLG4U6\stpu[1].png" file.
2/26/2010 6:20:36 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 6:20:20 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\gcch[1].jpg" file.
2/26/2010 5:55:32 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 5:55:22 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\afcsg[1].gif" file.
2/26/2010 5:03:05 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 5:02:56 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\toyxnr[1].bmp" file.
2/26/2010 4:36:20 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 4:36:12 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\hrjizxs[1].png" file.
2/26/2010 2:18:02 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 2:17:55 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\hrjizxs[1].png" file.
2/26/2010 2:02:50 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/26/2010 2:02:44 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\bkjt[1].bmp" file.
2/26/2010 12:54:02 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/26/2010 12:53:54 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\znmsak[1].jpg" file.
2/26/2010 12:46:27 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/26/2010 12:46:25 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 12:46:10 PM SYSTEM 1176 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\ipffbwk[1].gif" file.
2/26/2010 12:30:56 AM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/26/2010 12:30:51 AM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UYLG4U6\bulhpcw[1].bmp" file.
2/25/2010 11:43:31 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 11:42:21 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\svirzxyt[1].jpg" file.
2/25/2010 10:01:42 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 7:38:45 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 7:38:36 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\bulhpcw[1].gif" file.
2/25/2010 5:06:18 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/25/2010 4:13:30 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\System32\x" file.
2/25/2010 4:13:28 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 4:11:39 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\ngee[1].bmp" file.
2/25/2010 3:43:45 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 3:43:36 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UYLG4U6\hgwxibix[1].bmp" file.
2/25/2010 1:40:10 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 1:40:02 PM SYSTEM 1188 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\ejwserfv[1].gif" file.
2/25/2010 12:56:10 AM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/25/2010 12:39:51 AM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\ihpnf[1].gif" file.
2/24/2010 11:24:15 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 10:48:23 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 10:48:18 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\iily[1].png" file.
2/24/2010 8:56:11 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 6:12:38 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 6:12:30 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UYLG4U6\hhxslpss[1].bmp" file.
2/24/2010 5:50:33 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 5:50:22 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\vzibs[1].jpg" file.
2/24/2010 5:19:24 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 5:19:04 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\ceeqsy[1].gif" file.
2/24/2010 4:14:06 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 4:14:02 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\hitcp[1].gif" file.
2/24/2010 4:11:08 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 4:10:58 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6UYLG4U6\cniukog[1].jpg" file.
2/24/2010 3:57:07 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 3:56:58 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\G1EBG9MJ\vcbobnw[1].png" file.
2/24/2010 3:21:30 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 3:21:21 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\gztfcka[1].png" file.
2/24/2010 2:52:56 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 2:52:43 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\nndpe[1].png" file.
2/24/2010 1:43:05 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.
2/24/2010 1:42:51 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YVWF4RUJ\hitcp[1].gif" file.
2/24/2010 1:15:57 PM SYSTEM 1184 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QFE9FSFO\bhkjuvub[1].gif" file.
2/24/2010 12:32:53 AM SYSTEM 1300 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "F:\WINDOWS\system32\x" file.


ComboFix log:

ComboFix 10-02-27.03 - Maja 02/27/2010 18:48:29.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1177 [GMT 1:00]
Running from: g:\anna\Install\ComboFix.exe
Command switches used :: f:\documents and settings\Maja\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: f:\windows\system32\x
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\recycler\S-1-5-21-2060802855-9605971596-996118870-1735
f:\recycler\S-1-5-21-2727268248-7996541783-716213957-9380
f:\recycler\S-1-5-21-2727268248-7996541783-716213957-9380\Desktop.ini
f:\recycler\S-1-5-21-2727268248-7996541783-716213957-9380\nissan.exe
f:\windows\system32\x

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Ahead
2010-02-26 12:51 . 2010-02-27 15:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Skype
2010-02-26 12:51 . 2010-02-26 12:51 -------- d-----r- f:\program files\Skype
2010-02-26 12:51 . 2010-02-26 12:51 -------- d-----w- f:\documents and settings\All Users\Application Data\Skype
2010-02-20 15:03 . 2010-02-20 15:03 -------- d-----w- f:\windows\Sun
2010-02-20 14:41 . 2010-02-20 14:41 503808 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcp71.dll
2010-02-20 14:41 . 2010-02-20 14:41 499712 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\jmc.dll
2010-02-20 14:41 . 2010-02-20 14:41 348160 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcr71.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Common Files\Java
2010-02-20 14:41 . 2010-02-20 14:41 61440 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-sse.dll
2010-02-20 14:41 . 2010-02-20 14:41 12800 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-d3d.dll
2010-02-20 14:41 . 2010-02-20 14:41 411368 ----a-w- f:\windows\system32\deploytk.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Java
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:30 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\program files\ParetoLogic
2010-02-19 17:04 . 2010-02-20 14:24 -------- d-----w- f:\program files\Common Files\Adobe
2010-02-19 16:57 . 2010-02-20 12:00 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Adobe
2010-02-19 16:53 . 2006-10-26 18:56 33104 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-19 16:53 . 2006-10-26 18:56 32592 ----a-w- f:\windows\system32\msonpmon.dll
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\Microsoft Works
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\MSBuild
2010-02-19 16:45 . 2010-02-19 16:45 -------- d-----w- f:\program files\Microsoft.NET
2010-02-19 16:42 . 2010-02-19 16:42 -------- d-----w- f:\program files\Microsoft Visual Studio 8
2010-02-19 16:40 . 2010-02-19 16:47 -------- d-----w- f:\windows\SHELLNEW
2010-02-19 16:40 . 2010-02-19 16:40 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Microsoft Help
2010-02-19 16:39 . 2010-02-19 16:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-19 16:38 . 2010-02-19 16:38 -------- d-----r- F:\MSOCache
2010-02-19 12:30 . 2010-02-19 12:44 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2010-02-19 12:26 . 2010-02-19 12:58 26688 ----a-w- f:\windows\system32\drivers\procguard.sys
2010-02-19 12:26 . 2008-07-25 12:11 44544 ----a-w- f:\windows\system32\procguard.dll
2010-02-18 23:08 . 2004-08-03 23:56 159232 ----a-w- f:\windows\system32\ptpusd.dll
2010-02-18 23:08 . 2001-08-17 21:36 5632 ----a-w- f:\windows\system32\ptpusb.dll
2010-02-18 23:07 . 2004-08-03 21:58 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2010-02-18 23:07 . 2004-08-03 21:58 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\ACD Systems
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ACD Systems
2010-02-17 11:58 . 2004-08-03 22:08 26496 -c--a-w- f:\windows\system32\dllcache\usbstor.sys
2010-02-17 09:34 . 2010-02-27 16:17 -------- d-----w- f:\program files\Valve
2010-02-16 21:28 . 2010-02-16 21:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Malwarebytes
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\Application Data\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\program files\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\temp
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-16 14:11 . 2010-02-16 14:11 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-16 14:10 . 2010-02-16 14:13 -------- d-----w- f:\program files\Google
2010-02-16 14:10 . 2010-02-16 14:10 -------- d-----w- f:\program files\Teamspeak2_RC2
2010-02-16 14:09 . 2010-02-25 01:17 -------- d-----w- f:\program files\HLSW
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\xing shared
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\Real
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Real
2010-02-16 13:57 . 2004-03-02 16:37 125184 ------w- f:\windows\system32\drivers\imagesrv.sys
2010-02-16 13:57 . 2004-03-02 16:37 5504 ------w- f:\windows\system32\drivers\imagedrv.sys
2010-02-16 13:57 . 2000-06-26 10:45 106496 ----a-w- f:\windows\system32\TwnLib20.dll
2010-02-16 13:57 . 2004-07-26 16:16 476320 ------w- f:\windows\system32\ImagXpr7.dll
2010-02-16 13:57 . 2004-07-26 16:16 471040 ------w- f:\windows\system32\ImagXRA7.dll
2010-02-16 13:57 . 2004-07-26 16:16 262144 ------w- f:\windows\system32\ImagXR7.dll
2010-02-16 13:57 . 2004-07-26 16:16 1568768 ------w- f:\windows\system32\ImagX7.dll
2010-02-16 13:57 . 2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Common Files\Ahead
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Ahead
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\program files\CyberLink
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple Computer
2010-02-16 13:52 . 2010-02-16 13:53 -------- d-----w- f:\documents and settings\Maja\Application Data\BSplayer Pro
2010-02-16 13:52 . 2010-02-16 13:52 -------- d-----w- f:\program files\Webteh
2010-02-16 12:38 . 2010-02-27 17:53 -------- d-----w- f:\documents and settings\Maja\Tracing
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Microsoft
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live SkyDrive
2010-02-16 12:37 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live
2010-02-16 12:32 . 2010-02-16 12:32 -------- d-----w- f:\program files\Common Files\Windows Live
2010-02-16 12:30 . 2010-02-16 18:52 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Screamer Radio
2010-02-16 12:29 . 2010-02-16 12:29 -------- d-----w- f:\program files\PhotoScape
2010-02-16 11:19 . 2006-10-14 15:43 27648 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-16 11:19 . 2006-06-29 12:07 14048 ------w- f:\windows\system32\spmsg2.dll
2010-02-16 11:19 . 2006-10-16 15:10 23856 ----a-w- f:\windows\system32\spupdsvc.exe
2010-02-16 11:13 . 2010-02-16 11:25 -------- d-----w- F:\f8ee2afe1ad1e71421
2010-02-16 11:05 . 2003-06-18 16:31 18944 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-16 11:05 . 2003-06-18 16:31 17920 ----a-w- f:\windows\system32\mdimon.dll
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\documents and settings\All Users\Application Data\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\Common Files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 10368 ----a-w- f:\windows\system32\drivers\pfc.sys
2010-02-16 10:54 . 2010-02-16 10:54 -------- d-----w- f:\windows\Downloaded Installations
2010-02-16 10:23 . 2010-02-16 10:23 -------- d-----w- f:\windows\nview
2010-02-16 10:23 . 2008-05-16 13:01 446464 ----a-w- f:\windows\system32\nvudisp.exe
2010-02-16 10:23 . 2008-05-16 10:48 446464 ----a-w- f:\windows\system32\NVUNINST.EXE
2010-02-16 10:22 . 2010-02-16 10:22 -------- d-----w- F:\NVIDIA
2010-02-16 10:14 . 2006-08-18 05:52 4017536 ----a-r- f:\windows\system32\drivers\alcxwdm.sys
2010-02-16 10:08 . 2010-02-16 10:15 -------- d-----w- f:\windows\Drivers
2010-02-16 10:05 . 2010-02-16 10:05 -------- d-----w- f:\program files\Intel
2010-02-16 10:04 . 2010-02-16 14:06 -------- d--h--w- f:\program files\InstallShield Installation Information
2010-02-16 10:04 . 2010-02-16 10:14 -------- d-----w- f:\program files\Common Files\InstallShield
2010-02-16 09:54 . 2010-02-16 12:54 -------- d-----w- f:\windows\system32\NtmsData
2010-02-16 09:45 . 2010-02-16 09:45 -------- d-----w- f:\program files\RocketDock
2010-02-16 09:08 . 2010-02-26 16:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Temp
2010-02-16 09:08 . 2010-02-16 14:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Google
2010-02-16 09:06 . 2010-02-19 17:26 68456 ----a-w- f:\documents and settings\Maja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 08:23 . 2004-08-03 21:59 5504 -c--a-w- f:\windows\system32\dllcache\intelide.sys
2010-02-16 08:23 . 2004-08-03 21:59 5504 ----a-w- f:\windows\system32\drivers\intelide.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 -c--a-w- f:\windows\system32\dllcache\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 ----a-w- f:\windows\system32\drivers\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 -c--a-w- f:\windows\system32\dllcache\agp440.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 ------w- f:\windows\system32\drivers\AGP440.SYS
2010-02-16 08:23 . 2008-05-16 13:01 6557408 -c--a-w- f:\windows\system32\dllcache\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6557408 ----a-w- f:\windows\system32\drivers\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6108928 ----a-w- f:\windows\system32\nv4_disp.dll
2010-02-16 08:23 . 2004-08-03 23:56 4274816 -c--a-w- f:\windows\system32\dllcache\nv4_disp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 00:53 . 2010-02-15 23:32 86327 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-16 10:56 . 2010-02-16 10:56 -------- d-----w- f:\program files\Alwil Software
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek Sound Manager
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\AvRack
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek AC97
2010-02-15 23:33 . 2010-02-15 23:33 -------- d-----w- f:\program files\microsoft frontpage
2010-02-15 23:29 . 2010-02-15 23:29 21640 ----a-w- f:\windows\system32\emptyregdb.dat
2004-08-03 22:56 . 2004-08-03 22:56 164975 --sha-r- f:\windows\system32\yhsnocj.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-23_15.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-27 17:53 . 2010-02-27 17:53 16384 f:\windows\Temp\Perflib_Perfdata_5a4.dat
+ 2010-02-27 17:53 . 2010-02-27 17:53 16384 f:\windows\Temp\Perflib_Perfdata_51c.dat
+ 2010-02-26 10:58 . 2010-02-26 10:58 16384 f:\windows\Temp\Perflib_Perfdata_498.dat
+ 2010-02-25 12:59 . 2010-02-25 12:59 22528 f:\windows\Installer\2348ec.msi
+ 2010-02-26 12:51 . 2010-02-26 12:51 364726 f:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2010-02-26 12:51 . 2010-02-26 12:51 1602048 f:\windows\Installer\675b7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

f:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-16 09:08 135664 ----atw- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- f:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- f:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\Valve\\hl.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\BEOGRID\\StrongDC++\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\HLSW\\hlsw.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1200:UDP"= 1200:UDP:services friends
"3266:TCP"= 3266:TCP:pwoutfm

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2/16/2010 11:56 AM 114768]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2/16/2010 11:56 AM 20560]
S2 gupdate1caaf11db945d1e;Google Update Service (gupdate1caaf11db945d1e);f:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 3:10 PM 133104]
S2 ornhqxj;Security Universal;f:\windows\system32\svchost.exe -k netsvcs [8/3/2004 11:56 PM 14336]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\4.tmp --> f:\windows\system32\4.tmp [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ornhqxj
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-27 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-02-27 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]

2010-02-27 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 18:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ornhqxj]
"ServiceDll"="f:\windows\system32\yhsnocj.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3092)
f:\program files\RocketDock\RocketDock.dll
f:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Alwil Software\Avast4\aswUpdSv.exe
f:\program files\Alwil Software\Avast4\ashServ.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\program files\Alwil Software\Avast4\ashMaiSv.exe
f:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-02-27 18:56:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 17:56
ComboFix2.txt 2010-02-23 15:59

Pre-Run: 22,364,192,768 bytes free
Post-Run: 22,346,326,016 bytes free

- - End Of File - - E16E230E57FF9D3F45A2648B3E55D1C7

Best regards,
Anna




#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 01 March 2010 - 09:21 AM

Hi,

we need to run another script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
f:\windows\system32\yhsnocj.dl
F:\WINDOWS\system32\x
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3266:TCP"=-
Driver::
ornhqxj
netsvc::
ornhqxj


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 04 March 2010 - 05:48 PM

Hello Myrti!

Log from ComboFix:

ComboFix 10-03-04.02 - Maja 03/04/2010 23:31:01.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.1027 [GMT 1:00]
Running from: f:\documents and settings\Maja\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Maja\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100304-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"f:\windows\system32\x"
"f:\windows\system32\yhsnocj.dl"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ORNHQXJ
-------\Service_ornhqxj


((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-04 19:28 . 2010-03-04 19:28 -------- d-----w- f:\windows\system32\LogFiles
2010-03-04 17:37 . 2004-08-03 22:56 25600 ----a-w- f:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-03-01 20:24 . 2001-08-17 12:48 12160 -c--a-w- f:\windows\system32\dllcache\mouhid.sys
2010-03-01 20:24 . 2001-08-17 12:48 12160 ----a-w- f:\windows\system32\drivers\mouhid.sys
2010-03-01 19:44 . 2004-08-03 23:56 21504 -c--a-w- f:\windows\system32\dllcache\hidserv.dll
2010-03-01 19:44 . 2004-08-03 23:56 21504 ----a-w- f:\windows\system32\hidserv.dll
2010-02-26 20:24 . 2010-02-26 20:24 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Ahead
2010-02-26 12:51 . 2010-03-04 22:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Skype
2010-02-26 12:51 . 2010-02-26 12:51 -------- d-----r- f:\program files\Skype
2010-02-26 12:51 . 2010-02-26 12:51 -------- d-----w- f:\documents and settings\All Users\Application Data\Skype
2010-02-20 15:03 . 2010-02-20 15:03 -------- d-----w- f:\windows\Sun
2010-02-20 14:41 . 2010-02-20 14:41 503808 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcp71.dll
2010-02-20 14:41 . 2010-02-20 14:41 499712 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\jmc.dll
2010-02-20 14:41 . 2010-02-20 14:41 348160 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7a484fb4-n\msvcr71.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Common Files\Java
2010-02-20 14:41 . 2010-02-20 14:41 61440 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-sse.dll
2010-02-20 14:41 . 2010-02-20 14:41 12800 ----a-w- f:\documents and settings\Maja\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6324f541-n\decora-d3d.dll
2010-02-20 14:41 . 2010-02-20 14:41 411368 ----a-w- f:\windows\system32\deploytk.dll
2010-02-20 14:41 . 2010-02-20 14:41 -------- d-----w- f:\program files\Java
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:30 -------- d-----w- f:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-19 17:26 . 2010-02-19 17:26 -------- d-----w- f:\program files\ParetoLogic
2010-02-19 17:04 . 2010-02-20 14:24 -------- d-----w- f:\program files\Common Files\Adobe
2010-02-19 16:57 . 2010-02-20 12:00 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Adobe
2010-02-19 16:53 . 2006-10-26 18:56 33104 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-02-19 16:53 . 2006-10-26 18:56 32592 ----a-w- f:\windows\system32\msonpmon.dll
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\Microsoft Works
2010-02-19 16:48 . 2010-02-19 16:48 -------- d-----w- f:\program files\MSBuild
2010-02-19 16:45 . 2010-02-19 16:45 -------- d-----w- f:\program files\Microsoft.NET
2010-02-19 16:42 . 2010-02-19 16:42 -------- d-----w- f:\program files\Microsoft Visual Studio 8
2010-02-19 16:40 . 2010-02-19 16:47 -------- d-----w- f:\windows\SHELLNEW
2010-02-19 16:40 . 2010-02-19 16:40 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Microsoft Help
2010-02-19 16:39 . 2010-02-19 16:54 -------- d-----w- f:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-19 16:38 . 2010-02-19 16:38 -------- d-----r- F:\MSOCache
2010-02-19 12:30 . 2010-02-19 12:44 -------- d---a-w- f:\documents and settings\All Users\Application Data\TEMP
2010-02-19 12:26 . 2010-02-19 12:58 26688 ----a-w- f:\windows\system32\drivers\procguard.sys
2010-02-19 12:26 . 2008-07-25 12:11 44544 ----a-w- f:\windows\system32\procguard.dll
2010-02-18 23:08 . 2004-08-03 23:56 159232 ----a-w- f:\windows\system32\ptpusd.dll
2010-02-18 23:08 . 2001-08-17 21:36 5632 ----a-w- f:\windows\system32\ptpusb.dll
2010-02-18 23:07 . 2004-08-03 21:58 15104 -c--a-w- f:\windows\system32\dllcache\usbscan.sys
2010-02-18 23:07 . 2004-08-03 21:58 15104 ----a-w- f:\windows\system32\drivers\usbscan.sys
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\ACD Systems
2010-02-18 10:26 . 2010-02-18 10:26 -------- d-----w- f:\documents and settings\Maja\Application Data\ACD Systems
2010-02-17 11:58 . 2004-08-03 22:08 26496 -c--a-w- f:\windows\system32\dllcache\usbstor.sys
2010-02-17 09:34 . 2010-03-02 13:17 -------- d-----w- f:\program files\Valve
2010-02-16 21:28 . 2010-02-16 21:28 -------- d-----w- f:\documents and settings\Maja\Application Data\Malwarebytes
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\Application Data\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\program files\TeamViewer
2010-02-16 20:27 . 2010-02-16 20:27 -------- d-----w- f:\documents and settings\Maja\temp
2010-02-16 14:37 . 2010-02-16 14:37 -------- d-----w- f:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-16 14:11 . 2010-02-16 14:11 -------- d-----w- f:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-16 14:10 . 2010-02-16 14:13 -------- d-----w- f:\program files\Google
2010-02-16 14:10 . 2010-02-16 14:10 -------- d-----w- f:\program files\Teamspeak2_RC2
2010-02-16 14:09 . 2010-03-02 08:56 -------- d-----w- f:\program files\HLSW
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\xing shared
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Common Files\Real
2010-02-16 14:01 . 2010-02-16 14:01 -------- d-----w- f:\program files\Real
2010-02-16 13:57 . 2004-03-02 16:37 125184 ------w- f:\windows\system32\drivers\imagesrv.sys
2010-02-16 13:57 . 2004-03-02 16:37 5504 ------w- f:\windows\system32\drivers\imagedrv.sys
2010-02-16 13:57 . 2000-06-26 10:45 106496 ----a-w- f:\windows\system32\TwnLib20.dll
2010-02-16 13:57 . 2004-07-26 16:16 476320 ------w- f:\windows\system32\ImagXpr7.dll
2010-02-16 13:57 . 2004-07-26 16:16 471040 ------w- f:\windows\system32\ImagXRA7.dll
2010-02-16 13:57 . 2004-07-26 16:16 262144 ------w- f:\windows\system32\ImagXR7.dll
2010-02-16 13:57 . 2004-07-26 16:16 1568768 ------w- f:\windows\system32\ImagX7.dll
2010-02-16 13:57 . 2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Common Files\Ahead
2010-02-16 13:57 . 2010-02-16 13:57 -------- d-----w- f:\program files\Ahead
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\documents and settings\All Users\Application Data\CyberLink
2010-02-16 13:55 . 2010-02-16 13:55 -------- d-----w- f:\program files\CyberLink
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple
2010-02-16 13:54 . 2010-02-16 13:54 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Apple Computer
2010-02-16 13:52 . 2010-02-16 13:53 -------- d-----w- f:\documents and settings\Maja\Application Data\BSplayer Pro
2010-02-16 13:52 . 2010-02-16 13:52 -------- d-----w- f:\program files\Webteh
2010-02-16 12:38 . 2010-03-04 22:37 -------- d-----w- f:\documents and settings\Maja\Tracing
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Microsoft
2010-02-16 12:38 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live SkyDrive
2010-02-16 12:37 . 2010-02-16 12:38 -------- d-----w- f:\program files\Windows Live
2010-02-16 12:32 . 2010-02-16 12:32 -------- d-----w- f:\program files\Common Files\Windows Live
2010-02-16 12:30 . 2010-02-16 18:52 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Screamer Radio
2010-02-16 12:29 . 2010-02-16 12:29 -------- d-----w- f:\program files\PhotoScape
2010-02-16 11:19 . 2006-10-14 15:43 27648 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-16 11:19 . 2006-06-29 12:07 14048 ------w- f:\windows\system32\spmsg2.dll
2010-02-16 11:19 . 2006-10-16 15:10 23856 ----a-w- f:\windows\system32\spupdsvc.exe
2010-02-16 11:13 . 2010-02-16 11:25 -------- d-----w- F:\f8ee2afe1ad1e71421
2010-02-16 11:05 . 2003-06-18 16:31 18944 ----a-w- f:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-02-16 11:05 . 2003-06-18 16:31 17920 ----a-w- f:\windows\system32\mdimon.dll
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\documents and settings\All Users\Application Data\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\Common Files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 -------- d-----w- f:\program files\ACD Systems
2010-02-16 10:55 . 2010-02-16 10:55 10368 ----a-w- f:\windows\system32\drivers\pfc.sys
2010-02-16 10:54 . 2010-02-16 10:54 -------- d-----w- f:\windows\Downloaded Installations
2010-02-16 10:23 . 2010-02-16 10:23 -------- d-----w- f:\windows\nview
2010-02-16 10:23 . 2008-05-16 13:01 446464 ----a-w- f:\windows\system32\nvudisp.exe
2010-02-16 10:23 . 2008-05-16 10:48 446464 ----a-w- f:\windows\system32\NVUNINST.EXE
2010-02-16 10:22 . 2010-02-16 10:22 -------- d-----w- F:\NVIDIA
2010-02-16 10:14 . 2006-08-18 05:52 4017536 ----a-r- f:\windows\system32\drivers\alcxwdm.sys
2010-02-16 10:08 . 2010-02-16 10:15 -------- d-----w- f:\windows\Drivers
2010-02-16 10:05 . 2010-02-16 10:05 -------- d-----w- f:\program files\Intel
2010-02-16 10:04 . 2010-02-16 14:06 -------- d--h--w- f:\program files\InstallShield Installation Information
2010-02-16 10:04 . 2010-02-16 10:14 -------- d-----w- f:\program files\Common Files\InstallShield
2010-02-16 09:54 . 2010-02-16 12:54 -------- d-----w- f:\windows\system32\NtmsData
2010-02-16 09:45 . 2010-02-16 09:45 -------- d-----w- f:\program files\RocketDock
2010-02-16 09:08 . 2010-02-26 16:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Temp
2010-02-16 09:08 . 2010-02-16 14:13 -------- d-----w- f:\documents and settings\Maja\Local Settings\Application Data\Google
2010-02-16 09:06 . 2010-02-19 17:26 68456 ----a-w- f:\documents and settings\Maja\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-16 08:23 . 2004-08-03 21:59 5504 -c--a-w- f:\windows\system32\dllcache\intelide.sys
2010-02-16 08:23 . 2004-08-03 21:59 5504 ----a-w- f:\windows\system32\drivers\intelide.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 -c--a-w- f:\windows\system32\dllcache\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:08 20480 ----a-w- f:\windows\system32\drivers\usbuhci.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 -c--a-w- f:\windows\system32\dllcache\agp440.sys
2010-02-16 08:23 . 2004-08-03 22:07 42368 ------w- f:\windows\system32\drivers\AGP440.SYS
2010-02-16 08:23 . 2008-05-16 13:01 6557408 -c--a-w- f:\windows\system32\dllcache\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6557408 ----a-w- f:\windows\system32\drivers\nv4_mini.sys
2010-02-16 08:23 . 2008-05-16 13:01 6108928 ----a-w- f:\windows\system32\nv4_disp.dll
2010-02-16 08:23 . 2004-08-03 23:56 4274816 -c--a-w- f:\windows\system32\dllcache\nv4_disp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 00:53 . 2010-02-15 23:32 86327 ----a-w- f:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-16 10:56 . 2010-02-16 10:56 -------- d-----w- f:\program files\Alwil Software
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek Sound Manager
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\AvRack
2010-02-16 10:14 . 2010-02-16 10:14 -------- d-----w- f:\program files\Realtek AC97
2010-02-15 23:33 . 2010-02-15 23:33 -------- d-----w- f:\program files\microsoft frontpage
2010-02-15 23:29 . 2010-02-15 23:29 21640 ----a-w- f:\windows\system32\emptyregdb.dat
2004-08-03 22:56 . 2004-08-03 22:56 164975 --sha-r- f:\windows\system32\yhsnocj.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-02-23_15.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 22:37 . 2010-03-04 22:37 16384 f:\windows\Temp\Perflib_Perfdata_624.dat
+ 2010-03-04 22:36 . 2010-03-04 22:36 16384 f:\windows\Temp\Perflib_Perfdata_558.dat
+ 2010-02-25 12:59 . 2010-02-25 12:59 22528 f:\windows\Installer\2348ec.msi
+ 2010-02-26 12:51 . 2010-02-26 12:51 364726 f:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2010-02-26 12:51 . 2010-02-26 12:51 1602048 f:\windows\Installer\675b7e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="f:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="f:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-16 198160]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

f:\documents and settings\Maja\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - f:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- f:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-16 09:08 135664 ----atw- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- f:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- f:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- f:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 ----a-w- f:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"g:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\Valve\\hl.exe"=
"f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"g:\\BEOGRID\\StrongDC++\\StrongDC++\\StrongDC.exe"=
"f:\\Program Files\\HLSW\\hlsw.exe"=
"f:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1200:UDP"= 1200:UDP:services friends

R1 aswSP;avast! Self Protection;f:\windows\system32\drivers\aswSP.sys [2/16/2010 11:56 AM 114768]
R2 aswFsBlk;aswFsBlk;f:\windows\system32\drivers\aswFsBlk.sys [2/16/2010 11:56 AM 20560]
S2 gupdate1caaf11db945d1e;Google Update Service (gupdate1caaf11db945d1e);f:\program files\Google\Update\GoogleUpdate.exe [2/16/2010 3:10 PM 133104]
S3 MEMSWEEP2;MEMSWEEP2;\??\f:\windows\system32\4.tmp --> f:\windows\system32\4.tmp [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-04 f:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-03-04 f:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- f:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 14:10]

2010-03-04 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003Core.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]

2010-03-04 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-776561741-725345543-1003UA.job
- f:\documents and settings\Maja\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 09:08]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1782FC2C-1A07-472A-833E-AD93F758739C} = 208.67.222.222,208.67.220.220
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 23:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\f:\windows\system32\4.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2524)
f:\program files\RocketDock\RocketDock.dll
f:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\program files\Alwil Software\Avast4\aswUpdSv.exe
f:\program files\Alwil Software\Avast4\ashServ.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
f:\program files\Java\jre6\bin\jqs.exe
f:\windows\system32\nvsvc32.exe
f:\program files\Alwil Software\Avast4\ashMaiSv.exe
f:\windows\system32\wscntfy.exe
f:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2010-03-04 23:39:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-04 22:39
ComboFix2.txt 2010-02-27 17:56
ComboFix3.txt 2010-02-23 15:59

Pre-Run: 21,825,552,384 bytes free
Post-Run: 21,793,820,672 bytes free

- - End Of File - - 5682CC442AFD18013CEC91B3DE0F0CE5

I have to mention that I have now also Win32:Rontokbr-I2 [Wrm]. It`s very persistent and avast reports it very often.

New Avast log:

3/4/2010 11:21:12 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\Anna\Ivan\Ivan.exe" file.
3/4/2010 11:21:03 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\Anna\Ivan\Ivan.exe" file.
3/4/2010 11:20:55 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\Anna\Anna.exe" file.
3/4/2010 11:19:38 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 10\cs-srbija RED server 10.exe" file.
3/4/2010 11:19:30 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 1\cs-srbija RED server 1.exe" file.
3/4/2010 11:19:17 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 1\cs-srbija RED server 1.exe" file.
3/4/2010 11:19:10 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 1\cs-srbija RED server 1.exe" file.
3/4/2010 11:19:03 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 1\cs-srbija RED server 1.exe" file.
3/4/2010 11:18:11 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\cs-srbija RED server 1\cs-srbija RED server 1.exe" file.
3/4/2010 11:17:43 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS screen shotovi\AnnA\AnnA.exe" file.
3/4/2010 11:17:37 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\CS demoi\CS demoi.exe" file.
3/4/2010 11:17:23 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\BANNED players\SCREEN SHOTS\SCREEN SHOTS.exe" file.
3/4/2010 11:17:19 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\BANNED players\SCREEN SHOTS\SCREEN SHOTS.exe" file.
3/4/2010 11:17:13 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\BANNED players\SCREEN SHOTS\SCREEN SHOTS.exe" file.
3/4/2010 11:17:08 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\BANNED players\DEMO\DEMO.exe" file.
3/4/2010 11:17:03 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\BANNED players\BANNED players.exe" file.
3/4/2010 11:16:56 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\ADMIN red server 27.01.2009`.exe" file.
3/4/2010 11:16:51 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\ADMIN red server 27.01.2009`.exe" file.
3/4/2010 11:16:46 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\ADMIN red server 27.01.2009`.exe" file.
3/4/2010 11:16:42 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\ADMIN red server 27.01.2009`.exe" file.
3/4/2010 11:16:33 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ADMIN red server 27.01.2009\ADMIN red server 27.01.2009`.exe" file.
3/4/2010 11:16:28 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ANNA.exe" file.
3/4/2010 11:16:22 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\ANNA.exe" file.
3/4/2010 11:16:09 PM SYSTEM 1396 Sign of "Win32:Rontokbr-I2 [Wrm]" has been found in "G:\ANNA\Data dacho.exe" file.
3/4/2010 8:27:56 PM SYSTEM 1396 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/4/2010 8:27:44 PM SYSTEM 1396 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/4/2010 8:27:43 PM SYSTEM 1396 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/4/2010 8:22:33 PM SYSTEM 1176 Sign of "AutoIt:Balero-C [Wrm]" has been found in "F:\Documents and Settings\All Users\Documents\xxwqzc.exe\AutoIt.script" file.
3/4/2010 8:17:17 PM SYSTEM 1176 Sign of "AutoIt:Balero-A2 [Wrm]" has been found in "F:\Documents and Settings\All Users\Documents\xxwqzc.exe\>>>AUTOIT SCRIPT<<<" file.
3/4/2010 6:25:04 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/4/2010 6:24:54 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/4/2010 6:24:53 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/4/2010 6:15:41 PM SYSTEM 1292 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
3/4/2010 6:13:54 PM SYSTEM 1292 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/4/2010 6:13:41 PM SYSTEM 1292 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/4/2010 6:13:40 PM SYSTEM 1292 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/4/2010 5:30:19 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/4/2010 5:30:08 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/4/2010 5:30:07 PM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/4/2010 5:10:25 PM SYSTEM 1120 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\01.tmp (F:\WINDOWS\system32\01.tmp) returning error, 00000005.
3/4/2010 5:10:08 PM SYSTEM 1120 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\01.tmp (F:\WINDOWS\system32\01.tmp) returning error, 00000005.
3/4/2010 5:10:06 PM SYSTEM 1120 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/4/2010 11:32:06 AM SYSTEM 1264 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
3/4/2010 11:31:48 AM SYSTEM 1264 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\02.tmp (F:\WINDOWS\system32\02.tmp) returning error, 00000005.
3/4/2010 11:31:47 AM SYSTEM 1264 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/3/2010 11:10:41 PM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/3/2010 11:10:34 PM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/3/2010 11:10:33 PM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/3/2010 10:25:23 PM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/3/2010 10:25:17 PM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/3/2010 10:25:17 PM SYSTEM 1316 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/3/2010 8:54:59 PM SYSTEM 1324 Sign of "BV:AutoRun-S [Wrm]" has been found in "C:\autorun.inf" file.
3/3/2010 8:54:49 PM SYSTEM 1324 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" file.
3/3/2010 8:13:23 PM SYSTEM 1324 Sign of "BV:AutoRun-S [Wrm]" has been found in "C:\autorun.inf" file.
3/3/2010 8:13:15 PM SYSTEM 1324 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" file.
3/3/2010 8:13:05 PM SYSTEM 1324 Sign of "BV:AutoRun-G [Wrm]" has been found in "C:\Autorun.inf" file.
3/3/2010 7:59:37 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\05.tmp (F:\WINDOWS\system32\05.tmp) returning error, 00000005.
3/3/2010 7:59:29 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\05.tmp (F:\WINDOWS\system32\05.tmp) returning error, 00000005.
3/3/2010 7:59:28 PM SYSTEM 1324 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/3/2010 7:44:32 PM SYSTEM 1268 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\01.tmp (F:\WINDOWS\system32\01.tmp) returning error, 00000005.
3/3/2010 7:44:17 PM SYSTEM 1268 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\01.tmp (F:\WINDOWS\system32\01.tmp) returning error, 00000005.
3/3/2010 7:44:16 PM SYSTEM 1268 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/2/2010 9:53:10 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/2/2010 9:53:01 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/2/2010 9:53:00 AM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/2/2010 8:39:05 AM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/2/2010 8:38:56 AM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/2/2010 8:38:55 AM SYSTEM 1172 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/1/2010 11:07:45 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/1/2010 11:07:35 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/1/2010 11:07:35 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/1/2010 8:43:57 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 8:43:45 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 8:43:45 PM SYSTEM 1176 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/1/2010 1:59:18 PM SYSTEM 1328 Sign of "BV:AutoRun-S [Wrm]" has been found in "C:\autorun.inf" file.
3/1/2010 1:59:06 PM SYSTEM 1328 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx" file.
3/1/2010 1:29:17 PM SYSTEM 1328 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 1:29:06 PM SYSTEM 1328 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 1:29:05 PM SYSTEM 1328 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/1/2010 11:18:37 AM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/1/2010 11:18:27 AM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\03.tmp (F:\WINDOWS\system32\03.tmp) returning error, 00000005.
3/1/2010 11:18:25 AM SYSTEM 1180 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.
3/1/2010 1:21:46 AM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 1:21:38 AM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\WINDOWS\system32\04.tmp (F:\WINDOWS\system32\04.tmp) returning error, 00000005.
3/1/2010 1:21:37 AM SYSTEM 1164 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\windows\system32\yhsnocj.dll (F:\windows\system32\yhsnocj.dll) returning error, 00000005.

Best regards,
Anna

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:59 PM

Posted 05 March 2010 - 01:27 PM

Hi,

what is G:\

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 anna_nbgd

anna_nbgd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:59 PM

Posted 06 March 2010 - 02:23 AM

G:\ is a local partition with files. There`s only F:\ (system) and G:\.

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users