Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft Cortana Flaw Could Allow Browsing on Locked Systems

Featured Deal: Get 91% off a SitePoint Premium Courses: Lifetime Subscription Deal

Computer Skips Briefly

Started by JBrydges , Feb 22 2010 01:44 AM

This topic is locked

10 replies to this topic

#1 JBrydges

Members
9 posts
OFFLINE

Local time:10:03 PM

Posted 22 February 2010 - 01:44 AM

Ok so every now and then (every couple of minutes or so) when I'm moving the mouse around on the desktop or surfing the net there is a very brief lag that causes it to skip (all takes place in less than a second). I have recently rebuilt my system with a new motherboard and processor so this is the only thing I can think might be causing it although I have updated and installed all the drivers for both. At first I thought i was a problem with my mouse but I have tried multiple mouses, both optical and with a ball and it still happens. I have tried running the system with both the onboard and my ati graphics card, cleaned my power supply fan, watched the system processes to see if anything changes when the skip occurs, as well as try every little fix i could see suggested on other postings about similar issues but nothing. This problem is driving me absolutely mental as I have also reformatted Windows XP and it starts happening right away. Perhaps it is a BIOS problem that I don't understand with the new motherboard? Sorry for all the rambling but just trying to provide as much detail right away (have included a HiJack this report as well). Thanks for any advice guys!!!

AMD Athlon 64 3500+ 2.21ghz
1.43 GB DDR RAM
ATI X1600 256MB
Windows XP Home (SP2)
Motherboard- FOXCONN 6150K8MA-8EKRS

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:34:09 PM, on 2/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJack\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Catalyst System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1266801548640
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 2932 bytes

Edited by Pandy, 22 February 2010 - 06:07 AM.
Moved from Windows XP Home and Pro ~Pandy

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 Blind Faith

Malware Response Team
4,101 posts
OFFLINE

Gender:Female
Local time:09:03 AM

Posted 24 February 2010 - 03:19 PM

Hello and welcome to Bleeping Computer!

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro?

If I haven't replied in 48 hours, please feel free to send me a PM.

Posted Image

#3 JBrydges

Topic Starter

Members
9 posts
OFFLINE

Local time:10:03 PM

Posted 26 February 2010 - 02:01 PM

Unfortunately my problem is still not fixed so I've reposted everything as instructed. Every now and then (every couple of minutes or so) when I'm moving the mouse around on the desktop or surfing the net there is a very brief lag that causes it to skip (all takes place in less than a second). I have recently rebuilt my system with a new motherboard and processor so this is the only thing I can think might be causing it although I have updated and installed all the drivers for both. At first I thought i was a problem with my mouse but I have tried multiple mouses, both optical and with a ball and it still happens. As well I've noticed the sound skips if I have anything running like music or a movie. I have tried running the system with both the onboard and my ati graphics card, cleaned my power supply fan, watched the system processes to see if anything changes when the skip occurs, as well as try every little fix i could see suggested on other postings about similar issues but nothing. This problem is driving me absolutely mental as I have also reformatted Windows XP and it starts happening right away so I don't think its malware. Perhaps it is a BIOS problem that I don't understand with the new motherboard? Sorry for all the rambling but just trying to provide as much detail right away. Thanks for any advice guys!!!

DDS (Ver_09-12-01.01) - NTFSx86
Run by Justin at 9:30:08.53 on Mon 02/22/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.974 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Justin\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [WUSB54Gv4] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cataly~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266801548640
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\justin\applic~1\mozilla\firefox\profiles\dvuyf605.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [2010-2-20 79616]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-2-20 1684736]

=============== Created Last 30 ================

2010-02-22 07:17:11 0 d-----w- c:\program files\DivX
2010-02-22 07:17:06 0 d-----w- c:\program files\common files\DivX Shared
2010-02-22 06:07:13 0 d-----w- c:\program files\HiJack
2010-02-22 03:13:38 0 d-----w- c:\program files\LucasArts
2010-02-22 03:05:07 0 d-----w- c:\windows\system32\PreInstall
2010-02-22 03:05:05 0 d--h--w- c:\windows\$hf_mig$
2010-02-22 02:58:53 0 d-----w- c:\windows\system32\URTTemp
2010-02-22 02:58:23 307200 ----a-r- c:\windows\system32\atiiiexx.dll
2010-02-22 02:58:19 5607 ----a-r- c:\windows\system32\atifglpf.xml
2010-02-22 02:58:16 109589 ----a-r- c:\windows\system32\atiicdxx.dat
2010-02-22 02:58:12 929 ----a-r- c:\windows\system32\drivers\ativcaxx.vp
2010-02-22 02:58:12 58560 ----a-r- c:\windows\system32\drivers\ativckxx.vp
2010-02-22 02:58:12 524850 ----a-r- c:\windows\system32\drivers\ativcaxx.cpa
2010-02-22 02:58:12 24000 ----a-r- c:\windows\system32\drivers\ativvpxx.vp
2010-02-22 02:55:47 0 d-----w- c:\program files\ATI Technologies
2010-02-22 02:50:35 11264 ----a-r- c:\windows\system32\drivers\EIO.sys
2010-02-22 02:48:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-22 02:48:35 0 d-----w- c:\docume~1\justin\applic~1\DAEMON Tools Lite
2010-02-22 02:48:19 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-02-22 02:48:18 0 d-----w- c:\docume~1\justin\applic~1\DAEMON Tools Pro
2010-02-22 02:45:21 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-02-22 02:17:11 1374 ----a-w- c:\windows\imsins.BAK
2010-02-22 02:13:19 0 d-----w- c:\windows\ServicePackFiles
2010-02-22 02:11:26 2897920 ------w- c:\windows\system32\xpsp2res.dll
2010-02-22 02:10:28 19528 ----a-w- c:\windows\002243_.tmp
2010-02-22 02:08:32 0 d-----w- c:\windows\EHome
2010-02-22 01:42:18 0 d-----w- c:\windows\Downloaded Installations
2010-02-22 01:12:02 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-02-22 00:48:12 0 d-----w- c:\program files\CCleaner
2010-02-22 00:07:47 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-02-22 00:07:45 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-02-22 00:07:45 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-02-22 00:07:43 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-02-22 00:07:43 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-02-21 07:36:24 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-02-21 07:36:24 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-02-21 07:36:24 0 d-----w- c:\windows\system32\Lang
2010-02-21 07:34:11 0 d-----w- c:\program files\Realtek
2010-02-21 07:20:18 169 ----a-w- c:\windows\RtlRack.ini
2010-02-21 05:03:14 0 d-----w- c:\windows\RegisteredPackages
2010-02-21 05:02:27 0 d-----w- c:\program files\DirectX
2010-02-21 04:38:43 466944 ----a-w- c:\windows\system32\CapabilityTable.exe
2010-02-21 04:38:34 176128 ------w- c:\windows\system32\nvuide.exe
2010-02-21 04:38:34 1537 ------w- c:\windows\system32\nvide.nvu
2010-02-21 04:38:07 192000 ----a-w- c:\windows\system32\iuengine.dll
2010-02-21 04:38:00 3632 ----a-w- c:\windows\system32\nvnrm.nvu
2010-02-21 04:38:00 176128 ----a-w- c:\windows\system32\nvunrm.exe
2010-02-21 04:38:00 100480 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-02-21 03:23:41 0 d-----w- c:\docume~1\justin\applic~1\uTorrent
2010-02-21 03:14:38 0 d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2010-02-21 03:08:07 0 d-sh--w- c:\documents and settings\all users\DRM
2010-02-21 03:06:42 0 d-----w- c:\program files\common files\MSSoap
2010-02-21 03:05:38 0 d--h--w- c:\program files\WindowsUpdate
2010-02-21 03:05:38 0 d-----w- c:\program files\Online Services
2010-02-21 03:05:33 0 d-----w- c:\program files\Messenger
2010-02-21 03:05:27 0 d-----w- c:\program files\MSN Gaming Zone
2010-02-21 03:04:45 0 d-----w- c:\program files\Windows NT
2010-02-20 19:00:54 0 d-----w- c:\program files\common files\ODBC
2010-02-20 19:00:51 0 d-----w- c:\program files\common files\SpeechEngines
2010-02-20 19:00:26 0 d-----r- c:\documents and settings\all users\Documents

Attach.txt 6.04KB 11 downloads

#4 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:07:03 AM

Posted 02 March 2010 - 02:55 PM

Hello, JBrydges
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the

button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#5 JBrydges

Topic Starter

Members
9 posts
OFFLINE

Local time:10:03 PM

Posted 02 March 2010 - 03:44 PM

Thanks for all the help. Here is the combofix log. I have also started a posting in the hardware section as I'm starting to feel it is much more likely there is some conflict there.

log.txt 21.54KB 11 downloads

#6 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:07:03 AM

Posted 03 March 2010 - 01:23 PM

Hi,

Please don't attach the logfiles, just post it here in the thread.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
safebootminimal
safebootnetwork
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#7 JBrydges

Topic Starter

Members
9 posts
OFFLINE

Local time:10:03 PM

Posted 03 March 2010 - 03:43 PM

Sorry about the attachment last time here are the new logs you've requested

Malwarebytes' Anti-Malware 1.44
Database version: 3822
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/3/2010 12:34:35 PM
mbam-log-2010-03-03 (12-34-35).txt

Scan type: Quick Scan
Objects scanned: 108860
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 3/3/2010 12:37:10 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 51.27 Gb Free Space | 68.79% Space Free | Partition Type: NTFS
Drive D: | 462.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/03 12:29:51 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
PRC - [2010/02/28 19:05:03 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/28 19:05:03 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/28 19:05:01 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/28 19:05:00 | 000,745,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/02/28 19:04:58 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/28 19:04:58 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/28 19:04:57 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/27 02:07:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/25 00:28:05 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 16:12:40 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wpabaln.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/22 10:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2004/07/03 00:36:58 | 001,432,576 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
PRC - [2004/06/14 16:16:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

========== Modules (SafeList) ==========

MOD - [2010/03/03 12:29:51 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54Gv4SVC)
SRV - [2010/02/28 19:05:01 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/27 02:07:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2006/09/22 10:58:12 | 000,241,664 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/01 11:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/22 12:54:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 13:42:55 | 000,000,000 | ---D | M]

[2010/02/20 19:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2010/02/20 20:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\dvuyf605.default\extensions
[2010/02/20 19:23:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1266801548640 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.100 75.154.133.68
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/20 19:08:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/11/07 22:41:32 | 000,000,000 | R--D | M] - D:\AutoRun.ATI -- [ CDFS ]
O32 - AutoRun File - [2004/11/01 08:00:00 | 000,000,060 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/20 10:56:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/03 12:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Malwarebytes
[2010/03/03 12:26:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/03 12:26:54 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/03 12:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/03 12:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/02 12:32:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/02 12:28:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/02 12:28:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/02 12:28:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/02 12:28:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/02 12:27:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/02 12:25:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/01 12:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Identities
[2010/02/27 14:50:36 | 000,014,336 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys
[2010/02/27 13:04:21 | 002,033,664 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKOSDX32.dll
[2010/02/27 13:04:21 | 001,671,168 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKDispCPL.dll
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_n_vivid.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_n_theater.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_n_enriched.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_n_crystal.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_a_vivid.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_a_theater.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_a_enriched.sys
[2010/02/27 13:04:21 | 000,599,424 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo_a_crystal.sys
[2010/02/27 13:04:21 | 000,245,504 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\ATKDISP.dll
[2010/02/27 13:04:21 | 000,241,664 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2010/02/27 13:04:21 | 000,037,888 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKOGL32.dll
[2010/02/27 13:04:21 | 000,011,008 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\drivers\atkkbnt.sys
[2010/02/27 12:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/02/27 12:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\InstallShield
[2010/02/27 12:45:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Justin\PrivacIE
[2010/02/27 02:08:17 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/02/27 02:08:06 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/27 02:08:06 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/27 02:08:05 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/27 02:08:00 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/27 02:07:59 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/27 02:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/02/27 02:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/27 02:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/27 02:04:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/27 02:04:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/27 02:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/27 02:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/25 00:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/22 15:21:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/22 15:09:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/22 15:09:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/02/22 15:09:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/22 15:09:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/02/22 15:06:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/02/22 14:32:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Justin\IETldCache
[2010/02/22 14:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/22 14:28:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/22 14:27:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/22 14:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/22 13:47:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\vlc
[2010/02/22 13:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/02/22 12:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Apple Computer
[2010/02/22 12:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/22 12:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/22 12:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/22 12:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/02/22 12:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/22 12:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Apple
[2010/02/22 12:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/02/22 12:53:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/22 12:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/22 12:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/02/22 12:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Apple Computer
[2010/02/22 12:37:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents\My Videos
[2010/02/22 12:34:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\DivX
[2010/02/21 23:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/02/21 22:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\HiJack
[2010/02/21 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2010/02/21 19:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/02/21 19:05:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/02/21 19:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\ATI
[2010/02/21 19:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\ATI
[2010/02/21 19:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\ApplicationHistory
[2010/02/21 18:58:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/02/21 18:58:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/02/21 18:58:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/02/21 18:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/02/21 18:50:35 | 000,011,264 | R--- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO.sys
[2010/02/21 18:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\DAEMON Tools Lite
[2010/02/21 18:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/02/21 18:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\DAEMON Tools Pro
[2010/02/21 18:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/02/21 18:14:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/02/21 18:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/02/21 18:08:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/02/21 18:08:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/02/21 17:42:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/02/21 17:19:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/02/21 17:19:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Justin\UserData
[2010/02/21 17:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/21 16:49:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Recent
[2010/02/20 23:36:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/02/20 23:34:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/02/20 23:34:14 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/20 23:34:13 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/20 23:34:11 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/20 23:34:11 | 001,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/02/20 23:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/02/20 21:03:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/02/20 21:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\DirectX
[2010/02/20 20:37:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/02/20 20:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\WinRAR
[2010/02/20 19:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/02/20 19:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/02/20 19:58:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/02/20 19:58:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/02/20 19:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/20 19:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/02/20 19:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Adobe
[2010/02/20 19:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/02/20 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/20 19:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\My Documents\Downloads
[2010/02/20 19:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Mozilla
[2010/02/20 19:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Mozilla
[2010/02/20 19:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\uTorrent
[2010/02/20 19:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/20 19:23:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Macromedia
[2010/02/20 19:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Adobe
[2010/02/20 19:15:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/02/20 19:14:41 | 000,374,752 | ---- | C] (Cisco-Linksys, LLC.) -- C:\WINDOWS\System32\WUSBGXP.sys
[2010/02/20 19:14:41 | 000,339,488 | ---- | C] (Cisco-Linksys, LLC.) -- C:\WINDOWS\System32\WUSB20XP.sys
[2010/02/20 19:14:41 | 000,079,616 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\rt2500usb.sys
[2010/02/20 19:14:41 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2010/02/20 19:14:40 | 000,079,616 | ---- | C] (Ralink Technology Inc.) -- C:\WINDOWS\System32\drivers\rt2500usb.sys
[2010/02/20 19:14:39 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/02/20 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
[2010/02/20 19:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/20 19:12:04 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/02/20 19:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Application Data\Identities
[2010/02/20 19:11:58 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/02/20 19:11:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents\My Pictures
[2010/02/20 19:11:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents\My Music
[2010/02/20 19:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft
[2010/02/20 19:11:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Justin\Application Data\Microsoft
[2010/02/20 19:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\SendTo
[2010/02/20 19:11:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Justin\Application Data
[2010/02/20 19:11:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\Start Menu
[2010/02/20 19:11:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\My Documents
[2010/02/20 19:11:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Justin\Favorites
[2010/02/20 19:11:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Justin\Cookies
[2010/02/20 19:11:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Justin\Templates
[2010/02/20 19:11:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Justin\PrintHood
[2010/02/20 19:11:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Justin\NetHood
[2010/02/20 19:11:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Justin\Local Settings
[2010/02/20 19:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Justin\Desktop
[2010/02/20 19:11:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/02/20 19:10:00 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/20 19:09:59 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/20 19:09:20 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/02/20 19:09:20 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/02/20 19:09:20 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/02/20 19:09:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/20 19:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/02/20 19:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/02/20 19:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/02/20 19:08:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/02/20 19:08:00 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/02/20 19:08:00 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/02/20 19:07:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/02/20 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/02/20 19:06:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/02/20 19:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/02/20 19:06:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/02/20 19:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/02/20 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/02/20 19:06:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010/02/20 19:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/02/20 19:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/02/20 19:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/02/20 19:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/02/20 19:06:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/20 19:06:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/20 19:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/02/20 19:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/02/20 19:05:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/02/20 19:05:38 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/20 19:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/02/20 19:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/02/20 19:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/02/20 19:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/02/20 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/02/20 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/02/20 19:04:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/02/20 19:04:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/02/20 11:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/02/20 11:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/02/20 11:00:50 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/02/20 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/02/20 11:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/02/20 11:00:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/02/20 11:00:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/02/20 11:00:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/02/20 11:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/02/20 11:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/02/20 10:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/20 10:59:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/02/20 10:59:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/02/20 10:59:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/02/20 10:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/02/20 10:54:53 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/02/20 10:54:53 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/02/20 10:54:53 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/02/20 10:54:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/02/20 10:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/03 12:27:01 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Justin\NTUSER.DAT
[2010/03/03 12:26:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/03 12:24:11 | 056,595,798 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/03 12:19:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/03 12:19:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/03 01:09:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Justin\ntuser.ini
[2010/03/03 01:09:12 | 004,255,312 | -H-- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\IconCache.db
[2010/03/02 21:47:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/02 20:16:24 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 12:36:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/02 12:33:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/02 12:23:44 | 003,876,891 | R--- | M] () -- C:\Documents and Settings\Justin\Desktop\schrauber.exe
[2010/02/28 19:05:04 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/28 19:05:03 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/28 19:05:03 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/28 19:04:57 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/02/28 18:53:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/27 13:11:33 | 000,439,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/27 13:11:33 | 000,380,680 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/27 13:11:33 | 000,052,968 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/27 03:30:39 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/27 02:08:06 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/27 02:08:00 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/27 02:07:59 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/27 02:07:56 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/27 02:07:56 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/25 00:28:05 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/02/24 03:01:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/22 15:22:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/22 15:21:32 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/22 15:06:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/22 13:47:12 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/22 10:20:19 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\ark.rar
[2010/02/22 10:20:14 | 000,002,181 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Attach.rar
[2010/02/22 09:26:09 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\dds.scr
[2010/02/21 19:30:10 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Justin\Desktop\Star Wars Knights of the Old Republic.lnk
[2010/02/21 19:03:40 | 000,000,129 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2010/02/21 18:49:00 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/21 18:45:48 | 000,013,104 | ---- | M] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 18:15:05 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/02/21 18:15:04 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/21 18:11:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/02/20 23:36:24 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/20 23:36:24 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/20 23:20:18 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010/02/20 19:24:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/20 19:23:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/20 19:14:23 | 000,001,736 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2010/02/20 19:12:02 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/02/20 19:11:07 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/20 19:10:19 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/20 19:08:46 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/20 19:08:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/20 19:08:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/20 19:08:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/02/20 19:08:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/20 19:08:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/20 19:08:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/20 19:08:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/20 19:08:43 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/02/20 19:08:35 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/20 19:08:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/20 19:08:00 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/20 19:06:12 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/20 19:06:01 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/20 19:06:01 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/03 12:26:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/02 12:33:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/02 12:32:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/02 12:28:05 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/02 12:28:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/02 12:28:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/02 12:28:05 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/02 12:28:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/02 12:23:44 | 003,876,891 | R--- | C] () -- C:\Documents and Settings\Justin\Desktop\schrauber.exe
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdRUS.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdKOR.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdJPN.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdGER.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdFRA.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdENG.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdCHT.rc0
[2010/02/27 13:04:21 | 000,196,664 | ---- | C] () -- C:\WINDOWS\System32\atkosdCHS.rc0
[2010/02/27 13:04:21 | 000,196,662 | ---- | C] () -- C:\WINDOWS\System32\ATKF16.rc0
[2010/02/27 13:04:21 | 000,196,662 | ---- | C] () -- C:\WINDOWS\System32\ATKF12.rc0
[2010/02/27 13:04:21 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2010/02/27 13:04:21 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2010/02/27 13:04:21 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2010/02/27 13:04:21 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2010/02/27 13:04:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2010/02/27 13:04:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2010/02/27 13:04:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2010/02/27 13:04:21 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2010/02/27 13:04:21 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\atkrec.rc0
[2010/02/27 13:04:21 | 000,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2010/02/27 13:04:21 | 000,008,480 | ---- | C] () -- C:\WINDOWS\System32\atkgtvt.rc0
[2010/02/27 13:04:21 | 000,008,480 | ---- | C] () -- C:\WINDOWS\System32\atkgft.rc0
[2010/02/27 13:04:21 | 000,008,480 | ---- | C] () -- C:\WINDOWS\System32\atkdst.rc0
[2010/02/27 13:04:21 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\atkgtvon.rc0
[2010/02/27 13:04:21 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\atkgtvoff.rc0
[2010/02/27 13:04:21 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\atkgfon.rc0
[2010/02/27 13:04:21 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\atkgfoff.rc0
[2010/02/27 13:04:21 | 000,005,358 | ---- | C] () -- C:\WINDOWS\System32\atkdson.rc0
[2010/02/27 13:04:21 | 000,005,358 | ---- | C] () -- C:\WINDOWS\System32\atkdsoff.rc0
[2010/02/27 13:04:21 | 000,001,540 | ---- | C] () -- C:\WINDOWS\System32\ATKF16.rc1
[2010/02/27 13:04:21 | 000,001,540 | ---- | C] () -- C:\WINDOWS\System32\ATKF12.rc1
[2010/02/27 13:04:21 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2010/02/27 02:08:06 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/27 02:07:59 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/27 02:07:56 | 056,595,798 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/27 02:07:56 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/02/27 02:07:56 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/02/27 02:07:56 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/25 00:28:05 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2010/02/22 14:15:37 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/02/22 14:15:37 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/02/22 14:15:37 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/02/22 14:15:37 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/02/22 14:15:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/02/22 14:15:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/02/22 14:15:37 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/02/22 14:15:37 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/02/22 14:15:37 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/02/22 14:15:37 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/02/22 14:15:37 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/02/22 14:15:37 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/02/22 14:15:37 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/02/22 14:15:37 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/02/22 14:15:37 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/02/22 14:15:37 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/02/22 14:15:37 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/02/22 14:15:36 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/02/22 14:15:36 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/02/22 14:15:36 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/02/22 14:15:36 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/02/22 14:15:36 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/02/22 14:15:36 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/02/22 14:15:36 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/02/22 14:15:36 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/02/22 14:15:36 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/02/22 14:15:36 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/02/22 14:15:36 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/02/22 14:15:34 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/02/22 14:15:34 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/02/22 14:15:34 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/02/22 14:15:33 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/02/22 14:15:33 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/02/22 14:15:33 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/02/22 14:15:33 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/02/22 14:15:33 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/02/22 14:15:33 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/02/22 14:15:32 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/02/22 14:15:32 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/02/22 14:15:32 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/02/22 14:15:32 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/02/22 14:15:30 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/02/22 14:15:29 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/02/22 14:15:27 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/02/22 14:15:27 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/02/22 14:15:26 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/02/22 14:15:26 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/02/22 14:15:26 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/02/22 14:15:26 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/02/22 14:15:26 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/02/22 14:15:26 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/02/22 14:15:26 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/02/22 14:15:26 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/02/22 14:15:26 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/02/22 14:15:26 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/02/22 14:15:26 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/02/22 14:15:26 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/02/22 14:15:26 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/02/22 14:15:26 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/02/22 14:15:26 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/02/22 14:15:26 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/02/22 14:15:24 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/02/22 14:15:23 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/02/22 14:15:23 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/02/22 14:15:18 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/02/22 14:15:17 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/02/22 14:15:17 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/02/22 14:15:17 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/02/22 14:15:17 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/02/22 14:15:17 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/02/22 14:15:17 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/02/22 14:15:16 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/02/22 14:15:11 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/02/22 14:15:09 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/02/22 14:15:09 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/02/22 14:15:06 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/02/22 14:15:06 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/02/22 14:15:06 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/02/22 14:15:06 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/02/22 14:15:05 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/02/22 14:15:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/02/22 14:15:05 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/02/22 14:15:05 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/02/22 14:15:05 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/02/22 14:15:05 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/02/22 14:15:03 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/02/22 13:47:12 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/02/22 10:20:19 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\ark.rar
[2010/02/22 10:20:14 | 000,002,181 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Attach.rar
[2010/02/22 09:41:54 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\gmer.exe
[2010/02/22 09:25:58 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\dds.scr
[2010/02/21 23:11:41 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 19:30:10 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\Justin\Desktop\Star Wars Knights of the Old Republic.lnk
[2010/02/21 19:03:40 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Justin\Local Settings\Application Data\fusioncache.dat
[2010/02/21 18:58:19 | 000,005,607 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/02/21 18:58:16 | 000,109,589 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/02/21 18:58:12 | 000,524,850 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2010/02/21 18:58:12 | 000,058,560 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2010/02/21 18:58:12 | 000,024,000 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2010/02/21 18:58:12 | 000,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2010/02/21 18:48:59 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/21 18:17:11 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/02/21 18:14:52 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/21 18:14:26 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/02/21 18:14:26 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/02/21 18:14:25 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/02/20 23:36:24 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/20 23:36:24 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/20 23:20:18 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2010/02/20 21:02:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/20 21:02:52 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010/02/20 21:02:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/02/20 21:02:52 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/02/20 21:02:50 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010/02/20 20:38:34 | 000,001,537 | ---- | C] () -- C:\WINDOWS\System32\nvide.nvu
[2010/02/20 20:38:00 | 000,003,632 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2010/02/20 20:37:59 | 000,001,391 | ---- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2010/02/20 19:59:16 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/02/20 19:24:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/20 19:23:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/20 19:14:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/02/20 19:14:41 | 000,008,090 | ---- | C] () -- C:\WINDOWS\System32\WUSB54G.cat
[2010/02/20 19:14:41 | 000,007,850 | ---- | C] () -- C:\WINDOWS\System32\WUSB54GV4.cat
[2010/02/20 19:14:41 | 000,007,846 | ---- | C] () -- C:\WINDOWS\System32\WUSB54GV2.cat
[2010/02/20 19:14:40 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2010/02/20 19:14:23 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/02/20 19:11:46 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Justin\ntuser.ini
[2010/02/20 19:11:45 | 001,310,720 | -H-- | C] () -- C:\Documents and Settings\Justin\NTUSER.DAT
[2010/02/20 19:11:07 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/20 19:10:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/20 19:09:55 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/20 19:09:46 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/20 19:09:39 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/20 19:09:38 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/20 19:09:36 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/20 19:09:29 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/20 19:09:24 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/20 19:09:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/20 19:08:46 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/20 19:08:46 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/20 19:08:46 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/20 19:08:46 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/02/20 19:08:46 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/20 19:08:44 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/02/20 19:08:44 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/20 19:08:44 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/20 19:08:43 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/02/20 19:08:00 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/20 19:08:00 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/20 19:07:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/20 19:07:44 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/02/20 19:07:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/02/20 19:07:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/02/20 19:06:54 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/02/20 19:06:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/20 19:05:09 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/02/20 19:05:09 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/20 19:05:09 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/02/20 19:05:09 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/02/20 19:05:09 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/02/20 19:05:08 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/20 19:05:08 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/02/20 19:05:08 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/02/20 19:05:08 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/02/20 19:05:08 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/02/20 19:05:08 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/02/20 19:05:08 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/02/20 19:05:07 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/20 19:05:07 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/20 19:05:07 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/20 19:05:07 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/20 19:05:07 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/20 19:05:07 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/20 19:05:07 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/20 19:05:05 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/02/20 19:05:04 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/02/20 19:05:02 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/02/20 19:04:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/02/20 11:00:52 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/02/20 11:00:52 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/02/20 11:00:52 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/02/20 11:00:51 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/02/20 11:00:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/02/20 11:00:48 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/02/20 11:00:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/02/20 11:00:48 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/02/20 11:00:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/02/20 11:00:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/02/20 11:00:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/02/20 11:00:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/02/20 11:00:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/02/20 11:00:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/02/20 11:00:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/02/20 11:00:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/02/20 11:00:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/02/20 11:00:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/02/20 11:00:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/02/20 11:00:38 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/02/20 11:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/02/20 11:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/02/20 11:00:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/02/20 11:00:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/02/20 11:00:33 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/02/20 10:59:57 | 000,657,548 | ---- | C] () -- C:\WINDOWS\System32\dllcache\CLASSES.CAT
[2010/02/20 10:59:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/02/20 10:59:57 | 000,390,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\WFC.CAT
[2010/02/20 10:59:57 | 000,056,081 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DAJAVAC.CAT
[2010/02/20 10:59:57 | 000,052,311 | ---- | C] () -- C:\WINDOWS\System32\dllcache\DX3.CAT
[2010/02/20 10:59:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/02/20 10:59:57 | 000,022,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\TCLASSES.CAT
[2010/02/20 10:59:57 | 000,021,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\XMLDSOC.CAT
[2010/02/20 10:59:57 | 000,014,031 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSJDBC.CAT
[2010/02/20 10:59:57 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/02/20 10:59:57 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/02/20 10:59:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/02/20 10:59:56 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/02/20 10:59:22 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/20 10:58:31 | 000,000,281 | RHS- | C] () -- C:\boot.ini
[2010/02/20 10:58:29 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2010/02/27 02:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/21 18:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/21 18:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2010/02/22 12:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/02/21 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\DAEMON Tools Lite
[2010/02/21 18:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\DAEMON Tools Pro
[2010/03/03 12:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Justin\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/02/22 15:04:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys
[2002/08/29 12:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 10:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2005/08/12 14:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) MD5=11D1AD7E946538E02F9EF6A6E1792061 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

OTL Extras logfile created on: 3/3/2010 12:37:10 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 51.27 Gb Free Space | 68.79% Space Free | Partition Type: NTFS
Drive D: | 462.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2010 11:48:19 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.0.0, faulting module
atioglxx.dll, version 6.14.10.5403, fault address 0x001e2296.

Error - 2/22/2010 12:05:59 AM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, faulting module
swkotor.exe, version 1.0.3.0, fault address 0x0005a321.

Error - 2/22/2010 12:29:20 AM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application swkotor.exe, version 1.0.3.0, faulting module
atioglxx.dll, version 6.14.10.5403, fault address 0x001e2296.

Error - 2/22/2010 1:32:15 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/22/2010 1:33:38 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/22/2010 1:33:49 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application gmer.exe, version 1.0.15.15281, faulting module
gmer.exe, version 1.0.15.15281, fault address 0x0005c887.

Error - 2/22/2010 1:35:33 PM | Computer Name = OWNER | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.92.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/27/2010 6:50:46 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application smartdoctor.exe, version 5.5.2.3, faulting module
smartdoctor.exe, version 5.5.2.3, fault address 0x0002efcd.

Error - 2/27/2010 8:58:43 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application smartdoctor.exe, version 5.5.2.3, faulting module
smartdoctor.exe, version 5.5.2.3, fault address 0x0002efcd.

Error - 2/28/2010 10:55:06 PM | Computer Name = OWNER | Source = Application Error | ID = 1000
Description = Faulting application smartdoctor.exe, version 5.5.2.3, faulting module
smartdoctor.exe, version 5.5.2.3, fault address 0x0002efcd.

[ System Events ]
Error - 2/22/2010 5:34:06 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:06 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:06 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:06 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:06 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:07 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:07 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:07 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:07 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/22/2010 5:34:07 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

< End of report >

#8 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:07:03 AM

Posted 04 March 2010 - 02:46 PM

Hi,

How is it running now?

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#9 JBrydges

Topic Starter

Members
9 posts
OFFLINE

Local time:10:03 PM

Posted 04 March 2010 - 06:36 PM

Nope nothing has changed...like i said I suspect its a hardware problem, although no one has responded to my post in the hardware section and its been up around 5 days. There were also no threats found in the new scan you requested. Thanks for all your help though

#10 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:07:03 AM

Posted 05 March 2010 - 03:06 PM

Yes, agree with you that it could be a hardware issue. The guys over there are busy too, please be patient and you will get an answer

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

#11 schrauber

Mr.Mechanic

Malware Response Team
24,794 posts
OFFLINE

Gender:Male
Location:Munich,Germany
Local time:07:03 AM

Posted 10 March 2010 - 01:00 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

regards,
schrauber

Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware

Back to Virus, Trojan, Spyware, and Malware Removal Help